CN105681352B - A kind of wireless network access safety management-control method and system - Google Patents

A kind of wireless network access safety management-control method and system Download PDF

Info

Publication number
CN105681352B
CN105681352B CN201610160900.1A CN201610160900A CN105681352B CN 105681352 B CN105681352 B CN 105681352B CN 201610160900 A CN201610160900 A CN 201610160900A CN 105681352 B CN105681352 B CN 105681352B
Authority
CN
China
Prior art keywords
radio reception
access
terminal device
reception device
mac address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610160900.1A
Other languages
Chinese (zh)
Other versions
CN105681352A (en
Inventor
郭胜
马文驷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Rongteng Science And Technology Co Ltd
Original Assignee
Shenzhen Rongteng Science And Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Rongteng Science And Technology Co Ltd filed Critical Shenzhen Rongteng Science And Technology Co Ltd
Priority to CN201610160900.1A priority Critical patent/CN105681352B/en
Publication of CN105681352A publication Critical patent/CN105681352A/en
Application granted granted Critical
Publication of CN105681352B publication Critical patent/CN105681352B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A kind of wireless network access safety management-control method, comprising the following steps: access request is sent to one first radio reception device by a terminal device;By the communication information between one second radio reception device monitor terminal equipment and the first radio reception device, to obtain the relevant information of the first radio reception device and terminal device;Second radio reception device judges whether terminal device is the equipment for allowing to access, and if terminal device is not the equipment for allowing to access, the second radio reception device sends the information of a denied access to terminal device;Access request is sent to third radio reception device by terminal device;Third radio reception device judges whether terminal device is the equipment for allowing to access, and if terminal device is the equipment for allowing to access, third radio reception device allows terminal device to access internet and is monitored to the internet behavior of terminal device.Present invention further teaches a kind of wireless network access safety managing and control systems.

