Research And Application Of Distributed Vulnerability Scanning Model

Current computer network in government and the enterprise widely used specific institutions, such as, in order to ensure the security of their network resources, they often invest a lot of money on the network border security, especially for minor government unit, its internal network system contains a large number of national information safety information and archives, this makes they have strict requirements for network security. Also urgently need a kind of authenticity, namely availability, access authorization, vulnerability database integrity, detection robustness features such as vulnerability scanning system to meet the needs of the security protection and monitoring network security products. In view of this, to be robust and complete scan on the target system, and can carry on the corresponding event correlation to the scanning results of safety evaluation system of research and development, its significance is significant, such as distributed vulnerability scanning illustrated in this paper.Through access to domestic and foreign periodicals and data, and further study of the current mainstream vulnerability scanning technology, the author of the mainstream security technology has a better understanding. With the development of vulnerability scanning technology, the computer network security are better safeguard, the ability of detecting network attacks and vulnerabilities detection ability received great ascension. On architecture, but today some vulnerability scanning system vulnerability database integrity and correlation analysis, the result of the scan has some defects, and make it to the leak detection ability.This article main work embodied in the design of a distributed vulnerability scanning model, the model of the vulnerability database using the OVAL import, ensured the integrity of vulnerability database and updated in real time, another model in the results processing module joined the correlation analysis of ideas, and implement it. Loopholes in the entire model structure by the security management center, center control terminal, vulnerability scanning Agent (the Agent). Security management center adopts the distributed management, unified allocation and management of each vulnerability scanning Agent, vulnerability scanning management center summary all vulnerability scanning Agent scans, event correlation analysis by the management center, according to the result of correlation analysis, the given event early warning information; Leak control terminal center is mainly responsible for configuration and management of the Agent, security management center is responsible for and other safety assessment system (such as:intrusion detection system, firewall, etc.) communication and coordination with vulnerability scanning system and; Vulnerability scanning Agent (Agent) distributed on different machines, at the end of the scan, the scan results feedback to control terminal center, by the leak control terminal center report analysis, the result of the feedback over the holes and the corresponding event correlation. According to the result of correlation analysis, event early warning is given.Finally in this paper, the experiments have been carried out to verify each module in the model and analysis, and proposed the main direction of the next step work.