Automatic Audit Of Host Security Baseline Based On SCAP The Research Of Information And Decision Making

With the continuous development of information technology and network technology,China's informatization process is also accelerating.The information security construction lasted for more than 20 years has made some benefits in network boundary,virus,and so on.However,the security construction of a terminal hosts that stores and processes data has not been paid much attention.The security and maintenance of the host is a huge challenge for the operation and maintenance managers responsible for the information system security.The operating system and application software should be checked and configured.New security vulnerabilities are often published,and the managers responsible for operation and maintenance are difficult to respond quickly to the emerging threats,especially,there is no good tool to check the security of the host.The difficulty of the task is evident for thousands of hosts.Because of the server threat to host security and the problems of minor scope and low efficiency of current host verification,this thesis makes a profound summary and analysis of host security standards,security baseline model and SCAP,studies the current host security audit and multi-attribute decision-making technology,and constructs a set of technologies covering host security configuration,system status The main research contents of the host security automatic audit and decision system are as follows.(1)The socket is created to receive host security alarm events by event triggering mechanism and UDP communication.Analyze the alarm events for type fusion,and extract the alarm item details.(2)Search the safety baseline knowledge base according to the alarm item details and removed the corresponding detection items.According to the SCAP protocol,the detection items extracted from the knowledge base are converted into XCCDF and OVAL standard file format,the automatic audit of alarm event compliance is carried out using internal integrated verification tools.(3)According to the attribute elements such as time factor,security status,data transformation amount in the backup data information table,the comprehensive weight determination method combining AHP and entropy weight method is adopted to determine the best recovery object from the backup scheme.Through the test of the system,the automatic audit and decision-making function of the system is verified.The system effectively saves verification time,reduces the errors and risks brought by traditional verification methods,improves the efficiency of verification work and the integrity and accuracy of verification results,and improves the host's security.