[go: up one dir, main page]

CN111800286A - Intranet asset detection method, device and electronic device - Google Patents

Intranet asset detection method, device and electronic device Download PDF

Info

Publication number
CN111800286A
CN111800286A CN201910279567.XA CN201910279567A CN111800286A CN 111800286 A CN111800286 A CN 111800286A CN 201910279567 A CN201910279567 A CN 201910279567A CN 111800286 A CN111800286 A CN 111800286A
Authority
CN
China
Prior art keywords
network
asset information
asset
adjacent
current
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910279567.XA
Other languages
Chinese (zh)
Inventor
常宝岗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Shandong Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Shandong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Shandong Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201910279567.XA priority Critical patent/CN111800286A/en
Publication of CN111800286A publication Critical patent/CN111800286A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0213Standardised network management protocols, e.g. simple network management protocol [SNMP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

本申请提出了一种内网资产的探测方法、装置和电子设备,其中,上述内网资产的探测方法包括:配置预先划定的授信网段对当前设备所对接的网络处于可达状态;对所述当前设备的紧邻设备进行探测,获取所述紧邻设备的资产信息;判断所述紧邻设备是否为网络连接设备;当所述紧邻设备不是网络连接设备时,对所述紧邻设备的资产信息进行登记。本申请可以实现获取企业内网中的全量资产信息,提高企业资产管理的效果,降低IT资产安全管控的风险。

Figure 201910279567

The present application proposes a method, device and electronic device for detecting intranet assets, wherein the above-mentioned method for detecting intranet assets includes: configuring a pre-defined credit network segment to be in a reachable state to the network connected to the current device; The device in the immediate vicinity of the current device is detected, and the asset information of the device in the immediate vicinity is obtained; it is judged whether the device in the immediate vicinity is a network-connected device; when the device in the immediate vicinity is not a network-connected device, the asset information of the device in the immediate vicinity is checked. register. This application can realize the acquisition of all asset information in the enterprise intranet, improve the effect of enterprise asset management, and reduce the risk of IT asset security management and control.

Figure 201910279567

Description

内网资产的探测方法、装置和电子设备Intranet asset detection method, device and electronic device

【技术领域】【Technical field】

本申请涉及互联网技术领域,尤其涉及一种内网资产的探测方法、装置和电子设备。The present application relates to the field of Internet technologies, and in particular, to a method, device and electronic device for detecting intranet assets.

【背景技术】【Background technique】

随着企业互联网技术(Internet Technology;以下简称:IT)资产规模的逐步增长,以及网络安全形势的日趋严峻,实时掌握内网资产安全态势势在必行。资产信息是安全态势管控的基础,只有准确掌握企业内网资产信息,才能有效的发现存在的风险并进行及时的管控,才能防患于未然。With the gradual increase in the scale of enterprise Internet technology (Internet Technology; hereinafter referred to as: IT) assets and the increasingly severe network security situation, it is imperative to grasp the security situation of intranet assets in real time. Asset information is the basis for security situation management and control. Only by accurately grasping the enterprise intranet asset information can we effectively discover existing risks and conduct timely management and control, so as to prevent problems before they occur.

目前企业已经依托于资产管理系统实现了资产的集中化、信息化管理。现有相关技术中,资产管理系统对资产的发现一般采用基于因特网协议(Internet Protocol;以下简称:IP)全网扫描的方式。通过特定工具对全网网段进行扫描,针对IP存活情况、端口放开情况等信息进行探测,进而形成一定的资产指纹,实现资产发现和管理。At present, the enterprise has realized the centralized and information management of assets relying on the asset management system. In the prior art, the asset management system generally uses an Internet Protocol (Internet Protocol; hereinafter referred to as: IP)-based scanning method for the entire network to discover assets. Use specific tools to scan the entire network segment, detect information such as IP survival and port release, and then form a certain asset fingerprint to realize asset discovery and management.

但是,出于网络安全的考虑,企业内部网络大多存在安全域划分,域间通过网络策略或设备隔离,基于IP全网扫描并不能完全发现内网所有存活资产,从而导致资产接入网络的真实情况难以管控,企业资产管理效果也相对低下,存在极大的IT资产安全管控风险。However, due to the consideration of network security, most of the internal networks of enterprises have security domain divisions, and the domains are isolated by network policies or devices. Based on IP-wide network scanning, it is not possible to completely discover all the surviving assets in the intranet, which leads to the fact that the assets are connected to the network. The situation is difficult to manage and control, the effect of enterprise asset management is relatively low, and there is a great risk of IT asset security management and control.

【发明内容】[Content of the invention]

本申请实施例提供了一种内网资产的探测方法、装置和电子设备,以实现获取企业内网中的全量资产信息,提高企业资产管理的效果,降低IT资产安全管控的风险。The embodiments of the present application provide an intranet asset detection method, device, and electronic device, so as to obtain full asset information in an enterprise intranet, improve the effect of enterprise asset management, and reduce the risk of IT asset security management and control.

第一方面,本申请实施例提供一种内网资产的探测方法,包括:配置预先划定的授信网段对当前设备所对接的网络处于可达状态;对所述当前设备的紧邻设备进行探测,获取所述紧邻设备的资产信息;判断所述紧邻设备是否为网络连接设备;当所述紧邻设备不是网络连接设备时,对所述紧邻设备的资产信息进行登记。In a first aspect, an embodiment of the present application provides a method for detecting intranet assets, including: configuring a pre-defined trusted network segment to be in a reachable state to a network to which a current device is connected; detecting a device immediately adjacent to the current device , obtain the asset information of the adjacent device; determine whether the adjacent device is a network connection device; when the adjacent device is not a network connection device, register the asset information of the adjacent device.

其中一种可能的实现方式中,所述判断所述紧邻设备是否为网络连接设备之后,还包括:当所述紧邻设备为网络连接设备,并且所述紧邻设备为网络连接设备中的边界设备时,对所述紧邻设备的资产信息进行登记。In one possible implementation manner, after judging whether the immediately adjacent device is a network connection device, the method further includes: when the immediately adjacent device is a network connection device and the immediately adjacent device is a border device in the network connection device , and register the asset information of the adjacent equipment.

其中一种可能的实现方式中,所述方法还包括:在对资产信息进行登记的过程中,如果待登记的资产信息中的网络接入端口与已登记的资产信息中的网络接入端口相同,则仅将所述待登记的资产信息中的因特网协议IP地址登记在具有相同网络接入端口的资产信息中。In one possible implementation manner, the method further includes: in the process of registering the asset information, if the network access port in the asset information to be registered is the same as the network access port in the registered asset information , then only the Internet Protocol IP address in the asset information to be registered is registered in the asset information with the same network access port.

其中一种可能的实现方式中,所述配置预先划定的授信网段对当前设备所对接的网络处于可达状态包括:登录所述当前设备,启用简单网络管理协议,通过所述简单网络管理协议配置所述授信网段对所述当前设备所对接的网络处于可达状态。In one of the possible implementations, configuring the pre-defined trusted network segment to be in a reachable state to the network connected to the current device includes: logging in to the current device, enabling a simple network management protocol, and managing the network through the simple network The protocol configures the trusted network segment to be in a reachable state to the network to which the current device is connected.

其中一种可能的实现方式中,所述对所述当前设备的紧邻设备进行探测,获取所述紧邻设备的资产信息包括:通过简单网络管理协议对所述当前设备的紧邻设备进行探测,获取所述紧邻设备的资产信息。In one of the possible implementation manners, the detecting the device next to the current device and acquiring the asset information of the device includes: using a simple network management protocol to detect the device next to the current device, and obtaining the information of the device next to the current device. Describe asset information in the immediate vicinity of the device.

其中一种可能的实现方式中,所述配置预先划定的授信网段对当前设备所对接的网络处于可达状态之前,还包括:在内网中划定授信网段;探测所述内网中最先可达的网络连接设备,作为所述内网中资产发现的起点设备,对所述起点设备的资产信息进行登记。In one possible implementation manner, the configuring the pre-defined trusted network segment before the network connected to the current device is in a reachable state, further includes: delimiting a trusted network segment in the intranet; detecting the intranet The first reachable network connection device in the Intranet is used as the starting point equipment for asset discovery in the intranet, and the asset information of the starting point equipment is registered.

