CN114726722B - Bian Yun collaborative baseline checking and configuration updating method, system and storage medium - Google Patents
Bian Yun collaborative baseline checking and configuration updating method, system and storage medium Download PDFInfo
- Publication number
- CN114726722B CN114726722B CN202210334442.4A CN202210334442A CN114726722B CN 114726722 B CN114726722 B CN 114726722B CN 202210334442 A CN202210334442 A CN 202210334442A CN 114726722 B CN114726722 B CN 114726722B
- Authority
- CN
- China
- Prior art keywords
- baseline
- configuration
- cloud server
- baseline configuration
- terminal equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000012795 verification Methods 0.000 claims description 7
- 238000004891 communication Methods 0.000 description 7
- 230000008859 change Effects 0.000 description 6
- 238000012546 transfer Methods 0.000 description 6
- 241000700605 Viruses Species 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
- H04L41/0816—Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/085—Retrieval of network configuration; Tracking network configuration history
- H04L41/0853—Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application discloses a baseline checking and configuration updating method, a system and a storage medium for edge cloud cooperation, wherein the method comprises the following steps: receiving a baseline configuration sent by a cloud server, wherein the baseline configuration is generated by the cloud server according to identity information of terminal equipment; acquiring running state information of the terminal equipment, and when the running state information is not matched with the baseline configuration, sending alarm information to the cloud server so that the cloud server updates the baseline configuration according to the alarm information and the running state information; and receiving the updated baseline configuration sent by the cloud server. According to the checking and configuration updating method, the cloud server updates the baseline configuration according to the alarm information and the running state information of the terminal equipment, so that the baseline configuration is more accurate, and the safe running of the terminal equipment is ensured.
Description
Technical Field
The application relates to the technical field of network security, in particular to a baseline checking and configuration updating method for edge-cloud cooperation, a computer readable storage medium, a terminal device, a cloud server and a baseline checking and configuration updating system for edge-cloud cooperation.
Background
Along with the rapid development of the Internet of things, the Internet of things and the existing industry are fused, and the rapid popularization of the Internet of things terminal also has a huge safety risk, so that the daily stability and the normal operation of the terminal equipment are all the things to be at odds.
The existing baseline checking mode only passively collects the alarm information uploaded when the running state of the terminal does not accord with the baseline after the cloud server issues the baseline configuration, but can not update the appropriate baseline configuration in time according to the change of software and hardware of the terminal device, so that the new security threat can not be dealt with, and the terminal device can upload all updated baseline configurations to the cloud server each time to cause certain calculation pressure for the cloud server.
Disclosure of Invention
The present application aims to solve at least one of the technical problems in the related art to some extent. Therefore, a first object of the present application is to provide a baseline checking and configuration updating method for edge-cloud collaboration, which updates baseline configuration according to alarm information and operation state information of a terminal device through a cloud server, so that baseline configuration can be more accurate, and safe operation of the terminal device is ensured.
The second purpose of the application is to provide a baseline checking and configuration updating method for edge cloud collaboration.
A third object of the present application is to propose a computer readable storage medium.
A fourth object of the present application is to propose a terminal device.
A fifth object of the present application is to provide a cloud server.
The sixth purpose of the application is to provide a baseline checking and configuration updating system for edge cloud collaboration.
In order to achieve the above objective, an embodiment of a first aspect of the present application provides a method for checking and updating a baseline of edge cloud collaboration, including: receiving a baseline configuration sent by a cloud server, wherein the baseline configuration is generated by the cloud server according to identity information of terminal equipment; acquiring running state information of the terminal equipment, and when the running state information is not matched with the baseline configuration, sending alarm information to the cloud server so that the cloud server updates the baseline configuration according to the alarm information and the running state information; and receiving the updated baseline configuration sent by the cloud server.
According to the baseline checking and configuration updating method for the edge cloud cooperation, the baseline configuration sent by the cloud server is received, wherein the baseline configuration is generated by the cloud server according to the identity information of the terminal equipment, then the running state information of the terminal equipment is obtained, when the running state information is monitored to be inconsistent with the baseline configuration, alarm information is sent to the cloud server, so that the cloud server updates the baseline configuration according to the alarm information and the running state information, and finally the updated baseline configuration sent by the cloud server is received. Therefore, the method updates the baseline configuration according to the alarm information and the running state information of the terminal equipment through the cloud server, so that the baseline configuration is more accurate, and the safe running of the terminal equipment is ensured.
In addition, the baseline checking and configuration updating method for edge cloud collaboration according to the embodiment of the application can also have the following additional technical characteristics:
according to one embodiment of the present application, after sending the alert information to the cloud server, the method further includes: receiving a negotiation instruction of a cloud server; after receiving the negotiation instruction, acquiring updated running state information of the terminal equipment; when the running time reaches the set negotiation time, the updated running state information is sent to the cloud server, so that the cloud server updates the baseline configuration of the terminal equipment according to the running state information of the terminal equipment and the updated running state information.
In order to achieve the above objective, an embodiment of a second aspect of the present application provides a method for checking and updating a baseline of edge cloud collaboration, including: receiving identity information of a plurality of terminal devices; generating a baseline configuration according to the identity information, and sending the baseline configuration to the corresponding terminal equipment; and receiving alarm information and running state information sent by the plurality of terminal devices, updating the baseline configuration of the plurality of terminal devices according to the alarm information and the running state information, and sending the updated baseline configuration to the corresponding terminal devices.
