Research And Implementation On Security Management Of Scanner

With the development of the computer and network technology and the popularization of their application, nerwork security has become a focus of attention. Recent years, security technology and security products have greatly progressed, some have verged on maturity. But the capability of single security technology or security product (security component) is limited, which can only meet specific security need of system and network. Integrated security management can gather and integrate the security information of the security components in the management domain, then analyse the information and give aid to decision-making, thereby improve the security capability of the system. Integrated security management has become the development trend of security technology.The management information modeling of security components is one of the most important research points of integrated security management. The goal of management information modeling across different platforms is defining common syntax to abstract and describe the attributes, operations and relations of the entities in the management domain, and the model is independent of platforms, applications or protocols. Using CIM (Common Information Model) issued by DMTF (Distributed Management Task Force) can achieve the goal.The dissertation studied the management information modeling method based on CIM, then presented a CIM model of network vulnerability scanner. Based on the model, the network vulnerability scanner security management system was designed and realized.The main achievement of the dissertation includes three parts:Firstly, the dissertation studied the theory of CIM and the modeling method based on CIM, analysed CIM common model-Application model, then researched the management realization framework and put forward a model management realization framework based on agent.Secondly, the dissertation analyzed and induced network vulnerability scanners' functions, and presented a CIM model of the scanner.Finally, the dissertation introduced the design and realization of the network vulnerability scanner management system, which included the design for the system architecture based on CORBA (CORBA Object Request Broker Architecture) technology, the realization of CIM models on CORBA platform, the design for the management agent, and the method design for the information exchange on XML (extensible Markup Language), then realized a network vulnerability scanner management system prototype.The achievement of the dissertation has been used in some headquarters' project, which solved the problems of network vulnerability scanners' management information modeling and integrated management well.