其中一种可能的实现方式中,所述当前设备的资产信息包括:所述当前设备的资产指纹,所述当前设备与上一设备对接的网络接入端口,多IP信息以及所述起点设备到所述当前设备的拓扑路径信息。In one possible implementation manner, the asset information of the current device includes: the asset fingerprint of the current device, the network access port that the current device is connected to the previous device, multi-IP information, and the origin device to Topological path information of the current device.

第二方面,本申请实施例提供一种内网资产的探测装置,包括:配置模块,用于配置预先划定的授信网段对当前设备所对接的网络处于可达状态;探测模块,用于对所述当前设备的紧邻设备进行探测,获取所述紧邻设备的资产信息;判断模块,用于判断所述紧邻设备是否为网络连接设备;登记模块,用于当所述判断模块确定所述紧邻设备不是网络连接设备时,对所述紧邻设备的资产信息进行登记。In a second aspect, an embodiment of the present application provides an apparatus for detecting intranet assets, including: a configuration module configured to configure a pre-defined trusted network segment to be in a reachable state to a network connected to a current device; a detection module, used for Detecting the equipment in the immediate vicinity of the current equipment, and obtaining the asset information of the equipment in close proximity; a judgment module for judging whether the equipment in close proximity is a network connection device; a registration module for when the judgment module determines that the adjacent equipment is in the immediate vicinity When the device is not a network-connected device, the asset information of the adjacent device is registered.

第三方面,本申请实施例提供一种电子设备,包括:至少一个处理器;以及与所述处理器通信连接的至少一个存储器,其中:所述存储器存储有可被所述处理器执行的程序指令,所述处理器调用所述程序指令能够执行如上所述的方法。In a third aspect, embodiments of the present application provide an electronic device, including: at least one processor; and at least one memory communicatively connected to the processor, wherein: the memory stores a program executable by the processor Instructions, the processor invoking the program instructions capable of performing the method as described above.

第四方面,本申请实施例提供一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令使所述计算机执行如上所述的方法。In a fourth aspect, an embodiment of the present application provides a non-transitory computer-readable storage medium, where the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions cause the computer to execute the above method.

以上技术方案中,配置预先划定的授信网段对当前设备所对接的网络处于可达状态,然后对上述当前设备的紧邻设备进行探测,获取上述紧邻设备的资产信息,判断上述紧邻设备是否为网络连接设备,当上述紧邻设备不是网络连接设备时,对上述紧邻设备的资产信息进行登记,从而可以实现对企业内网中的所有存活资产进行探测,获取内网中的全量资产信息,提高企业资产管理的效果,降低IT资产安全管控的风险。In the above technical solution, a pre-defined credit network segment is configured to make the network connected to the current device in a reachable state, and then the device adjacent to the current device is detected, the asset information of the adjacent device is obtained, and it is determined whether the adjacent device is Network connection equipment, when the above-mentioned adjacent equipment is not a network connection equipment, the asset information of the above-mentioned adjacent equipment can be registered, so as to realize the detection of all surviving assets in the enterprise intranet, obtain the full amount of asset information in the intranet, and improve the enterprise The effect of asset management reduces the risk of IT asset security management and control.

【附图说明】【Description of drawings】

为了更清楚地说明本申请实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to illustrate the technical solutions of the embodiments of the present application more clearly, the following briefly introduces the accompanying drawings used in the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.

图1为本申请内网资产的探测方法一个实施例的流程图;1 is a flowchart of an embodiment of a method for detecting intranet assets of the present application;

图2为本申请内网资产的探测方法中资产信息登记一个实施例的示意图;2 is a schematic diagram of an embodiment of asset information registration in a method for detecting intranet assets of the application;

图3为本申请内网资产的探测方法另一个实施例的流程图;3 is a flowchart of another embodiment of a method for detecting intranet assets of the present application;

图4为本申请内网资产的探测方法中起点设备的资产信息一个实施例的示意图;4 is a schematic diagram of an embodiment of asset information of a starting point device in a method for detecting intranet assets of the application;

图5为本申请内网资产的探测方法再一个实施例的流程图;FIG. 5 is a flowchart of yet another embodiment of a method for detecting intranet assets of the present application;

图6为本申请内网资产的探测装置一个实施例的结构示意图;FIG. 6 is a schematic structural diagram of an embodiment of an apparatus for detecting intranet assets of the present application;

图7为本申请内网资产的探测装置另一个实施例的结构示意图;FIG. 7 is a schematic structural diagram of another embodiment of an apparatus for detecting intranet assets of the present application;

图8为本申请电子设备一个实施例的结构示意图。FIG. 8 is a schematic structural diagram of an embodiment of an electronic device of the present application.

【具体实施方式】【Detailed ways】

为了更好的理解本申请的技术方案,下面结合附图对本申请实施例进行详细描述。In order to better understand the technical solutions of the present application, the embodiments of the present application are described in detail below with reference to the accompanying drawings.

应当明确,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其它实施例,都属于本申请保护的范围。It should be clear that the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present application.

在本申请实施例中使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本申请。在本申请实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。The terms used in the embodiments of the present application are only for the purpose of describing specific embodiments, and are not intended to limit the present application. As used in the embodiments of this application and the appended claims, the singular forms "a," "the," and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise.

图1为本申请内网资产的探测方法一个实施例的流程图,如图1所示,上述内网资产的探测方法可以包括:FIG. 1 is a flowchart of an embodiment of a method for detecting intranet assets of the application. As shown in FIG. 1 , the above-mentioned method for detecting intranet assets may include:

步骤101,配置预先划定的授信网段对当前设备所对接的网络处于可达状态。Step 101: Configure a pre-defined trusted network segment to be in a reachable state to the network to which the current device is connected.

其中,上述当前设备即为资产探测设备当前所探测到的设备。Wherein, the above-mentioned current device is the device currently detected by the asset detection device.

具体地,配置授信网段对当前设备对接的所有网络均处于可达状态可以为:登录当前设备,启用简单网络管理协议(Simple Network Management Protocol;以下简称:SNMP),通过SNMP配置上述授信网段对当前设备所对接的网络处于可达状态。Specifically, configuring the trusted network segment to be in a reachable state to all networks connected to the current device may be: logging in to the current device, enabling Simple Network Management Protocol (Simple Network Management Protocol; SNMP for short), and configuring the above-mentioned trusted network segment through SNMP The network connected to the current device is reachable.

在具体实现时,登录当前设备,需要人工参与或将当前设备的账号信息提前录入系统实现自动登录。在登录当前设备之后,可以启用SNMP及相关配置策略,配置授信网段对当前设备所对接的网络处于可达状态。In the specific implementation, to log in to the current device, manual participation is required or the account information of the current device is entered into the system in advance to achieve automatic login. After logging in to the current device, you can enable SNMP and related configuration policies, and configure the trusted network segment to be reachable to the network connected to the current device.

步骤102,对上述当前设备的紧邻设备进行探测,获取上述紧邻设备的资产信息。Step 102 : Detecting the equipment adjacent to the current equipment, and acquiring asset information of the equipment adjacent to the current equipment.

具体地,资产探测设备可以通过SNMP对上述当前设备的紧邻设备进行探测,获取上述紧邻设备的资产信息。Specifically, the asset detection device may detect the adjacent devices of the current device through SNMP, and obtain the asset information of the adjacent devices.

步骤103,判断上述紧邻设备是否为网络连接设备;如果否,则执行步骤104;如果上述紧邻设备为网络连接设备,则执行步骤105。Step 103 , determine whether the above-mentioned immediately adjacent device is a network connection device; if not, go to step 104 ; if the above-mentioned adjacent device is a network connection device, go to step 105 .

其中,网络连接设备可以包括交换机或路由器等用于进行网络连接的设备。Wherein, the network connection device may include a device used for network connection, such as a switch or a router.