Description

A kind of wireless network access safety management-control method and system
Technical field
The present invention relates to a kind of wireless network access safety management-control method and systems.
Background technique
Currently, smart phone becomes the carrier of the various information of user, a large amount of important informations are stored.With wireless network The fast development of (Wireless-Fidelity, Wi-Fi) technology, smart phone also become the preferred object of malicious attack.Intelligence Can mobile phone security threat significant portion from individual privacy divulge a secret and various malice are deducted fees software.These Malwares benefit It is attacked with the loophole of previous authority mechanism abuse permission opponent machine, What is more spies upon privacy in Background scheduling hardware. Existing Wi-Fi security control method can only passively monitor the communication data between mobile terminal and radio reception device, and It can not accomplish optionally to shield and filter mobile terminal accessing internet.
Summary of the invention
In view of above, it is necessary to provide a kind of wireless network access safety management-control method and system, and then optionally It filters mobile terminal and internet is accessed by wireless network connection radio reception device.
A kind of wireless network access safety management-control method, comprising the following steps:
Access request is sent to one first radio reception device by a terminal device;
It is monitored by one second radio reception device logical between the terminal device and first radio reception device Information is interrogated, to obtain the relevant information of first radio reception device and the terminal device;
Second radio reception device judges the terminal device according to the relevant information of the terminal device of acquisition It whether is the equipment for allowing to access,
If the terminal device is the equipment for allowing to access, first radio reception device allows the terminal device Access request, the terminal device access internet by first radio reception device,
If the terminal device is not the equipment for allowing to access, second radio reception device is sent out to the terminal device Send the information of a denied access;
By second radio reception device by the relevant information of the terminal device of acquisition be sent to a third without Line access device;
Access request is sent to the third radio reception device by the terminal device;
The third radio reception device judges whether the terminal device is the equipment for allowing to access,
If the terminal device is the equipment for allowing to access, the third radio reception device allows the terminal device Access request, the terminal device access internet, the third radio reception device by the third radio reception device The internet behavior of the terminal device is monitored,
If the terminal device is not the equipment for allowing to access, the third radio reception device refuses the terminal device Access request, to forbid terminal device access internet.
A kind of system applied to above-mentioned wireless network access safety management-control method, including one first radio reception device and One terminal device, the terminal device send access request and and first wireless access to first radio reception device Equipment is communicated, and the wireless network access safety managing and control system further includes a wireless network control unit, the wireless network Network control unit includes one second radio reception device and a third radio reception device, the second radio reception device monitoring Communication information between the terminal device and first radio reception device, and be not allow to access in the terminal device Equipment when refuse its and access internet, the third radio reception device receives the access request that the terminal device is sent, And allow terminal device access internet, the third wireless access when the terminal device, which is, allows the equipment accessed Equipment is monitored the internet behavior of the terminal device.
Compared to the prior art, wireless network access safety management-control method of the present invention and system wirelessly connect by described second Enter equipment and judge whether the terminal device is the equipment for allowing to access, and by the third radio reception device to the end The internet behavior of end equipment is monitored, and can effectively be filtered out unauthorized device and be accessed by first radio reception device Internet, so that the terminal called for meeting condition is unimpeded, and the terminal for being unsatisfactory for condition can not access internet or its access is mutual Networking all data all in real time monitoring among.
Detailed description of the invention
Fig. 1 is the structure chart of wireless network access safety managing and control system of the present invention.
Fig. 2 is the flow chart of wireless network access safety management-control method of the present invention.
Specific embodiment
Fig. 1 is please referred to, a kind of better embodiment of wireless network access safety managing and control system of the present invention includes one first Radio reception device 100, a wireless network control unit 200 and a terminal device 300.The wireless network control unit 200 Including one second radio reception device 210 and a third radio reception device 220.The terminal device 300 can be by several logical Interrogate link respectively with first radio reception device 100, second radio reception device 210 and the third wireless access Equipment 220 communicates wirelessly.First radio reception device 100 and the third radio reception device 220 pass through respectively Fiber broadband is connected to internet 400.
Wherein, first radio reception device 100 can be a public wireless router.
Wherein, second radio reception device 210 can be a monitoring wireless router, second radio reception device A MAC(Media Access Control for allowing to access, media access control layer are stored in 210) address list.
Wherein, the third radio reception device 220 can be a control wireless router, the third radio reception device A MAC Address list for allowing to access is stored in 220.
Wherein, the MAC Address list stored in first radio reception device 100 and the third radio reception device The MAC Address list stored in 220 is different.