According to the base line checking and configuration updating method of the edge cloud cooperation, identity information of a plurality of terminal devices is received, base line configuration is generated according to the identity information and is sent to corresponding terminal devices, alarm information and running state information sent by the plurality of terminal devices are received, the base line configuration of the plurality of terminal devices is updated according to the alarm information and the running state information, and the updated base line configuration is sent to the corresponding terminal devices. Therefore, the method updates the baseline configuration according to the alarm information and the running state information of the terminal equipment through the cloud server, so that the baseline configuration is more accurate, and the safe running of the terminal equipment is ensured.
In addition, the baseline checking and configuration updating method for edge cloud collaboration according to the embodiment of the application can also have the following additional technical characteristics:
according to one embodiment of the application, after receiving the alarm information, the method further comprises: determining a baseline configuration update type according to the alarm information; when the baseline configuration update type is application program update, sending a negotiation instruction to terminal equipment; and receiving the updated running state information of the terminal equipment, and updating the baseline configuration of the terminal equipment according to the running state information of the terminal equipment and the updated running state information.
According to one embodiment of the application, after receiving the alarm information, the method further comprises: and when the current baseline configuration is determined to influence the normal operation of the terminal equipment according to the alarm information, the baseline configuration at the last moment is sent to the corresponding terminal equipment.
According to one embodiment of the present application, transmitting the updated baseline configuration to the corresponding terminal device includes: updating the baseline configuration of all terminal devices having similar identity information to the terminal device.
To achieve the above object, an embodiment of the present application provides a computer readable storage medium, on which a baseline check and configuration update program for edge-cloud collaboration is stored, where the baseline check and configuration update program for edge-cloud collaboration implements the baseline check and configuration update method for edge-cloud collaboration when executed by a processor.
According to the computer readable storage medium, the baseline configuration can be more accurate and the safe operation of the terminal equipment can be ensured by executing the baseline checking and configuration updating method of the edge cloud cooperation.
To achieve the above object, a terminal device according to a fourth aspect of the present application includes: the device comprises a processor, a memory and a baseline checking and configuration updating program of the edge cloud cooperation, wherein the baseline checking and configuration updating program of the edge cloud cooperation is stored in the memory and can be run on the processor, and the baseline checking and configuration updating method of the edge cloud cooperation is realized when the processor executes the baseline checking and configuration updating program of the edge cloud cooperation.
According to the terminal equipment provided by the embodiment of the application, the baseline configuration can be more accurate by executing the baseline checking and configuration updating method of the edge cloud cooperation of the embodiment of the first aspect, and the safe operation of the terminal equipment is ensured.
In order to achieve the above object, a cloud server according to an embodiment of the present application includes: the device comprises a processor, a memory and a baseline checking and configuration updating program of the edge cloud cooperation, wherein the baseline checking and configuration updating program of the edge cloud cooperation is stored in the memory and can be run on the processor, and the baseline checking and configuration updating method of the edge cloud cooperation is realized when the processor executes the baseline checking and configuration updating program of the edge cloud cooperation.
According to the cloud server provided by the embodiment of the application, the baseline configuration can be more accurate by executing the baseline checking and configuration updating method of the edge cloud cooperation of the second aspect, and the safe operation of the terminal equipment is ensured.
In order to achieve the above objective, an embodiment of the present application provides a baseline checking and configuration updating system for edge cloud collaboration, which includes the above terminal device and cloud server.
According to the base line checking and configuration updating system for the edge cloud cooperation, which is disclosed by the embodiment of the application, the base line configuration can be more accurate by comprising the terminal equipment and the cloud server, and the safe operation of the terminal equipment is ensured.
Additional aspects and advantages of the application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the application.
Drawings
FIG. 1 is a flow chart of a baseline verification and configuration update method for edge cloud collaboration according to an embodiment of the present application;
FIG. 2 is an interactive schematic diagram of a baseline verification and configuration update method for edge cloud collaboration according to an embodiment of the present application;
FIG. 3 is a flow chart of a baseline verification and configuration update method for edge cloud collaboration according to another embodiment of the present application;
fig. 4 is a block schematic diagram of a terminal device according to an embodiment of the present application;
fig. 5 is a block diagram of a cloud server according to an embodiment of the application;
fig. 6 is a block diagram of a baseline verification and configuration update system for edge cloud collaboration according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative and intended to explain the present application and should not be construed as limiting the application.
The baseline checking and configuration updating method, the computer readable storage medium, the terminal equipment, the cloud server and the Bian Yun collaborative baseline checking and configuration updating system for edge cloud collaborative provided by the embodiment of the application are described below with reference to the accompanying drawings.
In embodiments of the application, the terminal device may be a personal computer (Personal Computer, PC), a smart mobile device (e.g., a smart phone), a microprocessor-based system, a set top box, or the like. The terminal equipment can be 1 or more, and is connected with the cloud server, and each user can correspond to one terminal equipment, and the cloud server can be in communication connection with a plurality of terminal equipment. The terminal equipment is called an entity computer and can be provided for a virtual machine hardware environment, and the cloud server serves as a cloud computing processing system, namely a decision making system which is established on an Internet technology network equipment base layer and used for carrying out data communication, analysis and statistics on multiple users according to specific rules.
