

Design and Implementation of Vulnerabilities Scanner Tool

【作者】 郭俸明

【导师】 洪友堂;

【作者基本信息】 中国地质大学(北京) , 地图制图学与地理信息工程, 2008, 硕士

【摘要】 每个系统都有漏洞,不论你在系统安全性上投入多少财力,攻击者仍然可以发现一些可利用的特征和配置缺陷。亡羊补牢,毕竟羊已失去,不如在羊丢失之前,好好检查牢的漏洞,一旦发现及时修复。本文详细讨论了网络系统存在的漏洞以及主要的解决方案。发现一个已知的漏洞,比发现一个未知漏洞容易得多,这就意味着:多数攻击者所利用的都是常见的漏洞,这些漏洞,均有书面资料记载。采用适当的工具,就能在黑客利用这些常见漏洞之前,查出系统的薄弱之处。快速简便地发现这些漏洞,是VSGW(Vulnerabilities Scanner of GardWay,国卫漏洞扫描)漏洞扫描工具的主要使命。漏洞,大体上分为两大类:1)软件编写错误造成的漏洞;2)软件配置不当造成的漏洞。VSGW能检测以上两种类型的漏洞。VSGW漏洞扫描工具由两个主要模块组成:一是扫描模块,包括端口扫描和入侵扫描,二是漏洞库模块,包括对插件的分类和更新。VSGW的工作原理为:采用SSH通讯协议远程访问Unix/Linux主机,获取该主机的系统信息,主要是系统组件信息,然后在本地主机分析该主机的所有安装程序的版本信息,与本地漏洞库中的最新发布漏洞插件匹配,根据相应的规则判断远程主机各子系统是否存在漏洞,以及相应的风险级别。VSGW不仅能够提出风险预警,还能提供帮助用户修复漏洞的解决方案。VSGW与一般漏洞扫描扫描工具的最大的不同是:VSGW提供即时监控并对网络系统的安全提出预警。本文所使用的技术主要有:插件技术,端口扫描,入侵检测,多线程,智能识别技术。

【Abstract】 Each system has the vulnerabilities, no matter you put in how many financial resource in the system safety, the aggressor still might discover some may the use characteristic and the disposition flaw. Is better late than never, the sheep has lost after all, was inferior before sheep loss, inspects the jail well the vulnerabilities, once discovers the prompt repair.This article discussed the network system existence vulnerabilities as well as the main solution in detail. Discovered that a known vulnerabilities, discovered an unknown vulnerabilities is much easier than, this means: The most aggressors use is the common vulnerabilities, these vulnerabilitiess, have the written material record. Uses the suitable tool, can before the hacker uses these common vulnerabilitiess, finds out system’s weakness. Easily discovers these vulnerabilitiess fast, is LSGW (Leak Scanner of GardWay, country health vulnerabilities scanning) the vulnerabilities scans tool’s main mission.The vulnerabilities, divides into two broad headings on the whole: 1) the software compilation creates wrongly vulnerabilities; 2) the software disposes the vulnerabilities which creates improper. LSGW can examine above two types the vulnerabilities. The LSGW vulnerabilities scans the tool to be composed of two main modules: First, scanning module, including port scanning and invasion scanning; second, leaks the storage cavern construction module, including to plug-in unit’s classification and renewal. The LSGW principle of work is: Uses the SSH communication protocol long-distance to inquire the Unix/Linux main engine, gains this main engine’s system message, is mainly the system module information, then analyzes this main engine in the local host all the installation procedure the edition information, with local vulnerabilities storehouse in newest issue vulnerabilities plug-in unit match, according to corresponding rule judgment long-distance main engine various subsystems whether to have the vulnerabilities, as well as corresponding risk rank. LSGW not can only propose the risk early warning, but can also provide the help user repair vulnerabilities’s solution. LGSM and the common vulnerabilities scan tool’s biggest difference are: LSGW provides the immediate monitoring and proposes the early warning to network system’s security.

  • 【分类号】TP393.08
  • 【被引频次】3
  • 【下载频次】571