With the continuous development of the information technology, the network services and network applications are also ever increasing, and the servers or network devices carrying these network services and network applications also continuously hit the shelves. The security of the servers or network devices also draws more and more attention. When a network service or application is illegally intruded, a most important reason is that the configurations of the servers or network devices by their user are not secure enough, besides the vulnerabilities of these servers or network devices themselves. The deficiencies of the configurations give a hacker an opportunity that can be exploited, and also cause a major damage to a user of a server or a network device.
In order to prevent the loss due to the configuration faults of a server or a network device, a network administrator will generally perform a verification on the security configuration of a server or a network device within a network, and perform a security reinforcement for a server or a network device which does not meet the security configuration specification. Some security manufacturers have provided secure software for a network administrator to perform a scanning on the security configuration of a server or a network device.
FIG. 1 shows a schematic drawing of a procedure for performing security configuration verification on a server or a network device traditionally. As shown in FIG. 1, firstly, a provider of a certain server or a network device will provide a “security configuration specification”; subsequently, while a network administrator performs a security configuration on the server or the network device according to the “security configuration specification”, a security manufacturer will customize a security configuration scanning scheme for the server or the network device according to the “security configuration specification. Then, the security manufacturer performs a security configuration scanning on the server or the network device by this security scanning scheme, and notifies the scanning result to the network administrator, and thereby the security configuration of the server or the network device is normalized. Thus, the security reinforcement for the configuration of the server or the network device is accomplished.
However, though the security configuration verification may be performed conveniently on one server or one network device with the existing solution as shown in FIG. 1, the security configuration verification consumes a lot of time due to involving the work of the security manufacturer. If there is not just one server or one network device (generally there will exist more than two different servers or network devices) in the network environment, and it is desired that a security configuration verification is performed on these other devices, then the procedure as described in FIG. 1 needs to be done repeatedly. This means that the more the kinds of servers or network devices in the network environment are, the more the steps that are repeated, and the longer the time is to be consumed. Furthermore, in a different network application scenario, the requirements for the security configuration specification of the server or the network device may also be different from each other, and thus more work of the security manufacturer is needed, which further needs to consume more time and effort.
It can be seen from the above that there needs a security configuration verification way in which a user of a server or a network device or a network administrator may flexibly define his/her own security configuration verification policy by himself/herself according to a different network application environment as well as a different server or network device, so as to save cost and time.