Fig. 1 is a flowchart of a baseline verification and configuration update method for edge cloud collaboration according to an embodiment of the present application.
As shown in fig. 1, the baseline checking and configuration updating method for edge cloud collaboration according to the embodiment of the application may include the following steps:
s1, receiving a baseline configuration sent by a cloud server, wherein the baseline configuration is generated by the cloud server according to identity information of terminal equipment.
Specifically, referring to fig. 2, first, a terminal device sends an access request to a cloud server, and the terminal device and the cloud server are connected in communication, for example, may be connected in communication by Wi-Fi (wireless communication technology). After successful connection, the terminal equipment uploads the identity information of the terminal equipment to a cloud server, wherein the identity information can comprise the unique number, the system version, a hardware module, an installation container, application and other related information of the terminal equipment, and the cloud server can generate a baseline configuration according to the identity information of the terminal equipment and send the baseline configuration to the terminal equipment. The baseline configuration corresponds to reference information (operation state information) configured by a system or an application program in a terminal device or an application program in the terminal device when the terminal device or the application program is normally operated.
S2, acquiring running state information of the terminal equipment, and sending alarm information to the cloud server when the running state information is detected to be inconsistent with the baseline configuration, so that the cloud server updates the baseline configuration according to the alarm information and the running state information.
And S3, receiving updated baseline configuration sent by the cloud server.
Specifically, referring to fig. 2, the operation state information of the terminal device (for example, baseline configuration information such as the configuration parameters of the current operating system, the configuration parameters of the application program in the terminal device, etc.) is monitored in real time by the baseline checking software installed in the terminal device, when the operation state information of the terminal device is monitored to be inconsistent with the baseline configuration, alarm information is reported to the cloud server, the cloud server updates the baseline configuration according to the alarm information and the current operation state information of the terminal device and sends the baseline configuration to the terminal device, and the terminal device receives the updated baseline configuration sent by the cloud server. The alarm information may include a baseline configuration update of an operating system and a baseline configuration update of an application in the terminal device.
For example, the cloud server determines the baseline configuration update type according to the alarm information, and when the alarm information is the baseline configuration update of the operating system, for example, an attacker scans the target terminal device by using software to obtain the opening condition of the network port of the target terminal device. The service provided by the target terminal device can be obtained through the port opening condition, for example: port 21 provides FTP (File Transfer Protocol ) services, port 25 provides SMTP (Simple Mail Transfer Protocol ) services, port 80 provides HTTP (Hyper Text Transfer Protocol ) services, port 135 provides RPC (Remote Procedure Call ) services, etc. Since the service is provided with some holes of the service, an attacker can attack the terminal device according to the holes, for example, generally we use 80 ports for web browsing, i.e. 80 ports are in an open state and 8080 ports are in a closed state. When the cloud server judges that the changed baseline configuration causes harm to the terminal equipment and influences the normal operation of the terminal equipment, the cloud server can send the baseline configuration at the last moment to the corresponding terminal equipment, and the terminal equipment receives the updated baseline configuration sent by the cloud server, namely, the baseline configuration of the terminal equipment is restored to the baseline configuration state when the 8080 port is closed, so that the safety of the terminal equipment is ensured. In addition, if the baseline configuration information at the last moment is lost or the current baseline configuration is not matched with the terminal equipment, the baseline configuration of the terminal equipment can be restored to the default factory setting when the equipment cannot normally operate.
It should be noted that, when the baseline checking software monitors that the operation state information of the terminal device does not match the baseline configuration, the configuration information may be changed passively (such as by an attacker or a virus), or the baseline configuration may be changed actively by a user.
When a user needs to perform certain operations to open certain ports, for example, in order to upload and download files between two terminal devices, 21 ports of the two terminal devices can be opened, when the baseline configuration is found to be changed by the baseline checking software, alarm information is reported to the cloud server, if the cloud server judges that the changed baseline configuration does not cause harm to the terminal devices or is not harmful, the updated baseline configuration can be sent to all the terminal devices of the same type (for example, the terminal devices with similar identity information are the terminal devices of the same type), and the terminal devices receive the updated baseline configuration sent by the cloud server. When the cloud server judges that the changed baseline configuration does not cause damage to the terminal equipment according to the alarm information, the updated baseline configuration can be sent to all the terminal equipment of the same type, only the baseline configuration of the current terminal equipment can be updated, and the baseline configuration of the terminal equipment can be not updated. For example, when the user only uses the service of uploading and downloading files between two terminal devices at this time, the 21 ports of the two terminal devices are opened, and the current baseline configuration of the terminal devices can not be updated without using the ports for several times, so that the situation that the opening of some ports possibly brings loopholes to a system, and damage is caused to the terminal devices due to the way that Trojan or viruses attack the terminal devices can be prevented.
According to one embodiment of the present application, after sending the alert information to the cloud server, the method further includes: receiving a negotiation instruction of a cloud server; after receiving the negotiation instruction, acquiring updated running state information of the terminal equipment; when the running time reaches the set negotiation time, the updated running state information is sent to the cloud server, so that the cloud server updates the baseline configuration of the terminal equipment according to the running state information of the terminal equipment and the updated running state information. The set negotiation time may be set according to the actual situation.
