The Design And Implement Of Distributed Vulnerability Scanning System

The rapid development and popularization of network makes us our lifeconvenient,meanwhile it puts us in a potential danger. To seek excessive profits, hackers use network system vulnerability to illegally attack or destroy the other's network, resulting in huge losses to the enterprises and individuals.Vulnerability can not be found easily, we need use various methods to do dynamic testing. If we can scan the network system before use it and find out the vulnerability timely, we can effectively prevent the network from the hacker's attacking by fixing bugs or taking some defensive measures.Hence,network vulnerability scanning system, as the first security defense of network attack, has received the widespread attention and use. The traditional stand-alone vulnerability scaning system due to the low efficiency, the limited scanning range,scan results processing slowly and others defects, already cannot satisfy the security requirements of the enterprise. This article designed a distributed vulnerability scanning system which can scan vulnerability,furthermore summary and analyze the result of the scan.First, thesis introduced the key technologies,algorithm s and tools which used in the development of distributed vulnerability scanning system,such as Network Scanning Technique,Load Balancing Technique,weighted round robin algorithms,MD5 algorithms and wget.Then aimed at the system of task scheduling,load calculation,Heart rate monitor, management by synchronization,Pooled Analysis ect of the requirement analysis. According to the function is divided into six modules, including the interface to access, intelligent scheduling, send and receive centralized management, vulnerability warning forward, scanning engine and u-key authentication,etc.The article mainly introduced the design and implement of four modules.Intelligent scheduling module is responsible for information monitor,the intelligent scheduling of scanning task,organize action protocol. Send and receive centralized management modules is in charge of parser protocol,execute action. Warning forward m od ul e is responsible for storaging and summaring the result of the scan.The u-key authentication module is in charge of recognizing the type of device and protecting system security.The accomplished functions are task issued in distributed, task management,equipment sychronization upgrade,policy issued, weak words dictionary issued and the report download, etc. The distributed vulnerability scanning system adopts B/S three layer architecture, the server is under Linux operating system using C language development.Thereinto, the distributed dispatch of Scanning task is to use the heartbeat unit to monitor the scanning engine load in real-time, in order to achieve the scanning engine load balance, improve the efficiency of scanning. Synchronous upgrade, policy issued,weak password dictionaryissued and the report download etc,the realization of above functions are mainly dependent on invoking wget tools download file and the MD5 algorithm to encrypt and decrypt the file.After the completion of the deployment of the system, for distributed vulnerability scanning system function test and performance test,through the analysis of test results, the system is running well, implements the functional requirements, is largely improve the efficiency of scanning.