步骤104,对上述紧邻设备的资产信息进行登记。Step 104, register the asset information of the above-mentioned adjacent equipment.

步骤105,当上述紧邻设备为网络连接设备中的边界设备时,对上述紧邻设备的资产信息进行登记。Step 105, when the above-mentioned adjacent device is a border device in the network connection device, register the asset information of the above-mentioned adjacent device.

本实施例中,当上述紧邻设备为网络连接设备中的边界设备时,当前拓扑路径的资产信息探测终止,对上述紧邻设备的资产信息进行登记。In this embodiment, when the above-mentioned adjacent device is a border device in the network connection device, the asset information detection of the current topology path is terminated, and the asset information of the above-mentioned adjacent device is registered.

具体地,本实施例中,在对资产信息进行登记的过程中,如果待登记的资产信息中的网络接入端口与已登记的资产信息中的网络接入端口相同,则仅将上述待登记的资产信息中的IP地址登记在具有相同网络接入端口的资产信息中。Specifically, in this embodiment, in the process of registering asset information, if the network access port in the asset information to be registered is the same as the network access port in the registered asset information, only the above-mentioned to-be-registered asset information will be registered. The IP address in the asset information is registered in the asset information with the same network access port.

本实施例中,在进行资产信息登记时,需要判断待登记的资产信息中的网络接入端口是否与已登记的资产信息中的网络接入端口相同,如果是,则说明是同网卡多IP的情况,这时无需对上述待登记的资产信息进行登记,仅将上述待登记的资产信息中的IP地址登记在具有相同网络接入端口的资产信息中即可。In this embodiment, when registering asset information, it is necessary to determine whether the network access port in the asset information to be registered is the same as the network access port in the registered asset information. If so, it means that the same network card has multiple IP addresses. In this case, there is no need to register the above-mentioned asset information to be registered, and only the IP address in the above-mentioned asset information to be registered can be registered in the asset information with the same network access port.

如图2所示,图2为本申请内网资产的探测方法中资产信息登记一个实施例的示意图,从图2中可以看出,设备标识(Identifier;以下简称:ID)为10000006的设备的资产信息为待登记的资产信息,上述待登记的资产信息中的网络接入端口与已登记的设备ID为10000005的资产信息中的网络接入端口相同,这时无需登记设备ID为10000006的设备的资产信息,仅在设备ID为10000005的资产信息中的多IP字段添加设备ID为10000006的设备的IP地址即可,从而可以在同一资产存在多IP的情况时,对资产信息进行有效整合,实现资产精准管理。As shown in FIG. 2 , FIG. 2 is a schematic diagram of an embodiment of asset information registration in the method for detecting intranet assets of the present application. As can be seen from FIG. 2 , the device identifier (Identifier; hereinafter referred to as: ID) is 10000006. The asset information is the asset information to be registered. The network access port in the asset information to be registered above is the same as the network access port in the asset information with the registered device ID of 10000005. At this time, there is no need to register the device with the device ID of 10000006. Only add the IP address of the device whose device ID is 10000006 in the multi-IP field of the asset information whose device ID is 10000005, so that the asset information can be effectively integrated when there are multiple IPs in the same asset. Realize accurate asset management.

上述内网资产的探测方法中,配置预先划定的授信网段对当前设备所对接的网络处于可达状态,然后对上述当前设备的紧邻设备进行探测,获取上述紧邻设备的资产信息,判断上述紧邻设备是否为网络连接设备,当上述紧邻设备不是网络连接设备时,对上述紧邻设备的资产信息进行登记,从而可以实现对企业内网中的所有存活资产进行探测,获取内网中的全量资产信息,提高企业资产管理的效果,降低IT资产安全管控的风险;并且可以在同一资产存在多IP的情况时,对资产信息进行有效整合,实现资产精准管理。In the above-mentioned detection method of intranet assets, a pre-defined credit network segment is configured to be in a reachable state to the network connected to the current device, and then the device adjacent to the current device is detected, the asset information of the adjacent device is obtained, and the above-mentioned device is judged. Whether the adjacent device is a network-connected device, when the above-mentioned adjacent device is not a network-connected device, register the asset information of the above-mentioned adjacent device, so as to detect all surviving assets in the enterprise intranet and obtain the full amount of assets in the intranet Information, improve the effect of enterprise asset management, reduce the risk of IT asset security management and control; and can effectively integrate asset information when there are multiple IPs in the same asset to achieve accurate asset management.

图3为本申请内网资产的探测方法另一个实施例的流程图,如图3所示,本申请图1所示实施例步骤101之前,还可以包括:FIG. 3 is a flowchart of another embodiment of the method for detecting intranet assets of the present application. As shown in FIG. 3 , before step 101 in the embodiment shown in FIG. 1 of the present application, the method may further include:

步骤301,在内网中划定授信网段。Step 301: Delineate a credit network segment in the intranet.

本实施例中,内网中划定的授信网段可以作为安全地址段访问上述内网的所有IP地址段。In this embodiment, the trusted network segment defined in the intranet can be used as a secure address segment to access all IP address segments of the intranet.

步骤302,探测上述内网中最先可达的网络连接设备,作为上述内网中资产发现的起点设备,对上述起点设备的资产信息进行登记。Step 302: Detect the first reachable network connection device in the above-mentioned intranet, and register the asset information of the above-mentioned starting point device as a starting point device for asset discovery in the above-mentioned intranet.

具体地,资产探测设备可以探测上述内网中最先可达的网络连接设备,作为上述内网中资产发现的起点设备,对上述起点设备的资产信息进行登记。Specifically, the asset detection device can detect the first reachable network connection device in the above-mentioned intranet, and register the asset information of the above-mentioned starting point device as a starting point device for asset discovery in the above-mentioned intranet.

其中,上述起点设备的资产信息可以包括资产指纹、网络接入端口、多IP信息和拓扑路径信息:The asset information of the above-mentioned starting device may include asset fingerprints, network access ports, multi-IP information and topology path information:

上述资产指纹可以包括操作系统及版本、设备ID、IP地址、网关、资产类型和/或在用端口等信息;The above asset fingerprints may include information such as operating system and version, device ID, IP address, gateway, asset type and/or port in use;

上述起点设备的网络接入端口为0;The network access port of the above starting device is 0;

上述起点设备的拓扑路径信息为上述起点设备自身;The topology path information of the above-mentioned origin device is the above-mentioned origin device itself;

上述起点设备的多IP信息,如果后续探测到的设备的网络接入端口与上述起点设备的网络接入端口相同,则将后续探测到的设备的IP地址添加到上述起点设备的资产信息的多IP字段中。The multi-IP information of the above-mentioned starting device, if the network access port of the subsequently detected device is the same as the network access port of the above-mentioned starting device, then the IP address of the subsequently detected device is added to the above-mentioned multiple of the asset information of the starting device. in the IP field.

参见图4,图4为本申请内网资产的探测方法中起点设备的资产信息一个实施例的示意图。Referring to FIG. 4 , FIG. 4 is a schematic diagram of an embodiment of the asset information of the origin device in the method for detecting intranet assets of the present application.

这样,本申请图1所示实施例中,上述当前设备的资产信息可以包括:上述当前设备的资产指纹,当前设备与上一设备对接的网络接入端口,多IP信息以及起点设备到上述当前设备的拓扑路径信息。In this way, in the embodiment shown in FIG. 1 of the present application, the asset information of the current device may include: the asset fingerprint of the current device, the network access port that the current device is connected to the previous device, the multi-IP information, and the origin device to the current device. Topological path information of the device.

同样,上述当前设备的资产指纹可以包括操作系统及版本、设备ID、IP地址、网关、资产类型和/或在用端口等信息;当前设备的资产信息的示例可以参见图2,在此不再赘述。Likewise, the asset fingerprint of the above-mentioned current device may include information such as operating system and version, device ID, IP address, gateway, asset type and/or port in use; an example of the asset information of the current device can be found in FIG. 2 , which is omitted here. Repeat.