Specifically, referring to fig. 2, the cloud server determines a baseline configuration update type according to the alarm information, and when the baseline configuration update type is application program update, sends a negotiation instruction to the terminal device, and after receiving the negotiation instruction sent by the cloud server, the terminal device obtains updated running state information. For example, when an application program in the terminal device crashes, is blocked, and cannot acquire data in the use process, normal operation of the application program is affected, for example, a server connected with the application program is changed or a database connected with the application program is changed, a developer generally updates a version of the application program, and issues a new version, so as to reduce software errors. When a user updates an application program, the cloud server determines that a configuration update type is application program update according to alarm information, sends a negotiation instruction to a terminal device, receives the negotiation instruction, acquires updated baseline configuration, preliminarily judges whether the new baseline configuration affects normal operation of the application program, rejects if the new baseline configuration is affected, updates if the new baseline configuration is not affected, sends updated operation state information to the cloud server when the application program is updated (reaches a set negotiation time), compares the updated operation state information with the baseline configuration before the update according to the updated baseline configuration, determines the updated baseline configuration to be new baseline configuration if the updated baseline configuration can enable the terminal device to normally operate, and sends the updated baseline configuration to all the terminal devices (such as the cloud terminal devices with similar identity information are the same type of terminal devices) in the terminal device, and the terminal device receives the updated baseline configuration sent by the cloud server. If the updated baseline configuration causes abnormal operation of the terminal equipment, the baseline configuration of the terminal is returned to the baseline configuration at the last moment.
And when the change of some configurations does not affect the normal operation of the application program, the baseline configuration of the terminal equipment can be updated, or the baseline configuration can be not updated, and the current baseline configuration is kept unchanged. If the positions of folders in the application program for storing information such as program running logs are changed, the baseline checking software monitors that the configuration of the application program is changed, alarm information is sent to a cloud server, the cloud server determines that the configuration update type is application program update according to the alarm information, and sends a negotiation instruction to terminal equipment, the terminal equipment receives the negotiation instruction, acquires updated baseline configuration, the terminal equipment preliminarily judges whether the new baseline configuration influences normal running of the application program, if the new baseline configuration influences normal running, the new baseline configuration is refused, if the new baseline configuration does not influence the normal running of the application program, the new baseline configuration is updated, and when the application program is updated (the set negotiation time is reached), the updated running state information is sent to the cloud server. The cloud server can compare the updated baseline configuration with the pre-updated baseline configuration, if the updated baseline configuration can enable the terminal equipment to normally operate, the updated baseline configuration is determined to be a new baseline configuration, and the updated baseline configuration is sent to all the terminal equipment of the same type. In addition, since the change of the configuration does not affect the normal operation of the application program, the terminal equipment can not be updated, and the current baseline configuration is kept unchanged.
In summary, in the method for checking and updating the baseline of the edge cloud collaboration according to the embodiments of the present application, the baseline configuration sent by the cloud server is received first, where the baseline configuration is generated by the cloud server according to the identity information of the terminal device, then the running state information of the terminal device is obtained, and when the running state information is monitored to be inconsistent with the baseline configuration, alarm information is sent to the cloud server, so that the cloud server updates the baseline configuration according to the alarm information and the running state information, and finally the updated baseline configuration sent by the cloud server is received. Therefore, the method updates the baseline configuration according to the alarm information and the running state information of the terminal equipment through the cloud server, so that the baseline configuration is more accurate, and the safe running of the terminal equipment is ensured.
Corresponding to the embodiment, the application further provides a baseline checking and configuration updating method for the edge cloud collaboration.
As shown in fig. 3, the baseline checking and configuration updating method for edge cloud collaboration according to the embodiment of the application includes the following steps:
s101, receiving identity information of a plurality of terminal devices.
S102, generating a baseline configuration according to the identity information, and sending the baseline configuration to the corresponding terminal equipment.
Specifically, referring to fig. 2, the cloud server may be communicatively connected to a plurality of terminal devices, for example, may be communicatively connected by Wi-Fi (wireless communication technology). After successful connection, the identity information sent by each terminal device is received, and different terminal devices have different identity information, for example, unique numbers of different terminal devices are different, operating systems and versions installed by different terminal devices are different, and hardware modules, installation containers and applications installed by different terminal devices are different. The cloud server determines corresponding baseline configuration according to the identity information, and sends the baseline configuration to the corresponding terminal equipment according to the unique number of the terminal equipment.
S103, receiving alarm information and running state information sent by a plurality of terminal devices, updating the baseline configuration of the plurality of terminal devices according to the alarm information and the running state information, and sending the updated baseline configuration to the corresponding terminal devices.
According to one embodiment of the application, after receiving the alarm information, the method further comprises: and when the current baseline configuration is determined to influence the normal operation of the terminal equipment according to the alarm information, the baseline configuration at the last moment is sent to the corresponding terminal equipment.
According to one embodiment of the present application, transmitting the updated baseline configuration to the corresponding terminal device includes: updating the baseline configuration of all terminal devices having similar identity information to the terminal device.