Wherein, the terminal device 300 can be a communication terminal, such as smart phone or tablet computer.
The terminal device 300 and first radio reception device 100, second radio reception device 210 and institute Stating several communication links between third radio reception device 220 includes one first communication link 510, one second communication link 520, a third communication link 530, one the 4th communication link 540 and one the 5th communication link 550.
The terminal device 300 is led to via first communication link 510 and first radio reception device 100 News, the terminal device 300 can enjoy what first radio reception device 100 provided by first communication link 510 Network service, and then internet 400 is accessed by first radio reception device 100.
Second radio reception device 210 monitors the terminal device 300 and institute via second communication link 520 State the communication information between the first radio reception device 100.Second radio reception device 210 is via the third communication link Road 530 sends denied access information to the terminal device 300.
The terminal device 300 is led to via the 4th communication link 540 and the third radio reception device 220 News, the terminal device 300 can enjoy what the third radio reception device 220 provided by the 4th communication link 540 Network service, and then internet 400 is accessed by the third radio reception device 220.
The terminal device that second radio reception device 210 will be monitored via the 5th communication link 550 Communication information between 300 and first radio reception device 100 is sent to the third radio reception device 220.
It referring to figure 2., is the terminal device using above-mentioned wireless network access safety managing and control system to access system 300 carry out security management and controls management-control method flow chart, the management-control method the following steps are included:
S201: the terminal device 300 is via first communication link 510 to first radio reception device 100 Send access request;
S202: second radio reception device 210 monitors first communication link via second communication link 520 The communication information between the terminal device 300 and first radio reception device 100 on road 510, to obtain described The relevant information of one radio reception device 100 and the terminal device 300, such as SSID of first radio reception device 100 (Service Set Identifier, service set) information, IP(Internet Protocol, network protocol) address letter Breath and mac address information, the mac address information and the terminal device 300 of the terminal device 300 often access described the One radio reception device, 100 information list;
S203: second radio reception device 210 by the mac address information of the terminal device 300 monitored and What it was stored allows the MAC Address list accessed to be compared, to judge whether the MAC Address of the terminal device 300 is being permitted Perhaps in the MAC Address list accessed,
If the MAC Address of the terminal device 300 is in the MAC Address list for allowing to access, first wireless access Equipment 100 allows the access request of the terminal device 300, and the terminal device 300 passes through first radio reception device 100 access internets 400, while return step S202, second radio reception device 210 continue monitoring access described first Other terminal devices 300 of radio reception device 100,
If the MAC Address of the terminal device 300 is not in the MAC Address list for allowing to access, S204 is entered step;
S204: its SSID information is changed to and first radio reception device by second radio reception device 210 As 100, and then first radio reception device 100 that disguises oneself as;
S205: second radio reception device 210 by the mac address information of the terminal device 300 monitored and One of them in 100 information list of the first radio reception device that the terminal device 300 often accesses is first wireless The SSID information of access device 100 is sent to the third radio reception device 220;
S206: its SSID information is changed to and second radio reception device by the third radio reception device 220 The SSID information of 210 the first radio reception devices of one of them sent 100 is the same, and then the terminal device that disguises oneself as 300 the first radio reception devices of one of them often accessed 100;
S207: second radio reception device 210 receives the access request that the terminal device 300 is sent, and via Second communication link 520 sends the information of a denied access to the terminal device 300,
Since the SSID information of second radio reception device 210 has been changed to and first radio reception device As 100, the terminal device 300 can not access first radio reception device 100 again;
S208: the terminal device 300 sends access request to the third radio reception device 220;
S209: the third radio reception device 220 by the mac address information of the terminal device 300 received and What it was stored allows the MAC Address list accessed to be compared, to judge whether the MAC Address of the terminal device 300 is being permitted Perhaps in the MAC Address list accessed,
S210: the third radio reception device 220 allows the access request of the terminal device 300, and the terminal is set Standby 300 access internet 400, while 220 pairs of institutes of the third radio reception device by the third radio reception device 220 The internet behavior for stating terminal device 300 is monitored,
S211: the third radio reception device 220 refuses the access request of the terminal device 300, to forbid institute It states terminal device 300 and accesses internet 400.
Wireless network access safety management-control method of the present invention and system pass through second radio reception device 210 and judge institute State whether terminal device 300 is the equipment for allowing to access, and by the third radio reception device 220 to the terminal device 300 internet behavior is monitored, and can effectively be filtered out unauthorized device and be accessed by first radio reception device 100 Internet 400 so that the terminal called for meeting condition is unimpeded, and the terminal for being unsatisfactory for condition can not access internet 400 or its Access internet 400 all data all in real time monitoring among.

