Network Security Equipment Management Protocol Based on Web Service

Information systems are facing increasingly complex network security threats, and a security management system is required for unified operation and maintenance management of security equipment. Safe operation and maintenance management requires efficient, cross-platform, and safe data exchange. In response to the requirements of safe operation and maintenance management, a set of safety equipment management protocols are designed. The protocol is designed from the perspectives of technical system, data classification, message definition, and transmission security to meet the requirements of information interaction between the safety management system and safety equipment. nessecery.

With the continuous advancement of information technology, the network security threats faced by information systems have become more and more complex. Network security devices such as firewall, intrusion detection, vulnerability scanning, and anti-virus cooperate to form a protective barrier against network security risks. In order to carry out unified management of different safety equipment, safety management system came into being. The safety management system provides users with a unified collection and presentation platform for safety equipment data, and an effective defense method is constructed through the unified dispatch of different equipment. This paper analyzes the needs of safe operation and maintenance management, discusses the key technologies in the equipment management protocol, and proposes a data exchange format model.

01 Safety management requirements

The industry generally believes that network security consists of three parts: technology, management, and operation and maintenance, and its long-term effectiveness mainly depends on the level of security operation and maintenance management[1]. The quality of security operation and maintenance management has an important impact on the overall effectiveness of the network security system.

1.1 Management operation and maintenance requirements

In the network security system, different security devices perform their duties and cooperate to achieve security protection. The safety management system plays a role of coordination and dispatch through efficient management, operation and maintenance. Management operation and maintenance requirements mainly include unified monitoring of equipment status, timely presentation of security risks, efficient treatment of security threats, and rapid adjustment of security policies.

1.2 Data exchange requirements

In the process of security operation and maintenance, there is a large amount of data exchange requirements between the security management system and the security equipment. Different security devices have different forms and different technical systems, forming a heterogeneous data environment. The safety management system conducts unified operation and maintenance management of various safety equipment, and a cross-platform universal transmission protocol must be designed to reduce the coupling between systems and realize the interconnection of safety protection data, so as to provide better support for operation and maintenance personnel to make decisions . In order to ensure the independence and scalability of the management protocol platform, it is necessary to define a general security information description mechanism and data format.

1.3 Security requirements

In the process of security operation and maintenance management, in order to prevent external attackers from obtaining sensitive information, the transmission protocol used must be protected by encryption and other means.

02 key technology

2.1 XML

Extensible Markup Language (eXtensible Markup Language, XML) is a markup language used to mark Electronic documents to make them structured. It follows the grammatical requirements of the W3C specification, separates form and content, has good self-description, is easy to expand, and has a rich third-party development library, which is very suitable for information transmission between systems of different architectures. As the application of XML becomes more and more extensive, XML has become the de facto data exchange standard by virtue of its advantages in many application scenarios.

2.2 Web Service

Web Service is a cross-programming language, cross-operating system platform remote call technology. The typical characteristics of Web Service technology are platform independence and openness. Heterogeneous applications running on different systems can exchange data or achieve integration without special third-party software and hardware. As long as different applications follow the Web Service specification, no matter what language, platform or internal protocol they use, they can exchange data.

2.3 SOAP

Simple Object Access Protocol (SOAP) is an XML-based lightweight data exchange protocol specification that can exchange structured data between different information systems and is a mainstream implementation form of Web Service.

SOAP defines a framework based on the HTTP protocol that describes what the content of the message is, who sent it, who should receive and process it, and how to process it. It realizes the standardization of data format by defining a SOAP envelope (envelop), and encapsulates XML data in an envelope for information interaction, so that heterogeneous systems can interoperate.

2.4 IDEA

International Data Encryption Algorithm (International Data Encryption Algorithm, IDEA) is a symmetric encryption algorithm designed by Chinese scholar Lai Xuejia and cryptographic expert Massey[3]. Its principle is mixed operations from different algebraic groups. The encryption process consists of 8 iterations and 1 output transformation. The key length is 128 bits, which does not require high computing resources and can realize high-speed encryption and decryption on different platforms.