Specifically, referring to fig. 2, the operation state information (for example, baseline configuration information such as the configuration parameters of the current operating system, the configuration parameters of the application program in the terminal device, etc.) of the terminal device is monitored in real time by the baseline checking software installed in the terminal device, when the operation state information of the terminal device is monitored to be inconsistent with the baseline configuration, alarm information is reported to the cloud server according to the unique number of the terminal device, the cloud server updates the baseline configuration according to the unique number of the terminal device, the alarm information and the operation state information of the current terminal device, and sends the updated baseline configuration to the terminal device, and the terminal device receives the updated baseline configuration sent by the cloud server. The alarm information may include a baseline configuration update of an operating system and a baseline configuration update of an application in the terminal device.
For example, the cloud server determines the baseline configuration update type according to the alarm information, and when the alarm information is the baseline configuration update of the operating system, for example, an attacker scans the target terminal device by using software to obtain the opening condition of the network port of the target terminal device. The service provided by the target terminal device can be obtained through the port opening condition, for example: port 21 provides FTP (File Transfer Protocol ) services, port 25 provides SMTP (Simple Mail Transfer Protocol ) services, port 80 provides HTTP (Hyper Text Transfer Protocol ) services, port 135 provides RPC (Remote Procedure Call ) services, etc. Since the service is provided with some holes of the service, an attacker can attack the terminal equipment according to the holes. For example, in the terminal device with unique number A1, we generally use 80 ports for web browsing, i.e. 80 ports are in an open state and 8080 ports are in a closed state. When the baseline configuration of the terminal equipment is changed, the cloud server judges that the changed baseline configuration can cause harm to the terminal equipment, and the normal operation of the terminal equipment is affected, the cloud server can send the baseline configuration at the last moment to the terminal equipment with the unique number of A1, and the terminal equipment receives the updated baseline configuration sent by the cloud server, namely, the baseline configuration of the terminal equipment is restored to the baseline configuration state when the 8080 port is closed, so that the safety of the terminal equipment is ensured. In addition, if the baseline configuration information at the last moment is lost or the current baseline configuration is not matched with the terminal equipment, the baseline configuration of the terminal equipment can be restored to the default factory setting when the equipment cannot normally operate.
It should be noted that, when the baseline checking software monitors that the operation state information of the terminal device does not match the baseline configuration, the configuration information may be changed passively (such as by an attacker or a virus), or the baseline configuration may be changed actively by a user.
When a user needs to perform certain operations to open certain ports, for example, in the terminal device with the unique number A2, in order to upload and download files between the terminal device with the unique number A3, 21 ports of the two terminal devices may be opened, when the baseline configuration is found to change by the baseline checking software, alarm information is reported to the cloud server, if the cloud server judges that the modified baseline configuration does not cause harm to the terminal device with the unique number A2 or is not harmful, the updated baseline configuration may be sent to all terminal devices with the same type (for example, the terminal devices with the unique number A2 and the identity information with the unique number A3 are similar to each other as the terminal devices with the unique number A3), and the terminal devices with the unique numbers A2 and A3 receive the updated baseline configuration sent by the cloud server.
When the cloud server judges that the changed baseline configuration does not cause damage to the terminal equipment according to the alarm information, the updated baseline configuration can be sent to all the terminal equipment of the same type, only the baseline configuration of the current terminal equipment can be updated, and the baseline configuration of the terminal equipment can be not updated. For example, when the user only uses the service of uploading and downloading the file between the two terminal devices with the unique numbers A2 and A3, the ports of the two terminal devices 21 are opened, and the current baseline configuration of the terminal device with the unique number A2 is not updated without using the ports for several times, so that the situation that the opening of some ports possibly brings loopholes to the system, and damage to the terminal devices caused by the way that Trojan or viruses attack the terminal devices can be prevented.
According to one embodiment of the application, after receiving the alarm information, the method further comprises: determining a baseline configuration update type according to the alarm information; when the baseline configuration update type is application program update, sending a negotiation instruction to terminal equipment; and receiving the updated running state information of the terminal equipment, and updating the baseline configuration of the terminal equipment according to the running state information of the terminal equipment and the updated running state information.
Specifically, referring to fig. 2, the cloud server determines a baseline configuration update type according to the alarm information, and when the baseline configuration update type is application program update, sends a negotiation instruction to the terminal device, and after receiving the negotiation instruction sent by the cloud server, the terminal device obtains updated running state information. For example, when a certain application program in the terminal device with the unique number A1 crashes, is blocked, and cannot acquire data in the use process, the normal operation of the application program is affected, for example, a server connected with the application program is changed or a database connected with the application program is changed, a developer generally updates a version of the application program, and issues a new version, so as to reduce the situation of software errors. When a user updates an application program, the cloud server determines that a configuration update type is application program update according to alarm information, sends a negotiation instruction to a terminal device with a unique number of A1, receives the negotiation instruction, acquires updated baseline configuration, preliminarily judges whether the new baseline configuration influences normal operation of the application program, refuses if the new baseline configuration influences, does not influence the new baseline configuration, sends updated operation state information to the cloud server when the application program is updated (reaches set negotiation time), compares the updated operation state information with the baseline configuration before the update according to the updated baseline configuration, determines the updated baseline configuration to be new baseline configuration if the updated baseline configuration can enable the terminal device to normally operate, and sends the updated baseline configuration to all terminal devices (such as terminal devices with similar identity information) in the cloud server, and the terminal device receives the updated baseline configuration sent by the cloud server. If the updated baseline configuration causes abnormal operation of the terminal equipment, the baseline configuration of the terminal is returned to the baseline configuration at the last moment.