Claims (10)

1. a kind of wireless network access safety management-control method, comprising the following steps: wirelessly connect by a terminal device to one first Enter equipment and sends access request;The terminal device is monitored by one second radio reception device and first wireless access is set Communication information between standby, to obtain the relevant information of first radio reception device and the terminal device;Described second Radio reception device judges whether the terminal device is to allow to access according to the relevant information of the terminal device of acquisition Equipment, such as terminal device are the equipment for allowing to access, and first radio reception device allows connecing for the terminal device Enter request, the terminal device accesses internet by first radio reception device, and such as terminal device is not to allow The equipment of access, second radio reception device send the information of a denied access to the terminal device;Pass through described The relevant information of the terminal device of acquisition is sent to a third radio reception device by two radio reception devices;By described Terminal device sends access request to the third radio reception device;The third radio reception device judges that the terminal is set Whether standby be the equipment for allowing to access, and such as terminal device is the equipment for allowing to access, and the third radio reception device is permitted Perhaps the access request of the described terminal device, the terminal device accesses internet by the third radio reception device, described Third radio reception device is monitored the internet behavior of the terminal device, and such as terminal device does not allow to access Equipment, the third radio reception device refuse the access request of the terminal device, so that the terminal device be forbidden to access Internet.
2. wireless network access safety management-control method as described in claim 1, it is characterised in that: first wireless access is set Standby relevant information includes its SSID (Service Set Identifier, service set) information, IP (Internet Protocol, network protocol) address information and MAC (Media Access Control, media access control layer) address information, The relevant information of the terminal device includes that the first wireless access for often accessing of its mac address information and the terminal device is set Standby information list.
3. wireless network access safety management-control method as claimed in claim 2, it is characterised in that: first wireless access is set Standby includes a public wireless router, and second radio reception device includes a monitoring wireless router, and described second is wireless A MAC Address list for allowing to access is stored in access device, the third radio reception device includes a control without route By device, a MAC Address list for allowing to access is stored in the third radio reception device.
4. wireless network access safety management-control method as claimed in claim 3, it is characterised in that: second wireless access is set The MAC Address list of standby interior storage is different with the MAC Address list stored in the third radio reception device.
5. wireless network access safety management-control method as claimed in claim 4, it is characterised in that: second wireless access is set The standby MAC Address list for allowing access by the mac address information of the terminal device monitored and its storage is compared, To judge the MAC Address of the terminal device whether in the MAC Address list for allowing to access.
6. wireless network access safety management-control method as claimed in claim 5, it is characterised in that: such as the terminal device For MAC Address in the MAC Address list for allowing to access, first radio reception device allows the access of the terminal device to ask It asks, second radio reception device continues other terminal devices that monitoring accesses first radio reception device, such as described The MAC Address of terminal device is not in the MAC Address list for allowing to access, and second radio reception device is by its SSID information It is changed to as first radio reception device, and then first radio reception device that disguises oneself as, at this time the terminal Equipment can not access first radio reception device again.
7. wireless network access safety management-control method as claimed in claim 6, it is characterised in that: second wireless access is set Standby the first radio reception device for often accessing the mac address information of the terminal device monitored and the terminal device The SSID information of one of them the first radio reception device in information list is sent to the third radio reception device, described Third radio reception device its SSID information is changed to send with second radio reception device one of them first The SSID information of radio reception device is the same, so the terminal device that disguises oneself as often access one of them first wirelessly connect Enter equipment.
8. a kind of system applied to wireless network access safety management-control method as claimed in any of claims 1 to 7 in one of claims, Including one first radio reception device and a terminal device, the terminal device sends to first radio reception device and accesses It requests and is communicated with first radio reception device, it is characterised in that: the wireless network access safety managing and control system Further include a wireless network control unit, the wireless network control unit include one second radio reception device and a third without Line access device, second radio reception device monitor logical between the terminal device and first radio reception device Information is interrogated, and refuses it when the terminal device, which is, does not allow the equipment accessed and accesses internet, the third wireless access Equipment receives the access request that the terminal device is sent, and when the terminal device is the equipment for allowing to access described in permission Terminal device accesses internet, and the third radio reception device is monitored the internet behavior of the terminal device.
9. wireless network access safety managing and control system as claimed in claim 8, it is characterised in that: first wireless access is set Standby includes a public wireless router, and second radio reception device includes a monitoring wireless router, and the third is wireless Access device includes a control wireless router.
10. wireless network access safety managing and control system as claimed in claim 9, it is characterised in that: second wireless access A MAC Address list for allowing to access is stored in equipment, storing one in the third radio reception device allows access MAC Address list, the interior MAC Address list stored of second radio reception device and the interior storage of the third radio reception device The MAC Address list deposited is different.
CN201610160900.1A 2016-03-21 2016-03-21 A kind of wireless network access safety management-control method and system Active CN105681352B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610160900.1A CN105681352B (en) 2016-03-21 2016-03-21 A kind of wireless network access safety management-control method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610160900.1A CN105681352B (en) 2016-03-21 2016-03-21 A kind of wireless network access safety management-control method and system