The workflow of IDEA is shown in Figure 1. The same key K is used for encryption and decryption. The sender encrypts the plaintext P with the key K to obtain the ciphertext C, and then transmits the ciphertext C to the receiver through the network. The receiver uses the same key K to perform the inverse operation, and obtains the plaintext P after decryption, so as to realize the security protection during information transmission.

Figure 1 IDEA encryption and decryption process

Compared with other traditional encryption algorithms, IDEA has obvious advantages in terms of confusion, diffusion, security, and encryption and decryption efficiency. It has been widely used in various information exchange scenarios that require encryption.

03 Management agreement design

3.1 Service establishment

The security management system and the security equipment respectively publish Web Services Description Language (WSDL) to provide SOAP-based Web Services to the outside world. Based on the WSDL, the two parties implement the client of the Web Service published by the other party, and realize the uplink/downlink transmission of information through mutual access.

3.2 Data definition

As the carrier of safety management information, information data message is the core of information interaction between safety management system and safety equipment. The data exchange format is the coding specification for information exchange between systems, and is the basis for ensuring the interconnection and intercommunication of the systems in the security protection system.

For the versatility and scalability of information data messages, in the security management protocol, all data messages are described in XML format. XML has high scalability. Using XML to describe the security information can not only meet the basic management requirements, but also facilitate the expansion according to the needs, so as to realize the high efficiency and universality of the management protocol, and at the same time can meet the requirements of flexibility and easy expansion.

As shown in Table 1, according to the different functions of the messages, the data messages between the safety management system and the safety equipment are divided into the following categories.

Table 1 Data message classification

In view of the different message types, the safety management system and the safety equipment call different interface methods during information transmission to realize the classification and processing of data. Through message classification, it is convenient for the rapid adaptation of the safety equipment, and at the same time, it is convenient for subsequent expansion.

When designing a management protocol, it is necessary to fully consider the similarities and differences of different security devices. At the same time, the protocol design needs to be scalable to make room for the addition of new security devices in the future. Data messages are divided into general data formats that all devices should follow (such as device operating status views) and special data formats for certain types of devices (such as firewall network access control policies). All data messages are described in a semantic manner, which is easy to understand and easy to process.

XML Schema Definition (XSD) is a specification that defines the structure of XML files, and can check whether a given XML file conforms to the definition of XSD. The security management protocol restricts the format of all data message definitions through XSD to achieve a standardized description of information, and at the same time facilitate the receiver to verify the legality of the information, and prevent illegal messages with incorrect format from affecting system performance.

3.3 Interactive process

The interactive process of the device management protocol is shown in Figure 2. Through service detection and configuration information release, the safety management system establishes a management relationship with the safety equipment.

Figure 2 Protocol interaction process

① The security management system accesses the Web Service address published by the security device to confirm that the service is normal;

② The safety management system sends a parameter configuration message to the safety equipment, telling the safety equipment and the safety management system the necessary information required for information interaction; after receiving the message, the safety equipment stores the relevant information persistently according to the content in the message, and sends it to The safety management system responds with a successful reception;

③After completing step ②, the device regularly reports data to the safety management system according to the various data reporting modes and time intervals defined in the parameter configuration message; when the parameter configuration and safety strategy change, the safety management system actively downloads to the safety device The security device performs analysis and execution according to the message.

3.4 Transmission encryption

In order to ensure the security of management data during information exchange, the security management protocol requires both parties in communication to encrypt data messages through the IDEA algorithm before sending data, and use the encrypted ciphertext for information exchange.

The security management system will assign a unique encryption and decryption key to each device. Even if the key of a single device is leaked, the attacker cannot decrypt the communication messages of other devices without knowing the keys of other devices.

3.5 Example of Interface Message

The security management system and security devices deploy security management Web Service communication services respectively, and realize functions such as security device view, strategy, event, log reporting and parameter and policy issuance through mutual access. A typical Web Service interface is described as follows:

int reportInfo (String devID, String dataType, String xml)

This interface is issued by the safety management system for the safety equipment to call, and it mainly contains 3 parameters. The first parameter is the unique identification of the safety device. The security management system distinguishes data from different devices through this parameter, and uses this as a basis to generate keys for IDEA encryption and decryption. The second parameter is the encrypted data message identifier, which is used to distinguish the specific type of the reported data, for the receiver to determine which method should be used to perform targeted processing on the data. The third parameter is the encrypted message data, which contains the real data of the security management service. The return value of the interface is int data. According to different return values, it can be judged whether the interface call is successful or the specific error type.

