摘要
在网络实战攻防演练中,发现高职高专院校普遍存在互联网上暴露过多的资产和服务(端口)、高危漏洞未修复等问题。信息收集是攻防演练和渗透测试最重要环节之一,攻击者利用信息收集探测防守者的薄弱点进而实施攻击,因此,防守者须对攻击者视角下的信息收集方法进行研究,利用该方法梳理本单位的网络资产和探测网络资产的暴露点,掌握本单位网络安全的薄弱点,完善防御措施、收紧暴露面、降低被攻击风险,进而提升网络安全整体防护能力。
In the actual network attack and defense drill,we find that there are many problems in higher vocational colleges and universities intranet,such as too many assets and service(ports)exposed on the Internet with high-risk vulnerabilities.Information collection is one of the most important parts of attack-defense drill and penetration test.The attackers may use the information collected to detect the weak points of the defenders and then attacks.Therefore,the defenders must study the information collection method from the perspective of the attackers,and use this method to sort out the network assets of the unit and detect the exposure points of the network assets,so as to fully understand the weak points of the unit’s network security,improve defense measures,tighten the exposure surface,reduce risks and then improve the overall protection ability of network security.
作者
安晓瑞
An Xiaorui(School of Mathematics and Information Sciences,Longnan Teachers College,ChengXian 742500,GanSu)
出处
《武汉工程职业技术学院学报》
2023年第2期39-45,共7页
Journal of Wuhan Engineering Institute
基金
2021年甘肃省教育厅高等学校创新基金项目“私有云环境下数据安全保护方法研究与应用”(项目编号:2021B-374)。
关键词
网络安全
攻防演练
信息收集
网络风险
资产管理
network security
attack-defense drill
information collection
network risk