图5为本申请内网资产的探测方法再一个实施例的流程图,如图5所示,上述内网资产的探测方法可以包括:FIG. 5 is a flowchart of another embodiment of a method for detecting intranet assets of the present application. As shown in FIG. 5 , the above-mentioned method for detecting intranet assets may include:

步骤501,在内网中划定授信网段。Step 501: Delineate a credit network segment in the intranet.

步骤502,探测上述内网中最先可达的网络连接设备,作为上述内网中资产发现的起点设备,对上述起点设备的资产信息进行登记。Step 502: Detect the first reachable network connection device in the above-mentioned intranet, and register the asset information of the above-mentioned starting point device as a starting point device for asset discovery in the above-mentioned intranet.

其中,上述起点设备即为网络探测设备探测到的当前设备。The above-mentioned starting point device is the current device detected by the network detection device.

步骤503,配置预先划定的授信网段对当前设备所对接的网络处于可达状态。Step 503: Configure a pre-defined trusted network segment to be in a reachable state to the network connected to the current device.

步骤504,对上述当前设备的紧邻设备进行探测,获取上述紧邻设备的资产信息。Step 504: Detecting the adjacent devices of the current device to obtain asset information of the adjacent devices.

步骤505,判断上述紧邻设备是否为网络连接设备;如果否,则执行步骤506;如果上述紧邻设备为网络连接设备,则执行步骤507。Step 505 , determine whether the above-mentioned immediately adjacent device is a network connection device; if not, go to step 506 ; if the above-mentioned adjacent device is a network connection device, go to step 507 .

步骤506,对上述紧邻设备的资产信息进行登记。Step 506, register the asset information of the above-mentioned adjacent equipment.

步骤507,判断上述网络连接设备是否为边界设备。如果是,则执行步骤508;如果上述网络连接设备不是边界设备,则返回执行步骤503。Step 507: Determine whether the above-mentioned network connection device is a boundary device. If yes, go to step 508 ; if the above-mentioned network connection device is not a boundary device, go back to go to step 503 .

步骤508,对上述紧邻设备的资产信息进行登记。Step 508, register the asset information of the above-mentioned adjacent equipment.

具体地,本实施例中,在对资产信息进行登记的过程中,如果待登记的资产信息中的网络接入端口与已登记的资产信息中的网络接入端口相同,则仅将上述待登记的资产信息中的IP地址登记在具有相同网络接入端口的资产信息中。Specifically, in this embodiment, in the process of registering asset information, if the network access port in the asset information to be registered is the same as the network access port in the registered asset information, only the above-mentioned to-be-registered asset information will be registered. The IP address in the asset information is registered in the asset information with the same network access port.

本实施例中,在进行资产信息登记时,需要判断待登记的资产信息中的网络接入端口是否与已登记的资产信息中的网络接入端口相同,如果是,则说明是同网卡多IP的情况,这时无需对上述待登记的资产信息进行登记,仅将上述待登记的资产信息中的IP地址登记在具有相同网络接入端口的资产信息中即可。从而可以在同一资产存在多IP的情况时,对资产信息进行有效整合,实现资产精准管理。In this embodiment, when registering asset information, it is necessary to determine whether the network access port in the asset information to be registered is the same as the network access port in the registered asset information. If so, it means that the same network card has multiple IP addresses. In this case, there is no need to register the above-mentioned asset information to be registered, and only the IP address in the above-mentioned asset information to be registered can be registered in the asset information with the same network access port. In this way, when there are multiple IPs in the same asset, the asset information can be effectively integrated to achieve accurate asset management.

图6为本申请内网资产的探测装置一个实施例的结构示意图,本实施例中的内网资产的探测装置可以作为资产探测设备实现本申请实施例提供的内网资产的探测方法。如图6所示,上述内网资产的探测装置可以包括:探测模块61、登记模块62、配置模块63和判断模块64;6 is a schematic structural diagram of an embodiment of an apparatus for detecting intranet assets of the present application. The apparatus for detecting intranet assets in this embodiment can be used as an asset detection device to implement the method for detecting intranet assets provided by this embodiment of the present application. As shown in FIG. 6 , the above-mentioned detection device for intranet assets may include: a detection module 61 , a registration module 62 , a configuration module 63 and a judgment module 64 ;

配置模块63,用于配置预先划定的授信网段对当前设备所对接的网络处于可达状态;本实施例中,配置模块63,具体用于登录当前设备,启用SNMP,通过SNMP配置上述授信网段对当前设备所对接的网络处于可达状态。The configuration module 63 is used to configure the pre-defined credit network segment to be in a reachable state to the network connected to the current device; in this embodiment, the configuration module 63 is specifically used to log in to the current device, enable SNMP, and configure the above-mentioned credit through SNMP The network segment is reachable to the network connected to the current device.

在具体实现时,登录当前设备,需要人工参与或将当前设备的账号信息提前录入系统实现自动登录。在登录当前设备之后,配置模块63可以启用SNMP及相关配置策略,配置授信网段对当前设备所对接的网络处于可达状态。In the specific implementation, to log in to the current device, manual participation is required or the account information of the current device is entered into the system in advance to achieve automatic login. After logging into the current device, the configuration module 63 can enable SNMP and related configuration policies, and configure the trusted network segment to be in a reachable state to the network connected to the current device.

探测模块61,用于对当前设备的紧邻设备进行探测,获取上述紧邻设备的资产信息;本实施例中,探测模块61,具体用于通过SNMP对上述当前设备的紧邻设备进行探测,获取上述紧邻设备的资产信息。The detection module 61 is used to detect the adjacent devices of the current device, and obtain the asset information of the above-mentioned adjacent devices; in this embodiment, the detection module 61 is specifically used to detect the adjacent devices of the above-mentioned current equipment through SNMP, and obtain the above-mentioned adjacent devices. Asset information for the device.

判断模块64,用于判断上述紧邻设备是否为网络连接设备;其中,网络连接设备可以包括交换机或路由器等用于进行网络连接的设备。The judging module 64 is used to judge whether the above-mentioned adjacent device is a network connection device; wherein, the network connection device may include a switch or a router and other devices used for network connection.

登记模块62,用于当判断模块64确定上述紧邻设备不是网络连接设备时,对上述紧邻设备的资产信息进行登记。The registration module 62 is configured to register the asset information of the above-mentioned adjacent device when the judgment module 64 determines that the above-mentioned adjacent device is not a network connection device.

进一步地,登记模块62,还用于当上述紧邻设备为网络连接设备中的边界设备时,对上述紧邻设备的资产信息进行登记。Further, the registration module 62 is further configured to register the asset information of the above-mentioned adjacent device when the above-mentioned adjacent device is a border device in the network connection device.

本实施例中,当上述紧邻设备为网络连接设备中的边界设备时,当前拓扑路径的资产信息探测终止,登记模块62对上述紧邻设备的资产信息进行登记。In this embodiment, when the above-mentioned adjacent device is a border device in the network connection device, the asset information detection of the current topology path is terminated, and the registration module 62 registers the asset information of the above-mentioned adjacent device.

本实施例中,登记模块62,具体用于在对资产信息进行登记的过程中,如果待登记的资产信息中的网络接入端口与已登记的资产信息中的网络接入端口相同,则仅将上述待登记的资产信息中的IP地址登记在具有相同网络接入端口的资产信息中。In this embodiment, the registration module 62 is specifically configured to, in the process of registering the asset information, if the network access port in the asset information to be registered is the same as the network access port in the registered asset information, only Register the IP address in the asset information to be registered in the asset information with the same network access port.

本实施例中,在进行资产信息登记时,登记模块62需要判断待登记的资产信息中的网络接入端口是否与已登记的资产信息中的网络接入端口相同,如果是,则说明是同网卡多IP的情况,这时登记模块62无需对上述待登记的资产信息进行登记,仅将上述待登记的资产信息中的IP地址登记在具有相同网络接入端口的资产信息中即可。In this embodiment, when registering asset information, the registration module 62 needs to determine whether the network access port in the asset information to be registered is the same as the network access port in the registered asset information. In the case of the network card with multiple IPs, the registration module 62 does not need to register the asset information to be registered, but only needs to register the IP address in the asset information to be registered in the asset information with the same network access port.