And when the change of some configurations does not affect the normal operation of the application program, the baseline configuration of the terminal equipment can be updated, or the baseline configuration can be not updated, and the current baseline configuration is kept unchanged. If the position of some folders storing information such as program running logs in a certain application program is changed in the terminal device with the unique number of A1, the baseline checking software monitors that the configuration of the application program is changed, alarm information is sent to the cloud server, the cloud server determines that the configuration update type is application program update according to the alarm information and sends a negotiation instruction to the terminal device, the terminal device receives the negotiation instruction and acquires updated baseline configuration, the terminal device preliminarily judges whether the new baseline configuration influences normal running of the application program, if the new baseline configuration influences normal running, the new baseline configuration is refused, if the new baseline configuration does not influence, the new baseline configuration is updated, when the application program is updated (the set negotiation time is reached), the updated running state information is sent to the cloud server, the cloud server can compare the updated baseline configuration with the baseline configuration before the update according to the updated baseline configuration, if the updated baseline configuration can enable the terminal device to normally run, the updated baseline configuration is determined to be the new baseline configuration, and the updated baseline configuration is sent to all the terminal devices with the same type. In addition, since the change of the configuration does not affect the normal operation of the application program, the terminal equipment can not be updated, namely, the baseline configuration before the update of the application program is maintained.
In summary, in the method for checking and updating the baseline configuration of the edge cloud collaboration according to the embodiment of the application, identity information of a plurality of terminal devices is received first, then baseline configuration is generated according to the identity information, the baseline configuration is sent to a corresponding terminal device, finally alarm information and running state information sent by the plurality of terminal devices are received, the baseline configuration of the plurality of terminal devices is updated according to the alarm information and the running state information, and the updated baseline configuration is sent to the corresponding terminal device. Therefore, the method updates the baseline configuration according to the alarm information and the running state information of the terminal equipment through the cloud server, so that the baseline configuration is more accurate, and the safe running of the terminal equipment is ensured.
The present application also proposes a computer-readable storage medium corresponding to the above-described embodiments.
The computer readable storage medium of the application stores a baseline checking and configuration updating program of the edge cloud cooperation, and the baseline checking and configuration updating program of the edge cloud cooperation realizes the baseline checking and configuration updating method of the edge cloud cooperation when being executed by a processor.
According to the computer readable storage medium, the baseline configuration can be more accurate by executing the baseline checking and configuration updating method of the edge cloud cooperation, and the safe operation of the terminal equipment is ensured.
The application also provides a terminal device corresponding to the embodiment.
As shown in fig. 4, the terminal device 200 of the present application may include: memory 210, processor 220.
The memory 210 is configured to store a baseline check and configuration update program for edge cloud collaboration, and to transmit the program code to the processor 220. In other words, the processor 220 may invoke and run the baseline check and configuration update program of the edge cloud collaboration from the memory 210 to implement the method of embodiments of the present application.
As shown in fig. 4, the terminal device 200 of the present application may further include: a transceiver 230, the transceiver 230 being connectable to the processor 220 or the memory 210.
The processor 220 may control the transceiver 230 to communicate with other devices, and in particular, may send information or data to other devices or receive information or data sent by other devices. Transceiver 230 may include a transmitter and a receiver.
It will be appreciated that the individual components in the terminal device are connected by a bus system comprising, in addition to a data bus, a power bus, a control bus and a status signal bus.
According to the terminal equipment, by executing the baseline checking and configuration updating method of the edge cloud cooperation, the baseline configuration can be more accurate, and the safe operation of the terminal equipment is ensured.
Corresponding to the embodiment, the application further provides a cloud server.
As shown in fig. 5, the cloud server 300 of the present application may include: memory 310, processor 320.
The memory 310 is used for storing a baseline checking and configuration updating program of the edge cloud collaboration, and transmitting the program code to the processor 320. In other words, the processor 320 may invoke and run the baseline check and configuration update program of the edge cloud collaboration from the memory 310 to implement the method of embodiments of the present application.
For example, the processor 320 may be configured to perform the above-described method embodiments according to instructions in the baseline check and configuration update program of the edge cloud collaboration.
As shown in fig. 5, the cloud server may further include: a transceiver 330, the transceiver 330 being connectable to the processor 320 or the memory 310.
The processor 320 may control the transceiver 330 to communicate with other devices, and in particular, may send information or data to other devices or receive information or data sent by other devices. Transceiver 330 may include a transmitter and a receiver.
It should be appreciated that the various components in the cloud server are connected by a bus system that includes a power bus, a control bus, and a status signal bus in addition to a data bus.
According to the cloud server, the baseline configuration can be more accurate by executing the baseline checking and configuration updating method of the edge cloud cooperation, and the safe operation of the terminal equipment is ensured.
Corresponding to the embodiment, the application further provides a baseline checking and configuration updating system for the edge cloud collaboration.
As shown in fig. 6, the baseline checking and configuration updating system 400 for edge cloud collaboration according to the present application may include a terminal device 200 and a cloud server 300.
