基于端口扫描的安全漏洞检测系统的设计与实现

【作者】 刘成志；

【导师】 张华忠；

【作者基本信息】 山东大学 ， 计算机应用技术， 2005， 硕士

【摘要】 网络安全问题越来越引起人们的广泛关注,并成为当今网络技术研究的重点。安全漏洞是硬件、软件或者是安全策略上的错误而引起的缺陷,黑客可以利用这个缺陷在系统未授权的情况下访问系统或者破坏系统的正常使用。因此只要找到并修补所有的安全漏洞,就可以抵御绝大部分的黑客攻击。安全漏洞扫描技术能够检测网络系统潜在的安全漏洞,使网络管理员可以预先了解网络的脆弱性所在,从而确保网络系统的安全。 经过对安全漏洞扫描器原理的深入分析,以及对现有网络漏洞扫描工具的研究和一些实际的扫描经验,设计和实现了以网络安全管理人员为服务对象的基于端口扫描的安全漏洞检测系统。 本文的创新之处是提出了基于端口扫描的安全漏洞检测系统的总体设计模型和扫描引擎开放端口—依存关系树插件调度策略。通过先进行端口扫描检测主机开放的端口服务,再根据收集的主机开放端口服务信息,针对开放的网络服务调用相应的扫描插件进行安全漏洞检测,能够减少漏洞扫描的盲目性。使用开放端口—依存关系树策略能够最大化插件的扫描并发度,提高安全漏洞扫描效率。 本文详细论述了研究和设计安全漏洞检测系统所需的理论基础知识,提出了安全漏洞检测系统的设计目标和设计原则,给出了安全漏洞检测系统的总体设计方案。整个系统的设计与实现都是从面向网络安全管理人员这一基本目的出发的。漏洞检测采用扫描插件,当有新安全漏洞出现时,编写相应的插件存入插件库就完成了新漏洞的扩展,使系统具有极好的扩展性;系统采用多线程算法,最大限度利用扫描主机和网络的资源,提高扫描的效率;系统中采用扫描历史库,实现了断点扫描功能;扫描结束时给出详实的漏洞扫描报告,能够帮助安全管理人员了解系统的安全状况,完成安全漏洞的修补工作。更多还原

【Abstract】 The problems of network security arouse more people’s widespread interest and become the key points of network engineering research. The security vulnerability is the flaw which is in the hardware, software or the security policy. The hacker may use this flaw to visit the system or disturb normal use of the system in the unauthorization situation. Therefore so long as all security vulnerabilities were found and patched, the system may resist most of attacks launched by the hacker. The security vulnerability scanning technology is able to examine the latent security vulnerability and enables the network administrator to understand in advance where the vulnerability is. In this way the network system will be safe.Through studying the security vulnerability scanning principle and the existing network vulnerability scanner and learning from some actual scanning experiences, a security vulnerability scanner is designed and realized. It is based on port scanning for the network security administrators.The innovation of this article is the security loophole scanning design model based on port scanning and the scanning engine which uses openning port - relational tree strategy. The scanner is based on port scanning. Before the network vulnerabilities scanning is launced, the Ping test and port scanning are carried on. It can reduce blindness. The scanning strategy is able to maximize the scanning concurrency and enhances the efficiency during the network vulnerabilities scanning.In this article the basic knowledge is introduced which is needed during the progress of designing a security vulnerability scanner. Then the design goal and principle is proposed. And following the goal and principle, the system design is given. The essential technology to realize the security vulnerability system is introdued. The scanning plug-ins is used to examine the system vulnerabilities. The scanning plug-in is a dynamic link library file. When a new security vulnerability appears, the corresponding plug-in is made to be put into the plug-in storehouse. Then the scanner can find the new vulnerability by using thenew plug-in. The scanner has an extremely good extension with the plug-in technology; The system takes full advantage of the system and network resources with the multi-thread algorithm and enhances the scanning efficiency; The scanning results are stored in the scanning history storehouse. So the scanning work can be resumed after interruption; When the scanning work ended the scanner can produce the detailed report which can help security administrators to understand the security condition and fix the security vulnerabilities.更多还原