从图2中可以看出,设备ID为10000006的设备的资产信息为待登记的资产信息,上述待登记的资产信息中的网络接入端口与已登记的设备ID为10000005的资产信息中的网络接入端口相同,这时登记模块62无需登记设备ID为10000006的设备的资产信息,仅在设备ID为10000005的资产信息中的多IP字段添加设备ID为10000006的设备的IP地址即可,从而可以在同一资产存在多IP的情况时,对资产信息进行有效整合,实现资产精准管理。As can be seen from Figure 2, the asset information of the device whose device ID is 10000006 is the asset information to be registered, the network access port in the asset information to be registered and the network access port in the asset information whose device ID is 10000005 has been registered. The access ports are the same. At this time, the registration module 62 does not need to register the asset information of the device whose device ID is 10000006. It only needs to add the IP address of the device whose device ID is 10000006 in the multi-IP field of the asset information whose device ID is 10000005. When there are multiple IPs in the same asset, asset information can be effectively integrated to achieve accurate asset management.

上述内网资产的探测装置中,配置模块63配置预先划定的授信网段对当前设备所对接的网络处于可达状态,然后探测模块61对上述当前设备的紧邻设备进行探测,获取上述紧邻设备的资产信息,判断模块64判断上述紧邻设备是否为网络连接设备,当上述紧邻设备不是网络连接设备时,登记模块62对上述紧邻设备的资产信息进行登记,从而可以实现对企业内网中的所有存活资产进行探测,获取内网中的全量资产信息,提高企业资产管理的效果,降低IT资产安全管控的风险;并且可以在同一资产存在多IP的情况时,对资产信息进行有效整合,实现资产精准管理。In the detection device of the above-mentioned intranet assets, the configuration module 63 configures a pre-defined credit network segment to be in a reachable state to the network connected to the current device, and then the detection module 61 detects the adjacent device of the above-mentioned current device, and obtains the above-mentioned adjacent device. The asset information, the judgment module 64 judges whether the above-mentioned adjacent device is a network connection device, and when the above-mentioned adjacent device is not a network connection device, the registration module 62 registers the asset information of the above-mentioned adjacent device, so that all the information in the enterprise intranet can be registered. Detect surviving assets, obtain full asset information in the intranet, improve the effect of enterprise asset management, and reduce the risk of IT asset security management and control; and can effectively integrate asset information when there are multiple IPs in the same asset to realize asset management. Precise management.

图7为本申请内网资产的探测装置另一个实施例的结构示意图,与图6所示的内网资产的探测装置相比,不同之处在于,图7所示的内网资产的探测装置还可以包括:划定模块65;FIG. 7 is a schematic structural diagram of another embodiment of the device for detecting intranet assets in the application. Compared with the device for detecting intranet assets shown in FIG. 6 , the difference is that the device for detecting intranet assets shown in FIG. 7 is different. It can also include: a delineation module 65;

划定模块65,用于在配置模块63配置预先划定的授信网段对当前设备所对接的网络处于可达状态之前,在内网中划定授信网段。The demarcation module 65 is configured to demarcate the credited network segment in the intranet before the configuration module 63 configures the pre-defined credited network segment to be in a reachable state to the network to which the current device is connected.

本实施例中,划定模块65在内网中划定的授信网段可以作为安全地址段访问上述内网的所有IP地址段。In this embodiment, the trusted network segment demarcated by the delimiting module 65 in the intranet can be used as a secure address segment to access all IP address segments of the above intranet.

本实施例中,探测模块61,还用于探测上述内网中最先可达的网络连接设备,作为上述内网中资产发现的起点设备;In this embodiment, the detection module 61 is further configured to detect the first reachable network connection device in the above-mentioned intranet, as a starting point device for asset discovery in the above-mentioned intranet;

登记模块62,还用于对上述起点设备的资产信息进行登记。The registration module 62 is further configured to register the asset information of the above-mentioned starting point equipment.

具体地,探测模块61可以探测上述内网中最先可达的网络连接设备,作为上述内网中资产发现的起点设备,然后由登记模块62对上述起点设备的资产信息进行登记。Specifically, the detection module 61 can detect the first reachable network connection device in the above-mentioned intranet as a starting point device for asset discovery in the above-mentioned intranet, and then the registration module 62 registers the asset information of the above-mentioned starting point equipment.

其中,上述起点设备的资产信息可以包括资产指纹、网络接入端口、多IP信息和拓扑路径信息:The asset information of the above-mentioned starting device may include asset fingerprints, network access ports, multi-IP information and topology path information:

上述资产指纹可以包括操作系统及版本、设备ID、IP地址、网关、资产类型和/或在用端口等信息;The above asset fingerprints may include information such as operating system and version, device ID, IP address, gateway, asset type and/or port in use;

上述起点设备的网络接入端口为0;The network access port of the above starting device is 0;

上述起点设备的拓扑路径信息为上述起点设备自身;The topology path information of the above-mentioned origin device is the above-mentioned origin device itself;

上述起点设备的多IP信息,如果后续探测到的设备的网络接入端口与上述起点设备的网络接入端口相同,则将后续探测到的设备的IP地址添加到上述起点设备的资产信息的多IP字段中。The multi-IP information of the above-mentioned starting device, if the network access port of the subsequently detected device is the same as the network access port of the above-mentioned starting device, then the IP address of the subsequently detected device is added to the above-mentioned multiple of the asset information of the starting device. in the IP field.

本实施例中,起点设备的资产信息的一个示例可以如图4所示。In this embodiment, an example of the asset information of the origin device may be as shown in FIG. 4 .

这样,上述当前设备的资产信息可以包括:上述当前设备的资产指纹,当前设备与上一设备对接的网络接入端口,多IP信息以及起点设备到上述当前设备的拓扑路径信息。In this way, the asset information of the current device may include: the asset fingerprint of the current device, the network access port connecting the current device to the previous device, multi-IP information, and topology path information from the origin device to the current device.

同样,上述当前设备的资产指纹可以包括操作系统及版本、设备ID、IP地址、网关、资产类型和/或在用端口等信息;当前设备的资产信息的示例可以参见图2,在此不再赘述。Likewise, the asset fingerprint of the above-mentioned current device may include information such as operating system and version, device ID, IP address, gateway, asset type and/or port in use; an example of the asset information of the current device can be found in FIG. 2 , which is omitted here. Repeat.

图8为本申请电子设备一个实施例的结构示意图,如图8所示,上述电子设备可以包括至少一个处理器;以及与上述处理器通信连接的至少一个存储器,其中:存储器存储有可被处理器执行的程序指令,上述处理器调用上述程序指令能够执行本申请实施例提供的内网资产的探测方法。FIG. 8 is a schematic structural diagram of an embodiment of the electronic device of the present application. As shown in FIG. 8 , the electronic device may include at least one processor; and at least one memory communicatively connected to the processor, wherein: the memory stores data that can be processed A program instruction executed by the processor, and the processor invokes the program instruction to execute the method for detecting intranet assets provided by the embodiment of the present application.

其中,上述电子设备可以为资产探测设备,本实施例对上述电子设备的具体形态不作限定。The above electronic device may be an asset detection device, and the specific form of the above electronic device is not limited in this embodiment.

图8示出了适于用来实现本申请实施方式的示例性电子设备的框图。图8显示的电子设备仅仅是一个示例,不应对本申请实施例的功能和使用范围带来任何限制。Figure 8 shows a block diagram of an exemplary electronic device suitable for use in implementing embodiments of the present application. The electronic device shown in FIG. 8 is only an example, and should not impose any limitations on the functions and scope of use of the embodiments of the present application.

如图8所示,电子设备以通用计算设备的形式表现。电子设备的组件可以包括但不限于:一个或者多个处理器410,存储器430,连接不同系统组件(包括存储器430和处理单元410)的通信总线440。As shown in Figure 8, the electronic device takes the form of a general-purpose computing device. Components of an electronic device may include, but are not limited to, one or more processors 410 , memory 430 , and a communication bus 440 connecting various system components including memory 430 and processing unit 410 .

