摘要
网络安全漏洞扫描应充分考虑执行效率和功能独立扩展问题。从网络攻击的角度提出一个系统安全漏洞的分类,阐述了一个实用的基于这些漏洞分类以及插件技术的网络安全漏洞扫描系统的设计。该系统采用C/S模型结构,服务器端的扫描程序以独立的插件形式执行,可方便地添加或删除,而客户端漏洞的扫描功能设置则基于漏洞的分类。系统采用证书认证机制来保障C/S交互的安全性。
The network security vulnerability scanning should focus sufficiently on running efficiency and independent functionality expansibility. A classification of system security vulnerability is presented based on network attack at first, and then a designing of security vulnerability scanning system is described based on the vulnerability classification and plug-in technology. This system uses the C/S structure, a scanning procedure is running at the server independently as a plug-in and the number of plug-in can be increased or reduced conveniently, and the scanning functionality option at the client depends on the vulnerability classification. The C/S communication security is supported by the certificate authentication mechanism.
出处
《计算机工程与设计》
CSCD
2004年第2期194-196,共3页
Computer Engineering and Design
基金
浙江省自然科学基金资助项目(601070)
浙江省科技厅重点项目基金资助项目(021101139)