The following is a concrete realization of a “communication parameter configuration” message, taking this as an example to illustrate the structure and meaning of the data format.

The message is encapsulated in XML format: the first line indicates that the data message is encoded by UTF-8 encoding; the second line indicates that the type of this message is a configuration message, and the receiver needs to parse it according to the analysis method of the configuration message; The third line indicates that the specific type of this message belongs to the communication parameter configuration, which is mainly used to restrict the communication between the security management system and the security device; the fourth line indicates that the IP address of the security management system is 192.168.11.250; the fifth line indicates the security management The open port of the system is 8080; the sixth line indicates that the security management system assigns a unique device ID to the security device. In subsequent communications, the security device needs to use this device ID as its own identification information. After receiving the message, the security device analyzes it, and then knows the IP address, port, and identity of the security management system. The identity can be subsequently used to communicate with the security management system.

3.6 Effectiveness analysis

Through the above analysis of each field of the message, it can be seen that the management protocol message is based on the application layer, and in a semantic manner, different content is expressed by defining different field names and meanings of the fields. Therefore, different data formats can be defined according to the characteristics of different security devices to realize the upload and delivery of security management information, and there is no system platform adaptation or conversion problem.

The network security equipment management protocol designed in this paper has been applied in a large-scale security protection system for the information interaction between the security management system and the security equipment. The safety protection system is widely deployed at various points in the country and has been operating stably for many years. It has been verified that it can support the communication needs between the security management system and security equipment, and guarantee the unified security management of the entire cyberspace by operation and maintenance personnel.

04 Conclusion

The core of security operation and maintenance management is the interaction of security data. Based on the current status and requirements of security operation and maintenance management, this paper proposes a network security equipment management protocol, analyzes the key technologies involved, designs a data exchange format model, and can solve the problem of data interaction between the security management system and network security equipment. Subsequent work mainly includes data compression optimization design, improvement of coding efficiency and transmission performance, etc.

Information systems are facing increasingly complex network security threats, and a security management system is required for unified operation and maintenance management of security equipment. Safe operation and maintenance management requires efficient, cross-platform, and safe data exchange. In response to the requirements of safe operation and maintenance management, a set of safety equipment management protocols are designed. The protocol is designed from the perspectives of technical system, data classification, message definition, and transmission security to meet the requirements of information interaction between the safety management system and safety equipment. nessecery.

With the continuous advancement of information technology, the network security threats faced by information systems have become more and more complex. Network security devices such as firewall, intrusion detection, vulnerability scanning, and anti-virus cooperate to form a protective barrier against network security risks. In order to carry out unified management of different safety equipment, safety management system came into being. The safety management system provides users with a unified collection and presentation platform for safety equipment data, and an effective defense method is constructed through the unified dispatch of different equipment. This paper analyzes the needs of safe operation and maintenance management, discusses the key technologies in the equipment management protocol, and proposes a data exchange format model.

01 Safety management requirements

The industry generally believes that network security consists of three parts: technology, management, and operation and maintenance, and its long-term effectiveness mainly depends on the level of security operation and maintenance management[1]. The quality of security operation and maintenance management has an important impact on the overall effectiveness of the network security system.

1.1 Management operation and maintenance requirements

In the network security system, different security devices perform their duties and cooperate to achieve security protection. The safety management system plays a role of coordination and dispatch through efficient management, operation and maintenance. Management operation and maintenance requirements mainly include unified monitoring of equipment status, timely presentation of security risks, efficient treatment of security threats, and rapid adjustment of security policies.

1.2 Data exchange requirements

In the process of security operation and maintenance, there is a large amount of data exchange requirements between the security management system and the security equipment. Different security devices have different forms and different technical systems, forming a heterogeneous data environment. The safety management system conducts unified operation and maintenance management of various safety equipment, and a cross-platform universal transmission protocol must be designed to reduce the coupling between systems and realize the interconnection of safety protection data, so as to provide better support for operation and maintenance personnel to make decisions . In order to ensure the independence and scalability of the management protocol platform, it is necessary to define a general security information description mechanism and data format.