通信总线440表示几类总线结构中的一种或多种,包括存储器总线或者存储器控制器,外围总线,图形加速端口,处理器或者使用多种总线结构中的任意总线结构的局域总线。举例来说,这些体系结构包括但不限于工业标准体系结构(Industry StandardArchitecture;以下简称:ISA)总线,微通道体系结构(Micro Channel Architecture;以下简称:MAC)总线,增强型ISA总线、视频电子标准协会(Video Electronics StandardsAssociation;以下简称:VESA)局域总线以及外围组件互连(Peripheral ComponentInterconnection;以下简称:PCI)总线。Communication bus 440 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, a graphics acceleration port, a processor, or a local bus using any of a variety of bus structures. For example, these architectures include, but are not limited to, Industry Standard Architecture (hereinafter referred to as: ISA) bus, Micro Channel Architecture (hereinafter referred to as: MAC) bus, enhanced ISA bus, video electronic standard Association (Video Electronics Standards Association; hereinafter referred to as: VESA) local bus and Peripheral Component Interconnection (Peripheral Component Interconnection; hereinafter referred to as: PCI) bus.

电子设备典型地包括多种计算机系统可读介质。这些介质可以是任何能够被电子设备访问的可用介质,包括易失性和非易失性介质,可移动的和不可移动的介质。Electronic devices typically include various computer system readable media. These media can be any available media that can be accessed by the electronic device, including both volatile and nonvolatile media, removable and non-removable media.

存储器430可以包括易失性存储器形式的计算机系统可读介质,例如随机存取存储器(Random Access Memory;以下简称:RAM)和/或高速缓存存储器。电子设备可以进一步包括其它可移动/不可移动的、易失性/非易失性计算机系统存储介质。尽管图8中未示出,可以提供用于对可移动非易失性磁盘(例如“软盘”)读写的磁盘驱动器,以及对可移动非易失性光盘(例如:光盘只读存储器(Compact Disc Read Only Memory;以下简称:CD-ROM)、数字多功能只读光盘(Digital Video Disc Read Only Memory;以下简称:DVD-ROM)或者其它光介质)读写的光盘驱动器。在这些情况下,每个驱动器可以通过一个或者多个数据介质接口与通信总线440相连。存储器430可以包括至少一个程序产品,该程序产品具有一组(例如至少一个)程序模块,这些程序模块被配置以执行本申请各实施例的功能。The memory 430 may include a computer system readable medium in the form of volatile memory, such as random access memory (Random Access Memory; hereinafter referred to as: RAM) and/or cache memory. The electronic device may further include other removable/non-removable, volatile/non-volatile computer system storage media. Although not shown in FIG. 8, disk drives for reading and writing to removable non-volatile magnetic disks (eg, "floppy disks") and removable non-volatile optical disks (eg, compact disk read only memory) may be provided. Disc Read Only Memory; hereinafter referred to as: CD-ROM), Digital Video Disc Read Only Memory (hereinafter referred to as: DVD-ROM) or other optical media) read and write optical disc drives. In these cases, each drive may be connected to communication bus 440 through one or more data media interfaces. Memory 430 may include at least one program product having a set (eg, at least one) of program modules configured to perform the functions of various embodiments of the present application.

具有一组(至少一个)程序模块的程序/实用工具,可以存储在存储器430中,这样的程序模块包括——但不限于——操作系统、一个或者多个应用程序、其它程序模块以及程序数据,这些示例中的每一个或某种组合中可能包括网络环境的实现。程序模块通常执行本申请所描述的实施例中的功能和/或方法。A program/utility having a set (at least one) of program modules that may be stored in memory 430, such program modules including, but not limited to, an operating system, one or more application programs, other program modules, and program data , each or some combination of these examples may include an implementation of a network environment. Program modules generally perform the functions and/or methods of the embodiments described herein.

电子设备也可以与一个或多个外部设备(例如键盘、指向设备、显示器等)通信,还可与一个或者多个使得用户能与该电子设备交互的设备通信,和/或与使得该电子设备能与一个或多个其它计算设备进行通信的任何设备(例如网卡,调制解调器等等)通信。这种通信可以通过通信接口420进行。并且,电子设备还可以通过网络适配器(图8中未示出)与一个或者多个网络(例如局域网(Local Area Network;以下简称:LAN),广域网(Wide AreaNetwork;以下简称:WAN)和/或公共网络,例如因特网)通信,上述网络适配器可以通过通信总线440与电子设备的其它模块通信。应当明白,尽管图8中未示出,可以结合电子设备使用其它硬件和/或软件模块,包括但不限于:微代码、设备驱动器、冗余处理单元、外部磁盘驱动阵列、磁盘阵列(Redundant Arrays of Independent Drives;以下简称:RAID)系统、磁带驱动器以及数据备份存储系统等。The electronic device may also communicate with one or more external devices (eg, keyboards, pointing devices, displays, etc.), may also communicate with one or more devices that enable a user to interact with the electronic device, and/or communicate with the electronic device Any device (eg, network card, modem, etc.) capable of communicating with one or more other computing devices. Such communication may take place through communication interface 420 . In addition, the electronic device can also communicate with one or more networks (eg, Local Area Network (hereinafter referred to as: LAN), Wide Area Network (hereinafter referred to as: WAN) and/or through a network adapter (not shown in FIG. 8 ) A public network, such as the Internet, the aforementioned network adapter can communicate with other modules of the electronic device through the communication bus 440 . It should be understood that, although not shown in Figure 8, other hardware and/or software modules may be used in conjunction with the electronic device, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, Redundant Arrays of Independent Drives; hereinafter referred to as: RAID) systems, tape drives and data backup storage systems.

处理器410通过运行存储在存储器430中的程序,从而执行各种功能应用以及数据处理,例如实现本申请实施例提供的内网资产的探测方法。The processor 410 executes various functional applications and data processing by running the programs stored in the memory 430, for example, implementing the method for detecting intranet assets provided by the embodiments of the present application.

本申请实施例还提供一种非临时性计算机可读存储介质,上述非暂态计算机可读存储介质存储计算机指令,上述计算机指令使上述计算机执行本申请实施例提供的内网资产的探测方法。Embodiments of the present application further provide a non-transitory computer-readable storage medium, where the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions cause the computer to execute the method for detecting intranet assets provided by the embodiments of the present application.

上述非临时性计算机可读存储介质可以采用一个或多个计算机可读的介质的任意组合。计算机可读介质可以是计算机可读信号介质或者计算机可读存储介质。计算机可读存储介质例如可以是——但不限于——电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。计算机可读存储介质的更具体的例子(非穷举的列表)包括:具有一个或多个导线的电连接、便携式计算机磁盘、硬盘、随机存取存储器(RAM)、只读存储器(Read Only Memory;以下简称:ROM)、可擦式可编程只读存储器(ErasableProgrammable Read Only Memory;以下简称:EPROM)或闪存、光纤、便携式紧凑磁盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。在本文件中,计算机可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。The aforementioned non-transitory computer-readable storage media may employ any combination of one or more computer-readable media. The computer-readable medium may be a computer-readable signal medium or a computer-readable storage medium. The computer-readable storage medium can be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus or device, or a combination of any of the above. More specific examples (non-exhaustive list) of computer readable storage media include: electrical connections with one or more wires, portable computer disks, hard disks, random access memory (RAM), read only memory (Read Only Memory) ; hereinafter referred to as: ROM), erasable programmable read only memory (Erasable Programmable Read Only Memory; hereinafter referred to as: EPROM) or flash memory, optical fiber, portable compact disk read only memory (CD-ROM), optical storage devices, magnetic storage devices , or any suitable combination of the above. In this document, a computer-readable storage medium can be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device.