According to the base line checking and configuration updating system for the edge cloud cooperation, the base line configuration can be more accurate by comprising the terminal equipment and the cloud server, and the safe operation of the terminal equipment is ensured.
It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, for example, may be considered as a ordered listing of executable instructions for implementing logical functions, and may be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). In addition, the computer readable medium may even be paper or other suitable medium on which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It is to be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present application, the meaning of "plurality" means at least two, for example, two, three, etc., unless specifically defined otherwise.
In the present application, unless explicitly specified and limited otherwise, the terms "mounted," "connected," "secured," and the like are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; either directly or indirectly, through intermediaries, or both, may be in communication with each other or in interaction with each other, unless expressly defined otherwise. The specific meaning of the above terms in the present application can be understood by those of ordinary skill in the art according to the specific circumstances.
While embodiments of the present application have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the application, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the application.
Claims (8)
1. The method for checking and updating the base line of the edge cloud cooperation is characterized by comprising the following steps of:
receiving a baseline configuration sent by a cloud server, wherein the baseline configuration is generated by the cloud server according to identity information of terminal equipment;
acquiring the running state information of the terminal equipment, and sending alarm information to the cloud server when the running state information is monitored to be inconsistent with the baseline configuration, so that the cloud server updates the baseline configuration according to the alarm information and the running state information;
receiving updated baseline configuration sent by the cloud server;
after sending the alarm information to the cloud server, the method further comprises:
receiving a negotiation instruction of the cloud server;
after receiving the negotiation instruction, acquiring updated running state information of the terminal equipment;
and when the running time reaches the set negotiation time, the updated running state information is sent to the cloud server, so that the cloud server updates the baseline configuration of the terminal equipment according to the running state information of the terminal equipment and the updated running state information.
2. The method for checking and updating the base line of the edge cloud cooperation is characterized by comprising the following steps of:
receiving identity information of a plurality of terminal devices;
generating a baseline configuration according to the identity information, and sending the baseline configuration to the corresponding terminal equipment;
receiving alarm information and running state information sent by a plurality of terminal devices, updating baseline configuration of the plurality of terminal devices according to the alarm information and the running state information, and sending the updated baseline configuration to the corresponding terminal devices;
after receiving the alarm information, the method further comprises:
determining a baseline configuration update type according to the alarm information;
when the baseline configuration update type is application program update, sending a negotiation instruction to the terminal equipment;
and receiving the updated running state information of the terminal equipment, and updating the baseline configuration of the terminal equipment according to the running state information of the terminal equipment and the updated running state information.
3. The edge cloud collaborative baseline verification and configuration updating method according to claim 2, further comprising, after receiving the alert information:
and when the current baseline configuration influences the normal operation of the terminal equipment, the baseline configuration at the last moment is determined according to the alarm information and is sent to the corresponding terminal equipment.
4. The method for checking and updating the baseline configuration of the edge cloud coordination according to claim 2, wherein the step of sending the updated baseline configuration to the corresponding terminal device includes:
updating the baseline configuration of all the terminal devices with similar identity information with the terminal device.
5. A computer readable storage medium, characterized in that a baseline check and configuration update program of edge-cloud collaboration is stored thereon, which when executed by a processor, implements the baseline check and configuration update method of edge-cloud collaboration according to any one of claims 1-4.
6. A terminal device, comprising a memory, a processor, and a baseline check and configuration update program for edge cloud coordination stored in the memory and executable on the processor, wherein the processor implements the baseline check and configuration update method for edge cloud coordination according to claim 1 when executing the baseline check and configuration update program for Bian Yun coordination.
7. The cloud server is characterized by comprising a memory, a processor and a baseline check and configuration update program of the edge cloud cooperation, wherein the baseline check and configuration update program is stored in the memory and can be run on the processor, and the baseline check and configuration update method of the edge cloud cooperation according to any one of claims 2-4 is realized when the processor executes the baseline check and configuration update program of the Bian Yun cooperation.
8. A baseline verification and configuration update system for edge cloud collaboration, comprising: the terminal device of claim 6 and the cloud server of claim 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210334442.4A CN114726722B (en) | 2022-03-30 | 2022-03-30 | Bian Yun collaborative baseline checking and configuration updating method, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210334442.4A CN114726722B (en) | 2022-03-30 | 2022-03-30 | Bian Yun collaborative baseline checking and configuration updating method, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114726722A CN114726722A (en) | 2022-07-08 |
| CN114726722B true CN114726722B (en) | 2023-10-27 |
Family
ID=82241404
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210334442.4A Active CN114726722B (en) | 2022-03-30 | 2022-03-30 | Bian Yun collaborative baseline checking and configuration updating method, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114726722B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115150208B (en) * | 2022-09-06 | 2022-11-25 | 信联科技(南京)有限公司 | Zero-trust-based Internet of things terminal secure access method and system |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6615038B1 (en) * | 2000-04-28 | 2003-09-02 | Samsung Electronics Co., Ltd. | System and method for automatically creating and updating a mobile station configuration database in a wireless network |
| CN103971295A (en) * | 2014-05-08 | 2014-08-06 | 国家电网公司 | Power grid state estimation result analysis and alarm method and device |
| CN104363107A (en) * | 2014-10-21 | 2015-02-18 | 中国联合网络通信集团有限公司 | Inspection method and equipment for security baseline |
| CN106685691A (en) * | 2016-11-09 | 2017-05-17 | 苏州数言信息技术有限公司 | Efficient configuration update method and system of terminal device in Internet of things system |
| CN109743195A (en) * | 2018-12-11 | 2019-05-10 | 中国联合网络通信集团有限公司 | A safety baseline verification method and device |
| CN110620768A (en) * | 2019-09-16 | 2019-12-27 | 北京方研矩行科技有限公司 | Baseline safety detection method and device for intelligent terminal of Internet of things |
| CN110995650A (en) * | 2019-10-31 | 2020-04-10 | 博智安全科技股份有限公司 | Multi-terminal checking early warning system based on industrial control base line |
| US10936462B1 (en) * | 2020-04-29 | 2021-03-02 | Split Software, Inc. | Systems and methods for real-time application anomaly detection and configuration |
| CN113885957A (en) * | 2021-09-28 | 2022-01-04 | 深信服科技股份有限公司 | Configuration file processing method, terminal device, server and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10805154B2 (en) * | 2018-10-16 | 2020-10-13 | Hartford Fire Insurance Company | Secure configuration management system |
-
2022
- 2022-03-30 CN CN202210334442.4A patent/CN114726722B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6615038B1 (en) * | 2000-04-28 | 2003-09-02 | Samsung Electronics Co., Ltd. | System and method for automatically creating and updating a mobile station configuration database in a wireless network |
| CN103971295A (en) * | 2014-05-08 | 2014-08-06 | 国家电网公司 | Power grid state estimation result analysis and alarm method and device |
| CN104363107A (en) * | 2014-10-21 | 2015-02-18 | 中国联合网络通信集团有限公司 | Inspection method and equipment for security baseline |
| CN106685691A (en) * | 2016-11-09 | 2017-05-17 | 苏州数言信息技术有限公司 | Efficient configuration update method and system of terminal device in Internet of things system |
| CN109743195A (en) * | 2018-12-11 | 2019-05-10 | 中国联合网络通信集团有限公司 | A safety baseline verification method and device |
| CN110620768A (en) * | 2019-09-16 | 2019-12-27 | 北京方研矩行科技有限公司 | Baseline safety detection method and device for intelligent terminal of Internet of things |
| CN110995650A (en) * | 2019-10-31 | 2020-04-10 | 博智安全科技股份有限公司 | Multi-terminal checking early warning system based on industrial control base line |
| US10936462B1 (en) * | 2020-04-29 | 2021-03-02 | Split Software, Inc. | Systems and methods for real-time application anomaly detection and configuration |
| CN113885957A (en) * | 2021-09-28 | 2022-01-04 | 深信服科技股份有限公司 | Configuration file processing method, terminal device, server and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| Security Baseline Evaluation and Standard Research of Power Intelligent Internet of Things Terminal;Tao Chen;《2021 IEEE 6th International Conference on Signal and Image Processing》;全文 * |
| 网络设备安全基线配置核查分析系统设计与实现;马铮;《邮电设计技术》;6-11 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114726722A (en) | 2022-07-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10609063B1 (en) | Computer program product and apparatus for multi-path remediation | |
| US10476906B1 (en) | System and method for managing formation and modification of a cluster within a malware detection system | |
| US9438613B1 (en) | Dynamic content activation for automated analysis of embedded objects | |
| US9432389B1 (en) | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object | |
| CN110764807B (en) | Upgrading method, system, server and terminal equipment | |
| CN113342371B (en) | Internet of things equipment upgrading system | |
| US20080040790A1 (en) | Security Protection Apparatus And Method For Endpoint Computing Systems | |
| EP3618353B1 (en) | Dynamic, endpoint configuration-based deployment of network infrastructure | |
| WO2012027588A1 (en) | System and method for server-coupled malware prevention | |
| CN112668913A (en) | Network construction method, device, equipment and storage medium based on federal learning | |
| US8286223B2 (en) | Extensible access control architecture | |
| CN114726722B (en) | Bian Yun collaborative baseline checking and configuration updating method, system and storage medium | |
| CN110138741A (en) | Micro services management method, device and computer equipment based on management platform | |
| WO2014038820A1 (en) | Method for managing access right of terminal to resource by server in wireless communication system, and device for same | |
| WO2007001121A1 (en) | Device management system and method for setting configuration-value therein | |
| CN114221965A (en) | Method, device and electronic device for accessing blockchain | |
| CN114884963B (en) | Digital certificate management method and management device | |
| CN112219416A (en) | Techniques for authenticating data transmitted over a cellular network | |
| KR101775517B1 (en) | Client for checking security of bigdata system, apparatus and method for checking security of bigdata system | |
| CN108228280A (en) | The configuration method and device of browser parameters, storage medium, electronic equipment | |
| CN115510427B (en) | Cross-platform process running credible monitoring method and system | |
| US11228491B1 (en) | System and method for distributed cluster configuration monitoring and management | |
| US20240028376A1 (en) | Log forwarding for an agent platform appliance and software-defined data centers that are managed through the agent platform appliance | |
| CN111835504A (en) | Identification code generation method and server | |
| CN116962149A (en) | Network fault detection method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |