| With the development of computer network technology, computers and networks are more involved in people’s life and work. With enriching people’s life of various application on the computer, people’s requirements of computer security and privacy are getting higher and higher. In the internal networks which has set up by enterprises and institutions, there always exits some issues such as regulatory protection and self-defense, these problems may result in facing serious security risk for users. As the complexity of network attacks and normalization, computers which deployed at government agencies and research institutes will be attacked, so security issues and information security that computer terminals face are getting increasingly important. One of the regular way to attack is due to the presence of vulnerability caused by the operating system.Based on computer terminal security system project for Chinese Academy of Sciences, the basic research of this project is to provide comprehensive security services. This complex platform involves many computer technologies, but the focus of this paper is to introduce an important part in the security protection-- vulnerability protection. The objective of this function is to install system patch timely to prevent computer from attacking. On the basis of the integration of existing technology, we add some more measures to meet the needs of patch management automation.Firstly, this paper introduces the whole computer terminal security system which designed based on C/S structure, that mainly include the overall framework and the support platform of the client and the server. Client software provides many functional modules such as follows, security configuration management, patch management, terminal state collection, hardware information query, installed soft ware management, process traffic monitor and anti-virus scan. The analyzes on dual server system include double server design and internal component which have connection with each other.Secondly, this paper gives an introduction to the realization of patch module of client. Patch module scanned loocally according the information obtained from the server with the condition of scanning. When it is finished, we can get to know which loopholes are exiting and backup these information to the server. The next step is downloading and installing patches. Client implementation involves many technologies, I will give a detail description of the interface about the implementation with a brief introduction of technology.Fourthly, based on the MVC design model, I describe the practical function of each layer in server patch module. To achieve the data transfer function depends on the understanding of WSUS (Windows Server Update Service) and SUSDB(WSUS’s internal database), I give a summary introduce about important tables. Then shows how to reach the function of early warning when it has high risks with the completion of data storage.Finally, combining the observation of the system running status and an investigation of new technologies, this paper gives explanations of further work about the system. |
PDF Full Text Request