计算机可读的信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了计算机可读的程序代码。这种传播的数据信号可以采用多种形式,包括——但不限于——电磁信号、光信号或上述的任意合适的组合。计算机可读的信号介质还可以是计算机可读存储介质以外的任何计算机可读介质,该计算机可读介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。A computer-readable signal medium may include a propagated data signal in baseband or as part of a carrier wave, with computer-readable program code embodied thereon. Such propagated data signals may take a variety of forms including, but not limited to, electromagnetic signals, optical signals, or any suitable combination of the foregoing. A computer-readable signal medium can also be any computer-readable medium other than a computer-readable storage medium that can transmit, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device .

计算机可读介质上包含的程序代码可以用任何适当的介质传输,包括——但不限于——无线、电线、光缆、RF等等,或者上述的任意合适的组合。Program code embodied on a computer readable medium may be transmitted using any suitable medium including, but not limited to, wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

可以以一种或多种程序设计语言或其组合来编写用于执行本申请操作的计算机程序代码,所述程序设计语言包括面向对象的程序设计语言—诸如Java、Smalltalk、C++,还包括常规的过程式程序设计语言—诸如“C”语言或类似的程序设计语言。程序代码可以完全地在用户计算机上执行、部分地在用户计算机上执行、作为一个独立的软件包执行、部分在用户计算机上部分在远程计算机上执行、或者完全在远程计算机或服务器上执行。在涉及远程计算机的情形中,远程计算机可以通过任意种类的网络——包括局域网(LocalArea Network;以下简称:LAN)或广域网(Wide Area Network;以下简称:WAN)连接到用户计算机,或者,可以连接到外部计算机(例如利用因特网服务提供商来通过因特网连接)。Computer program code for performing the operations of the present application may be written in one or more programming languages, including object-oriented programming languages—such as Java, Smalltalk, C++, but also conventional Procedural programming language - such as the "C" language or similar programming language. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer, or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (hereinafter referred to as: LAN) or a Wide Area Network (hereinafter referred to as: WAN), or may be connected to an external computer (eg using an internet service provider to connect via the internet).

在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本申请的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实施例或示例以及不同实施例或示例的特征进行结合和组合。In the description of this specification, description with reference to the terms "one embodiment," "some embodiments," "example," "specific example," or "some examples", etc., mean specific features described in connection with the embodiment or example , structure, material or feature is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, those skilled in the art may combine and combine the different embodiments or examples described in this specification, as well as the features of the different embodiments or examples, without conflicting each other.

此外,术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。在本申请的描述中,“多个”的含义是至少两个,例如两个,三个等,除非另有明确具体的限定。In addition, the terms "first" and "second" are only used for descriptive purposes, and should not be construed as indicating or implying relative importance or implying the number of indicated technical features. Thus, a feature delimited with "first", "second" may expressly or implicitly include at least one of that feature. In the description of the present application, "plurality" means at least two, such as two, three, etc., unless expressly and specifically defined otherwise.

流程图中或在此以其他方式描述的任何过程或方法描述可以被理解为,表示包括一个或更多个用于实现定制逻辑功能或过程的步骤的可执行指令的代码的模块、片段或部分,并且本申请的优选实施方式的范围包括另外的实现,其中可以不按所示出或讨论的顺序,包括根据所涉及的功能按基本同时的方式或按相反的顺序,来执行功能,这应被本申请的实施例所属技术领域的技术人员所理解。Any process or method description in the flowcharts or otherwise described herein may be understood to represent a module, segment or portion of code comprising one or more executable instructions for implementing custom logical functions or steps of the process , and the scope of the preferred embodiments of the present application includes alternative implementations in which the functions may be performed out of the order shown or discussed, including performing the functions substantially concurrently or in the reverse order depending upon the functions involved, which should It is understood by those skilled in the art to which the embodiments of the present application belong.

取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”或“响应于检测”。类似地,取决于语境,短语“如果确定”或“如果检测(陈述的条件或事件)”可以被解释成为“当确定时”或“响应于确定”或“当检测(陈述的条件或事件)时”或“响应于检测(陈述的条件或事件)”。Depending on the context, the word "if" as used herein can be interpreted as "at" or "when" or "in response to determining" or "in response to detecting." Similarly, the phrases "if determined" or "if detected (the stated condition or event)" can be interpreted as "when determined" or "in response to determining" or "when detected (the stated condition or event)," depending on the context )" or "in response to detection (a stated condition or event)".

需要说明的是,本申请实施例中所涉及的终端可以包括但不限于个人计算机(PersonalComputer;以下简称:PC)、个人数字助理(PersonalDigital Assistant;以下简称:PDA)、无线手持设备、平板电脑(Tablet Computer)、手机、MP3播放器、MP4播放器等。It should be noted that the terminals involved in the embodiments of the present application may include but are not limited to personal computers (Personal Computer; hereinafter referred to as: PC), personal digital assistants (Personal Digital Assistant; hereinafter referred to as: PDA), wireless handheld devices, tablet computers ( Tablet Computer), mobile phones, MP3 players, MP4 players, etc.

在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如,多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined. Either it can be integrated into another system, or some features can be omitted, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.

另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit. The above-mentioned integrated unit may be implemented in the form of hardware, or may be implemented in the form of hardware plus software functional units.

上述以软件功能单元的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。上述软件功能单元存储在一个存储介质中,包括若干指令用以使得一台计算机装置(可以是个人计算机,服务器,或者网络装置等)或处理器(Processor)执行本申请各个实施例所述方法的部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory;以下简称:ROM)、随机存取存储器(Random Access Memory;以下简称:RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The above-mentioned integrated units implemented in the form of software functional units can be stored in a computer-readable storage medium. The above-mentioned software functional unit is stored in a storage medium, and includes several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (Processor) to execute the methods described in the various embodiments of the present application. some steps. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (Read-Only Memory; hereinafter referred to as: ROM), Random Access Memory (Random Access Memory; hereinafter referred to as: RAM), magnetic disk or optical disk and other various A medium on which program code can be stored.

以上所述仅为本申请的较佳实施例而已,并不用以限制本申请,凡在本申请的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本申请保护的范围之内。The above descriptions are only preferred embodiments of the present application, and are not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present application shall be included in the present application. within the scope of protection.

Claims (10)

1.一种内网资产的探测方法,其特征在于,包括:1. A detection method for intranet assets, comprising: 配置预先划定的授信网段对当前设备所对接的网络处于可达状态;Configure the pre-defined trusted network segment to be reachable to the network connected to the current device; 对所述当前设备的紧邻设备进行探测,获取所述紧邻设备的资产信息;Detecting the adjacent equipment of the current equipment, and obtaining the asset information of the adjacent equipment; 判断所述紧邻设备是否为网络连接设备;Determine whether the adjacent device is a network connection device; 当所述紧邻设备不是网络连接设备时,对所述紧邻设备的资产信息进行登记。When the immediately adjacent device is not a network-connected device, the asset information of the immediately adjacent device is registered. 2.根据权利要求1所述的方法,其特征在于,所述判断所述紧邻设备是否为网络连接设备之后,还包括:2. The method according to claim 1, wherein after judging whether the immediately adjacent device is a network connection device, the method further comprises: 当所述紧邻设备为网络连接设备,并且所述紧邻设备为网络连接设备中的边界设备时,对所述紧邻设备的资产信息进行登记。When the immediately adjacent device is a network connection device, and the immediately adjacent device is a border device in the network connection device, the asset information of the immediately adjacent device is registered. 3.根据权利要求1或2所述的方法,其特征在于,还包括:3. The method according to claim 1 or 2, characterized in that, further comprising: 在对资产信息进行登记的过程中,如果待登记的资产信息中的网络接入端口与已登记的资产信息中的网络接入端口相同,则仅将所述待登记的资产信息中的因特网协议IP地址登记在具有相同网络接入端口的资产信息中。During the process of registering the asset information, if the network access port in the asset information to be registered is the same as the network access port in the registered asset information, only the Internet Protocol in the asset information to be registered will be registered. The IP address is registered in the asset information with the same network access port. 4.根据权利要求1所述的方法,其特征在于,所述配置预先划定的授信网段对当前设备所对接的网络处于可达状态包括:4. The method according to claim 1, wherein the configuring the pre-defined trusted network segment to be in a reachable state to the network docked by the current device comprises: 登录所述当前设备,启用简单网络管理协议,通过所述简单网络管理协议配置所述授信网段对所述当前设备所对接的网络处于可达状态。Log in to the current device, enable the Simple Network Management Protocol, and configure the trusted network segment to be in a reachable state to the network connected to the current device through the Simple Network Management Protocol. 5.根据权利要求1或4所述的方法,其特征在于,所述对所述当前设备的紧邻设备进行探测,获取所述紧邻设备的资产信息包括:5. The method according to claim 1 or 4, characterized in that, the detection of the device adjacent to the current device, and the acquisition of asset information of the device adjacent to the current device comprises: 通过简单网络管理协议对所述当前设备的紧邻设备进行探测,获取所述紧邻设备的资产信息。Probe the device adjacent to the current device through the Simple Network Management Protocol to acquire asset information of the device adjacent to the current device. 6.根据权利要求1所述的方法,其特征在于,所述配置预先划定的授信网段对当前设备所对接的网络处于可达状态之前,还包括:6 . The method according to claim 1 , wherein the configuring the pre-defined credit network segment before the network connected to the current device is in a reachable state, further comprising: 6 . 在内网中划定授信网段;Delineate credit network segments in the intranet; 探测所述内网中最先可达的网络连接设备,作为所述内网中资产发现的起点设备,对所述起点设备的资产信息进行登记。The first reachable network connection device in the intranet is detected, and the asset information of the origin device is registered as the origin device for asset discovery in the intranet. 7.根据权利要求6所述的方法,其特征在于,所述当前设备的资产信息包括:所述当前设备的资产指纹,所述当前设备与上一设备对接的网络接入端口,多IP信息以及所述起点设备到所述当前设备的拓扑路径信息。7 . The method according to claim 6 , wherein the asset information of the current device comprises: the asset fingerprint of the current device, the network access port that the current device is docked with the previous device, the multi-IP information and topology path information from the origin device to the current device. 8.一种内网资产的探测装置,其特征在于,包括:8. An apparatus for detecting intranet assets, comprising: 配置模块,用于配置预先划定的授信网段对当前设备所对接的网络处于可达状态;The configuration module is used to configure the pre-defined credit network segment to be in a reachable state to the network connected to the current device; 探测模块,用于对所述当前设备的紧邻设备进行探测,获取所述紧邻设备的资产信息;A detection module, used to detect the equipment adjacent to the current equipment, and obtain asset information of the equipment adjacent to the current equipment; 判断模块,用于判断所述紧邻设备是否为网络连接设备;A judging module for judging whether the adjacent device is a network connection device; 登记模块,用于当所述判断模块确定所述紧邻设备不是网络连接设备时,对所述紧邻设备的资产信息进行登记。A registration module, configured to register the asset information of the immediately adjacent device when the judgment module determines that the adjacent device is not a network connection device. 9.一种电子设备,其特征在于,包括:9. An electronic device, characterized in that, comprising: 至少一个处理器;以及at least one processor; and 与所述处理器通信连接的至少一个存储器,其中:at least one memory communicatively coupled to the processor, wherein: 所述存储器存储有可被所述处理器执行的程序指令,所述处理器调用所述程序指令能够执行如权利要求1至7任一所述的方法。The memory stores program instructions executable by the processor, and the processor invokes the program instructions to be able to perform the method as claimed in any one of claims 1 to 7 . 10.一种非暂态计算机可读存储介质,其特征在于,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令使所述计算机执行如权利要求1至7任一所述的方法。10 . A non-transitory computer-readable storage medium, wherein the non-transitory computer-readable storage medium stores computer instructions, the computer instructions cause the computer to execute any one of claims 1 to 7 . Methods.
CN201910279567.XA 2019-04-09 2019-04-09 Intranet asset detection method, device and electronic device Pending CN111800286A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910279567.XA CN111800286A (en) 2019-04-09 2019-04-09 Intranet asset detection method, device and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910279567.XA CN111800286A (en) 2019-04-09 2019-04-09 Intranet asset detection method, device and electronic device

Publications (1)

Publication Number Publication Date
CN111800286A true CN111800286A (en) 2020-10-20

Family

ID=72805712

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910279567.XA Pending CN111800286A (en) 2019-04-09 2019-04-09 Intranet asset detection method, device and electronic device

Country Status (1)

Country Link
CN (1) CN111800286A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115086013A (en) * 2022-06-13 2022-09-20 北京奇艺世纪科技有限公司 Risk identification method, risk identification device, electronic equipment, storage medium and computer program product
CN116647370A (en) * 2023-05-04 2023-08-25 奇安信网神信息技术(北京)股份有限公司 Intranet asset identification method, device, electronic equipment and storage medium
CN116719868A (en) * 2023-05-30 2023-09-08 上海观安信息技术股份有限公司 Methods, devices and equipment for identifying network assets

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101136767A (en) * 2006-09-01 2008-03-05 华为技术有限公司 Asset security management method, system and network element equipment of a telecommunication network
CN107579876A (en) * 2017-09-15 2018-01-12 中国移动通信集团广东有限公司 A method and device for automatic detection and analysis of asset increment
CN109544349A (en) * 2018-11-29 2019-03-29 广东电网有限责任公司 One kind being based on networked asset information collecting method, device, equipment and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101136767A (en) * 2006-09-01 2008-03-05 华为技术有限公司 Asset security management method, system and network element equipment of a telecommunication network
CN107579876A (en) * 2017-09-15 2018-01-12 中国移动通信集团广东有限公司 A method and device for automatic detection and analysis of asset increment
CN109544349A (en) * 2018-11-29 2019-03-29 广东电网有限责任公司 One kind being based on networked asset information collecting method, device, equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115086013A (en) * 2022-06-13 2022-09-20 北京奇艺世纪科技有限公司 Risk identification method, risk identification device, electronic equipment, storage medium and computer program product
CN116647370A (en) * 2023-05-04 2023-08-25 奇安信网神信息技术(北京)股份有限公司 Intranet asset identification method, device, electronic equipment and storage medium
CN116719868A (en) * 2023-05-30 2023-09-08 上海观安信息技术股份有限公司 Methods, devices and equipment for identifying network assets

Similar Documents

Publication Publication Date Title
US10887307B1 (en) Systems and methods for identifying users
CN108768730B (en) Method and device for operating intelligent network card
CN103902427B (en) A kind of method with outer acquisition disk state
US9891678B2 (en) Systems and methods for remotely resetting management controller via power over ethernet switch
WO2015032318A1 (en) Exceptional account determination method and device
US8566416B2 (en) Method and system for accessing storage device
CN105593866B (en) Terminal authentication and register system, terminal authentication and register method and storage medium
US20180367319A1 (en) Secure power over ethernet power distribution system
CN111800286A (en) Intranet asset detection method, device and electronic device
CN104618187A (en) A Method of On-line Testing Functional Integrity of NCSI Network Card
US9146763B1 (en) Measuring virtual machine metrics
US20140013105A1 (en) Managing security certificates of storage devices
US9213618B2 (en) Storage management systems and methods in hierarchical storage systems
CN110569266A (en) A method, device, device and storage medium for data query
CN110826036A (en) Identification method, device and electronic device for user operation behavior security
US11775465B2 (en) Intra-chassis device multi-management domain system
US8010617B2 (en) Securing serial console redirection via serial-over-LAN (SOL)
US10762029B2 (en) Electronic apparatus and detection method using the same
CN112017330B (en) Intelligent lock parameter configuration method, device, intelligent lock and storage medium
US20080294800A1 (en) Communicating graphics data via an out of band channel
US8738816B2 (en) Management of detected devices coupled to a host machine
CN111585975A (en) Security vulnerability detection method, device and system, and switch
US11003562B2 (en) Computer-implemented method, computer program product and computing system
CN108809754A (en) A kind of TF Card measuring signal integrality system and methods under BMC
CN114422236A (en) An access method, device and electronic device for a smart device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201020

RJ01 Rejection of invention patent application after publication