1.3 Security requirements

In the process of security operation and maintenance management, in order to prevent external attackers from obtaining sensitive information, the transmission protocol used must be protected by encryption and other means.

02 key technology

2.1 XML

Extensible Markup Language (eXtensible Markup Language, XML) is a markup language used to mark Electronic documents to make them structured. It follows the grammatical requirements of the W3C specification, separates form and content, has good self-description, is easy to expand, and has a rich third-party development library, which is very suitable for information transmission between systems of different architectures. As the application of XML becomes more and more extensive, XML has become the de facto data exchange standard by virtue of its advantages in many application scenarios.

2.2 Web Service

Web Service is a cross-programming language, cross-operating system platform remote call technology. The typical characteristics of Web Service technology are platform independence and openness. Heterogeneous applications running on different systems can exchange data or achieve integration without special third-party software and hardware. As long as different applications follow the Web Service specification, no matter what language, platform or internal protocol they use, they can exchange data.

2.3 SOAP

Simple Object Access Protocol (SOAP) is an XML-based lightweight data exchange protocol specification that can exchange structured data between different information systems and is a mainstream implementation form of Web Service.

SOAP defines a framework based on the HTTP protocol that describes what the content of the message is, who sent it, who should receive and process it, and how to process it. It realizes the standardization of data format by defining a SOAP envelope (envelop), and encapsulates XML data in an envelope for information interaction, so that heterogeneous systems can interoperate.

2.4 IDEA

International Data Encryption Algorithm (International Data Encryption Algorithm, IDEA) is a symmetric encryption algorithm designed by Chinese scholar Lai Xuejia and cryptographic expert Massey[3]. Its principle is mixed operations from different algebraic groups. The encryption process consists of 8 iterations and 1 output transformation. The key length is 128 bits, which does not require high computing resources and can realize high-speed encryption and decryption on different platforms.

The workflow of IDEA is shown in Figure 1. The same key K is used for encryption and decryption. The sender encrypts the plaintext P with the key K to obtain the ciphertext C, and then transmits the ciphertext C to the receiver through the network. The receiver uses the same key K to perform the inverse operation, and obtains the plaintext P after decryption, so as to realize the security protection during information transmission.

Figure 1 IDEA encryption and decryption process

Compared with other traditional encryption algorithms, IDEA has obvious advantages in terms of confusion, diffusion, security, and encryption and decryption efficiency. It has been widely used in various information exchange scenarios that require encryption.

03 Management agreement design

3.1 Service establishment

The security management system and the security equipment respectively publish Web Services Description Language (WSDL) to provide SOAP-based Web Services to the outside world. Based on the WSDL, the two parties implement the client of the Web Service published by the other party, and realize the uplink/downlink transmission of information through mutual access.

3.2 Data definition

As the carrier of safety management information, information data message is the core of information interaction between safety management system and safety equipment. The data exchange format is the coding specification for information exchange between systems, and is the basis for ensuring the interconnection and intercommunication of the systems in the security protection system.

For the versatility and scalability of information data messages, in the security management protocol, all data messages are described in XML format. XML has high scalability. Using XML to describe the security information can not only meet the basic management requirements, but also facilitate the expansion according to the needs, so as to realize the high efficiency and universality of the management protocol, and at the same time can meet the requirements of flexibility and easy expansion.

As shown in Table 1, according to the different functions of the messages, the data messages between the safety management system and the safety equipment are divided into the following categories.

Table 1 Data message classification

In view of the different message types, the safety management system and the safety equipment call different interface methods during information transmission to realize the classification and processing of data. Through message classification, it is convenient for the rapid adaptation of the safety equipment, and at the same time, it is convenient for subsequent expansion.

When designing a management protocol, it is necessary to fully consider the similarities and differences of different security devices. At the same time, the protocol design needs to be scalable to make room for the addition of new security devices in the future. Data messages are divided into general data formats that all devices should follow (such as device operating status views) and special data formats for certain types of devices (such as firewall network access control policies). All data messages are described in a semantic manner, which is easy to understand and easy to process.

XML Schema Definition (XSD) is a specification that defines the structure of XML files, and can check whether a given XML file conforms to the definition of XSD. The security management protocol restricts the format of all data message definitions through XSD to achieve a standardized description of information, and at the same time facilitate the receiver to verify the legality of the information, and prevent illegal messages with incorrect format from affecting system performance.

3.3 Interactive process

The interactive process of the device management protocol is shown in Figure 2. Through service detection and configuration information release, the safety management system establishes a management relationship with the safety equipment.

Figure 2 Protocol interaction process

① The security management system accesses the Web Service address published by the security device to confirm that the service is normal;

② The safety management system sends a parameter configuration message to the safety equipment, telling the safety equipment and the safety management system the necessary information required for information interaction; after receiving the message, the safety equipment stores the relevant information persistently according to the content in the message, and sends it to The safety management system responds with a successful reception;

③After completing step ②, the device regularly reports data to the safety management system according to the various data reporting modes and time intervals defined in the parameter configuration message; when the parameter configuration and safety strategy change, the safety management system actively downloads to the safety device The security device performs analysis and execution according to the message.

3.4 Transmission encryption

In order to ensure the security of management data during information exchange, the security management protocol requires both parties in communication to encrypt data messages through the IDEA algorithm before sending data, and use the encrypted ciphertext for information exchange.

The security management system will assign a unique encryption and decryption key to each device. Even if the key of a single device is leaked, the attacker cannot decrypt the communication messages of other devices without knowing the keys of other devices.

3.5 Example of Interface Message

The security management system and security devices deploy security management Web Service communication services respectively, and realize functions such as security device view, strategy, event, log reporting and parameter and policy issuance through mutual access. A typical Web Service interface is described as follows:

int reportInfo (String devID, String dataType, String xml)

This interface is issued by the safety management system for the safety equipment to call, and it mainly contains 3 parameters. The first parameter is the unique identification of the safety device. The security management system distinguishes data from different devices through this parameter, and uses this as a basis to generate keys for IDEA encryption and decryption. The second parameter is the encrypted data message identifier, which is used to distinguish the specific type of the reported data, for the receiver to determine which method should be used to perform targeted processing on the data. The third parameter is the encrypted message data, which contains the real data of the security management service. The return value of the interface is int data. According to different return values, it can be judged whether the interface call is successful or the specific error type.

The following is a concrete realization of a “communication parameter configuration” message, taking this as an example to illustrate the structure and meaning of the data format.

The message is encapsulated in XML format: the first line indicates that the data message is encoded by UTF-8 encoding; the second line indicates that the type of this message is a configuration message, and the receiver needs to parse it according to the analysis method of the configuration message; The third line indicates that the specific type of this message belongs to the communication parameter configuration, which is mainly used to restrict the communication between the security management system and the security device; the fourth line indicates that the IP address of the security management system is 192.168.11.250; the fifth line indicates the security management The open port of the system is 8080; the sixth line indicates that the security management system assigns a unique device ID to the security device. In subsequent communications, the security device needs to use this device ID as its own identification information. After receiving the message, the security device analyzes it, and then knows the IP address, port, and identity of the security management system. The identity can be subsequently used to communicate with the security management system.

3.6 Effectiveness analysis

Through the above analysis of each field of the message, it can be seen that the management protocol message is based on the application layer, and in a semantic manner, different content is expressed by defining different field names and meanings of the fields. Therefore, different data formats can be defined according to the characteristics of different security devices to realize the upload and delivery of security management information, and there is no system platform adaptation or conversion problem.

The network security equipment management protocol designed in this paper has been applied in a large-scale security protection system for the information interaction between the security management system and the security equipment. The safety protection system is widely deployed at various points in the country and has been operating stably for many years. It has been verified that it can support the communication needs between the security management system and security equipment, and guarantee the unified security management of the entire cyberspace by operation and maintenance personnel.

04 Conclusion

The core of security operation and maintenance management is the interaction of security data. Based on the current status and requirements of security operation and maintenance management, this paper proposes a network security equipment management protocol, analyzes the key technologies involved, designs a data exchange format model, and can solve the problem of data interaction between the security management system and network security equipment. Subsequent work mainly includes data compression optimization design, improvement of coding efficiency and transmission performance, etc.

The Links:   NL6448BC33-54 LTM084P363

Author: Yoyokuo