Publications (2)

Publication Number Publication Date
CN105681352A CN105681352A (en) 2016-06-15
CN105681352B true CN105681352B (en) 2019-03-19

Family

ID=56215236

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610160900.1A Active CN105681352B (en) 2016-03-21 2016-03-21 A kind of wireless network access safety management-control method and system

Country Status (1)

Country Link
CN (1) CN105681352B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109586928A (en) * 2018-12-21 2019-04-05 杭州全维技术股份有限公司 A kind of internet behavior blocking-up method based on the network equipment
CN109788481B (en) * 2019-01-25 2021-12-28 中科大路(青岛)科技有限公司 Method and device for preventing illegal access monitoring
CN111866995B (en) * 2020-07-26 2021-01-19 广云物联网科技(广州)有限公司 WeChat applet-based intelligent device network distribution method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1480395A1 (en) * 2001-03-19 2004-11-24 Sony Corporation Network system
CN103138979A (en) * 2011-11-30 2013-06-05 华为终端有限公司 Network access management method and network access facility
CN103731425A (en) * 2013-12-31 2014-04-16 迈普通信技术股份有限公司 Network wireless terminal access control method and system
CN104902531A (en) * 2014-03-03 2015-09-09 腾讯科技(深圳)有限公司 Network connection method, application authentication server, terminal and router

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1480395A1 (en) * 2001-03-19 2004-11-24 Sony Corporation Network system
CN103138979A (en) * 2011-11-30 2013-06-05 华为终端有限公司 Network access management method and network access facility
CN103731425A (en) * 2013-12-31 2014-04-16 迈普通信技术股份有限公司 Network wireless terminal access control method and system
CN104902531A (en) * 2014-03-03 2015-09-09 腾讯科技(深圳)有限公司 Network connection method, application authentication server, terminal and router

Also Published As

Publication number Publication date
CN105681352A (en) 2016-06-15

Similar Documents

Publication Publication Date Title
CN104935572B (en) Multi-layer right management method and device
CN110611723B (en) Scheduling method and device of service resources
CN101802837B (en) System and method for providing network and computer firewall protection with dynamic address isolation to a device
KR101788495B1 (en) Security gateway for a regional/home network
CN100464518C (en) Green internet-accessing system based on concentrated management and dictributed control, and method therefor
CN101188557B (en) Method, client, server and system for managing user network access behavior
CN101909298B (en) Secure access control method and device for wireless network
JP2010518764A (en) Mobile system and method for remote control and monitoring
CN102118749A (en) Network access control device for mobile terminal and mobile terminal equipment
CN102857388A (en) Cloud detection safety management auditing system
Liang et al. A software defined security architecture for SDN-based 5G network
WO2016206227A1 (en) Access control method and device
CN105681352B (en) A kind of wireless network access safety management-control method and system
CN109995769B (en) Multi-stage heterogeneous trans-regional full-real-time safety management and control method and system
CN101599977B (en) Method and system for managing network service
US9491625B2 (en) Access point apparatus for configuring multiple security tunnel, and system having the same and method thereof
US8850513B2 (en) System for data flow protection and use control of applications and portable devices configured by location
CN107483514A (en) Attack monitoring device and smart machine
CN104243423A (en) Ad-hoc network encryption and authentication method and system and terminals
KR20180028742A (en) 2-way communication apparatus capable of changing communication mode and method thereof
CN102045361A (en) Network security processing method and wireless communications device
CN104994108A (en) URL filtering method, device and system
CN109922058B (en) Intranet protection method for preventing illegal access to intranet
CN103441882A (en) Remote management method for internet access
KR101160903B1 (en) Blacklist extracting system and method thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant