CN109600395A - A kind of device and implementation method of terminal network access control system - Google Patents

A kind of device and implementation method of terminal network access control system Download PDF

Info

Publication number
CN109600395A
CN109600395A CN201910062313.2A CN201910062313A CN109600395A CN 109600395 A CN109600395 A CN 109600395A CN 201910062313 A CN201910062313 A CN 201910062313A CN 109600395 A CN109600395 A CN 109600395A
Authority
CN
China
Prior art keywords
module
client
strategy
network access
access control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910062313.2A
Other languages
Chinese (zh)
Inventor
刘维霞
朱书彬
何孟宁
赵全烈
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Chaoyue CNC Electronics Co Ltd
Original Assignee
Shandong Chaoyue CNC Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Chaoyue CNC Electronics Co Ltd filed Critical Shandong Chaoyue CNC Electronics Co Ltd
Priority to CN201910062313.2A priority Critical patent/CN109600395A/en
Publication of CN109600395A publication Critical patent/CN109600395A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses the devices and implementation method of a kind of terminal network access control system, belong to terminal security field, the technical problem to be solved in the present invention is how to guarantee the safety of terminal network access control system, a kind of technical solution of use are as follows: 1. device of terminal network access control system, the device includes management end, server-side and client, and the strategy that management end is used to access terminal network is configured in real time and is shown to the audit log information of network insertion;Transmission of the server-side for configuration strategy and audit information specifically includes and the strategy of management end configuration is sent to client and the audit log that client generates is transmitted to management end;Client is used for the strategy parsed and storage service end is sent, performs corresponding processing according to pretreated configuration strategy to data packet, generates corresponding audit log according to processing result, and be sent to server-side.The invention also discloses a kind of implementation methods of terminal network access control system.

Description

A kind of device and implementation method of terminal network access control system
Technical field
The present invention relates to terminal security field, the device of specifically a kind of terminal network access control system and realization Method.
Background technique
As social informatization degree is higher and higher, information security issue is increasingly becoming focus concerned by people.In order to protect Data resource is protected not by unauthorized access, people have done a large amount of research and practice in terms of the boundaries security protection such as firewall.So And terminal carries out business processing, data processing and the main tool for accessing network as people, in information security management And be but easy to be ignored in deployment, thus it is easy to cause loss of data or system to be invaded.
According to Prevention-Security investigation in recent years show government, school, in enterprises and institutions be more than 80% management and peace Full problem comes from terminal.Terminal is widely used, and makes it have dispersibility, security means backwardness, is paid attention to The features such as degree is weak, it has also become the weak link in information security system.
It is also indicated that by the fact that network safety event in recent years, network security threats majority comes from network internal.Number According to display, security incident is up to 99.9% from the threat of network internal unexpectedly, and only 0.1% security incident is from net Outside network.Client secure management is current network management workload the best part.The normal operation of network is threatened maximum Be similarly client safety.Wherein Terminal Security Management core is the control to network insertion, therefore how to guarantee terminal The safety of network access control system is current technical problem urgently to be solved.
Summary of the invention
Technical assignment of the invention is to provide the device and implementation method of a kind of terminal network access control system, to solve The problem of how guaranteeing the safety of terminal network access control system.
Technical assignment of the invention realizes that a kind of device of terminal network access control system should in the following manner Device includes,
Management end, for being configured to the strategy that terminal network accesses and being believed the audit log of network insertion in real time Breath is shown;
Server-side specifically includes for the transmission of configuration strategy and audit information and is sent to the strategy of management end configuration Client and by client generate audit log be transmitted to management end;
Client, the strategy for parsing and storage service end is sent, according to pretreated configuration strategy to data Packet performs corresponding processing, and generates corresponding audit log according to processing result, and be sent to server-side.
Preferably, the management end includes tactful configuration module and message display module;Management end passes through WEB network address Mode is realized;
Wherein, the strategy that tactful configuration module is used to access terminal network is configured in real time, and main includes adding, deleting Remove or modify different network insertion strategies;
Message display module is for being shown the audit log information of network insertion.
More preferably, the server-side includes strategy transmission module, strategy transmission module monitored for policy configuration request and Audit log reception processing;
Strategy transmission module includes that policy configuration request monitors module and audit log receiving processing module.
More preferably, the policy configuration request monitor module for monitor the order of network insertion policy configuration request and by its It is sent to client, policy configuration request monitors module and safeguards that a network access IP list and SOCKET are programmed to;
Audit log receiving processing module solves audit log for receiving the audit log that client is sent Analysis processing, including inquire, check, analytical auditing log;Audit log receiving processing module is by classifying come real to audit log It is existing.
More preferably, the client includes tactful preprocessing module, core functions module and policy feedback module;
Tactful preprocessing module is used for the strategy parsed and storage service end is sent, and in due course to kernel function The parameter of energy module carries out configuration modification, and tactful preprocessing module is programmed to by SOCKET;
Core functions module is for performing corresponding processing data packet according to pretreated configuration strategy, core functions Module is run in the network subsystem of kernel;
Policy feedback module is used to generate corresponding audit log according to the processing result of core functions module, and is sent to Server-side.
More preferably, the core functions module is based on Netfilter frame and linux kernel connection follow-up mechanism is realized The tracking of Linux data flow connection;Netfilter frame is a standard component of Linux, in conjunction with IP protocol stack, by Multiple control points are inserted into the Message processing process of IP protocol stack, and insertion processing logic transmits the network equipment at control point Message handled, to realize particular safety mechanism.
More preferably, the corresponding logic of heterogeneous networks configuration strategy is loaded into Netfilter by the core functions module The control point NF_IP_LOCAL_IN and NF_IP_LOCAL_OUT, the logic main process task being embedded at NF_IP_LOCAL_IN is illegal Logic at the connection of terminal, NF_IP_LOCAL_OUT is used to monitor the connection that terminal is actively initiated;
When each data packet enters network stack in linux kernel connection follow-up mechanism, it will all be connected to a struct In the connection track record item of nf_conn structure, the data packet of same flow is connected in the same entry, to same flow Data packet can be used as an entirety and be handled, to be much less repetition and unnecessary processing, improve data packet processing Speed;A structure member is added in struct nf_conn structure, which is used to record the connection category of every stream The processing status of property and core functions module;
The basic principle of linux kernel connection follow-up mechanism: each data packet will be linked to accordingly after entering kernel In the entry of stream, core functions module is easily found the member added in struct nf_conn, and in one stream of processing Before data packet when processing status and result are stored in the respective field of the structure, and can determine to connect down according to these values Being to abandon or let pass to the data packet, or need to continue relevant treatment, by extension Linux connection tracing machine Network throughput performance can be improved in the use of system, core functions module.
More preferably, the strategy of the client is used for the strategy parsed and storage service end is sent, after pretreatment Configuration strategy data packet is performed corresponding processing, according to processing result and generate corresponding audit log, and be sent to clothes Business end, the specific steps are as follows:
1., the tactful configuration order of tactful preprocessing module response server-side, by starting a SOCKET, to some end Mouth is monitored;
2., when server-side is successfully connected the port, send tactful preprocessing module for corresponding configuration order;
3., tactful preprocessing module receive corresponding configuration order, corresponding configuration order is parsed;
4., according to parsing result modify subscriber policy storage organization, or modification core functions module parameter, and The parameter of internal kernel function module carries out configuration modification when appropriate;
5., core functions module performs corresponding processing data packet according to pretreated configuration strategy;
6., policy feedback module according to the processing result of core functions module generates corresponding audit log, and is sent to Server-side.
More preferably, detailed process is as follows for the management end, server-side and client transmissions data:
(1), the tactful configuration module of management end transmits data to the strategy transmission module of server-side;
(2), tactful preprocessing module of the strategy transmission module transfer data of server-side to client;
(3), the tactful preprocessing module of client transmits data to the core functions module of client;
(4), policy feedback module of the core functions module transfer data of client to client;
(5), strategy transmission module of the policy feedback module transfer data of client to server-side;
(6), the strategy transmission module transfer data of server-side complete the exhibition of message to the message display module of management end Show.
A kind of implementation method of terminal network access control system, the method steps are as follows:
It is registered after S1, terminal installation client-side program, terminal essential information is committed to server, server will be whole Essential information is held to be stored in database, management end carries out network insertion audit, distribution or modification network access policies to terminal, and leads to Know server-side;
S2, server-side inquiry database generate network access control policy IP list, and IP list only includes that authorization allows to visit The IP address of terminal and authorization white list IP address asked;
S3, server-side notice client update Network access control IP list;
Whether S4, client judge source IP address and purpose IP address in IP list:
1., if so, thening follow the steps S5;
2., if it is not, then forbid client update Network access control IP list;
S5, client update Network access control IP list to local, and are accessed according to IP list to network access Control.
The device and implementation method of terminal network access control system of the invention have the advantage that the present invention by pair The use for extending linux kernel connection follow-up mechanism improves core functions module network throughput performance and handles data packet Performance guarantees terminal network access control system so that core functions module can carry out the control of network insertion based on stream The safety of system.
Detailed description of the invention
The following further describes the present invention with reference to the drawings.
Attached drawing 1 is the apparatus structure block diagram of terminal network access control system;
Attached drawing 2 is the flow diagram of the implementation method of terminal network access control system.
Specific embodiment
Referring to Figure of description and specific embodiment to a kind of device of terminal network access control system of the invention and Implementation method is described in detail below.
Embodiment 1:
As shown in Fig. 1, the device of terminal network access control system of the invention, structure mainly include management end, Server-side and client, the strategy that management end is used to access terminal network is configured in real time and the audit to network insertion Log information is shown;Transmission of the server-side for configuration strategy and audit information, specifically includes the plan for configuring management end It is slightly sent to client and the audit log that client generates is transmitted to management end;Client is for parsing and storage service The strategy sent is held, data packet is performed corresponding processing according to pretreated configuration strategy, is generated according to processing result Corresponding audit log, and it is sent to server-side.
Wherein, management end includes tactful configuration module and message display module;Management end is real by way of WEB network address It is existing;The strategy that tactful configuration module is used to access terminal network is configured in real time, and main includes adding, being deleted or modified not Same network insertion strategy;The formulation of configuration strategy is the emphasis realized;Message display module is for the audit to network insertion Log information is shown.
Server-side includes strategy transmission module, and strategy transmission module is monitored for policy configuration request and audit log receives Processing;Strategy transmission module includes that policy configuration request monitors module and audit log receiving processing module.Policy configuration request Module is monitored for monitoring the order of network insertion policy configuration request and sending it to client, policy configuration request monitors mould Block safeguards that a network access IP list and SOCKET are programmed to;Audit log receiving processing module is for receiving client The audit log sent, and dissection process is carried out to audit log, including inquire, check, analytical auditing log;Audit log Receiving processing module is realized by classifying to audit log.
Client includes tactful preprocessing module, core functions module and policy feedback module;Tactful preprocessing module is used In the strategy that parsing and storage service end are sent, and configuration is carried out to the parameter of core functions module in due course and is repaired Change, tactful preprocessing module is programmed to by SOCKET;Core functions module is used for according to pretreated configuration strategy Data packet is performed corresponding processing, core functions module is run in the network subsystem of kernel;Policy feedback module is used for Corresponding audit log is generated according to the processing result of core functions module, and is sent to server-side.Wherein, core functions module The tracking of Linux data flow connection is realized based on Netfilter frame and linux kernel connection follow-up mechanism;Netfilter frame Frame is a standard component of Linux, multiple by being inserted into the Message processing process of IP protocol stack in conjunction with IP protocol stack Control point, and the message that insertion processing logic transmits the network equipment at control point is handled, to realize particular safety Mechanism.The corresponding logic of heterogeneous networks configuration strategy is loaded into the NF_IP_LOCAL_ in Netfilter by core functions module The control point IN and NF_IP_LOCAL_OUT, the connection for the logic main process task illegal terminal being embedded at NF_IP_LOCAL_IN, NF_ Logic at IP_LOCAL_OUT is used to monitor the connection that terminal is actively initiated;Linux kernel connects every number in follow-up mechanism When entering network stack according to packet, will all it be connected in the connection track record item of a struct nf_conn structure, same flow Data packet be connected in the same entry, an entirety can be used as to the data packet of same flow and handle, thus It is much less repetition and unnecessary processing, improves data packet processing speed;One is added in struct nf_conn structure Structure member, the structure member are used to record the connection attribute of every stream and the processing status of core functions module;Linux kernel Connect the basic principle of follow-up mechanism: each data packet will be linked in the entry of respective streams after entering kernel, kernel Functional module is easily found the member added in struct nf_conn, and the handle when handling the data packet before a stream Processing status and result store in the respective field of the structure, and can determine to be next to abandon to the data packet according to these values Or it lets pass, or needs to continue relevant treatment, pass through the use to extension Linux connection follow-up mechanism, core functions Network throughput performance can be improved in module.The strategy of client is used for the strategy parsed and storage service end is sent, according to pre- Treated, and configuration strategy performs corresponding processing data packet, according to processing result and generates corresponding audit log, concurrently It is sent to server-side, the specific steps are as follows:
1., the tactful configuration order of tactful preprocessing module response server-side, by starting a SOCKET, to some end Mouth is monitored;
2., when server-side is successfully connected the port, send tactful preprocessing module for corresponding configuration order;
3., tactful preprocessing module receive corresponding configuration order, corresponding configuration order is parsed;
4., according to parsing result modify subscriber policy storage organization, or modification core functions module parameter, and The parameter of internal kernel function module carries out configuration modification when appropriate;
5., core functions module performs corresponding processing data packet according to pretreated configuration strategy;
6., policy feedback module according to the processing result of core functions module generates corresponding audit log, and is sent to Server-side.
As shown in Fig. 1, detailed process is as follows for management end, server-side and client transmissions data:
(1), the tactful configuration module of management end transmits data to the strategy transmission module of server-side;
(2), tactful preprocessing module of the strategy transmission module transfer data of server-side to client;
(3), the tactful preprocessing module of client transmits data to the core functions module of client;
(4), policy feedback module of the core functions module transfer data of client to client;
(5), strategy transmission module of the policy feedback module transfer data of client to server-side;
(6), the strategy transmission module transfer data of server-side complete the exhibition of message to the message display module of management end Show.
Embodiment 2:
As shown in Fig. 2, the implementation method of terminal network access control system of the invention, the method steps are as follows:
It is registered after S1, terminal installation client-side program, terminal essential information is committed to server, server will be whole Essential information is held to be stored in database, management end carries out network insertion audit, distribution or modification network access policies to terminal, and leads to Know server-side;
S2, server-side inquiry database generate network access control policy IP list, and IP list only includes that authorization allows to visit The IP address of terminal and authorization white list IP address asked;
S3, server-side notice client update Network access control IP list;
Whether S4, client judge source IP address and purpose IP address in IP list:
1., if so, thening follow the steps S5;
2., if it is not, then forbid client update Network access control IP list;
S5, client update Network access control IP list to local, and are accessed according to IP list to network access Control.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme.

Claims (10)

1. a kind of device of terminal network access control system, which is characterized in that the device includes,
Management end, for the strategy that terminal network accesses is configured in real time and to the audit log information of network insertion into Row is shown;
Server-side specifically includes the strategy of management end configuration being sent to client for the transmission of configuration strategy and audit information It holds and the audit log that client generates is transmitted to management end;
Client, for parsing and the strategy that sends of storage service end, according to pretreated configuration strategy to data packet into The corresponding processing of row, generates corresponding audit log according to processing result, and be sent to server-side.
2. the device of terminal network access control system according to claim 1, which is characterized in that the management end includes Tactful configuration module and message display module;Management end is realized by way of WEB network address;
Wherein, the strategy that tactful configuration module is used to access terminal network is configured in real time, it is main include add, deletion or Modify different network insertion strategies;
Message display module is for being shown the audit log information of network insertion.
3. the device of terminal network access control system according to claim 2, which is characterized in that the server-side includes Strategy transmission module, strategy transmission module is monitored for policy configuration request and audit log reception processing;
Strategy transmission module includes that policy configuration request monitors module and audit log receiving processing module.
4. the device of terminal network access control system according to claim 3, which is characterized in that the strategy configuration is asked It asks and monitors module for monitoring the order of network insertion policy configuration request and sending it to client, policy configuration request is monitored Module safeguards that a network access IP list and SOCKET are programmed to;
Audit log receiving processing module carries out at parsing audit log for receiving the audit log that client is sent Reason, including inquire, check, analytical auditing log;Audit log receiving processing module is realized by classifying to audit log.
5. the device of terminal network access control system according to claim 1 or 2 or 3 or 4, which is characterized in that described Client includes tactful preprocessing module, core functions module and policy feedback module;
Tactful preprocessing module is used for the strategy parsed and storage service end is sent, and in due course to core functions mould The parameter of block carries out configuration modification, and tactful preprocessing module is programmed to by SOCKET;
Core functions module is for performing corresponding processing data packet according to pretreated configuration strategy, core functions module It runs in the network subsystem of kernel;
Policy feedback module is used to generate corresponding audit log according to the processing result of core functions module, and is sent to service End.
6. the device of terminal network access control system according to claim 5, which is characterized in that the core functions mould Block is based on Netfilter frame and linux kernel connection follow-up mechanism realizes the tracking of Linux data flow connection;Netfilter Frame is a standard component of Linux, more by being inserted into the Message processing process of IP protocol stack in conjunction with IP protocol stack A control point, and the message that insertion processing logic transmits the network equipment at control point is handled, to realize specific peace Full mechanism.
7. the device of terminal network access control system according to claim 6, which is characterized in that the core functions mould The corresponding logic of heterogeneous networks configuration strategy is loaded into NF_IP_LOCAL_IN and NF_IP_LOCAL_ in Netfilter by block The control point OUT, at the connection of the logic main process task illegal terminal being embedded at NF_IP_LOCAL_IN, NF_IP_LOCAL_OUT Logic is used to monitor the connection that terminal is actively initiated;
When each data packet enters network stack in linux kernel connection follow-up mechanism, it will all be connected to a struct nf_ In the connection track record item of conn structure, the data packet of same flow is connected in the same entry, to the number of same flow It can be used as an entirety according to packet to be handled;A structure member is added in struct nf_conn structure, which is constituted Member is for recording the connection attribute of every stream and the processing status of core functions module;
The basic principle of linux kernel connection follow-up mechanism: each data packet will be linked to respective streams after entering kernel In entry, core functions module is easily found the member added in struct nf_conn, and before one stream of processing Processing status and result are stored in the respective field of the structure when data packet in face, and can determine according to these values next it is right The data packet is to abandon or let pass, or need to continue relevant treatment.
8. the device of terminal network access control system according to claim 7, which is characterized in that the plan of the client Strategy slightly for parsing and storage service end is sent, locates data packet according to pretreated configuration strategy accordingly Reason, according to processing result and generates corresponding audit log, and be sent to server-side, the specific steps are as follows:
1., the tactful configuration order of tactful preprocessing module response server-side, by starting a SOCKET, to some port into Row is monitored;
2., when server-side is successfully connected the port, send tactful preprocessing module for corresponding configuration order;
3., tactful preprocessing module receive corresponding configuration order, corresponding configuration order is parsed;
4., modify according to parsing result the storage organization of subscriber policy, or the parameter of modification core functions module, and appropriate When configuration modification is carried out to the parameter of core functions module;
5., core functions module performs corresponding processing data packet according to pretreated configuration strategy;
6., policy feedback module according to the processing result of core functions module generates corresponding audit log, and is sent to service End.
9. the device of terminal network access control system according to claim 8, which is characterized in that the management end, clothes Detailed process is as follows for business end and client transmissions data:
(1), the tactful configuration module of management end transmits data to the strategy transmission module of server-side;
(2), tactful preprocessing module of the strategy transmission module transfer data of server-side to client;
(3), the tactful preprocessing module of client transmits data to the core functions module of client;
(4), policy feedback module of the core functions module transfer data of client to client;
(5), strategy transmission module of the policy feedback module transfer data of client to server-side;
(6), the strategy transmission module transfer data of server-side complete the displaying of message to the message display module of management end.
10. a kind of implementation method of terminal network access control system, which is characterized in that the method steps are as follows:
It is registered after S1, terminal installation client-side program, terminal essential information is committed to server, server is by terminal base This information is stored in database, and management end carries out network insertion audit, distribution or modification network access policies to terminal, and notifies to take Business end;
S2, server-side inquiry database generate network access control policy IP list, and IP list only includes what authorization allowed to access IP address of terminal and authorization white list IP address;
S3, server-side notice client update Network access control IP list;
Whether S4, client judge source IP address and purpose IP address in IP list:
1., if so, thening follow the steps S5;
2., if it is not, then forbid client update Network access control IP list;
S5, client update Network access control IP list to local, and carry out access control to network access according to IP list.
CN201910062313.2A 2019-01-23 2019-01-23 A kind of device and implementation method of terminal network access control system Pending CN109600395A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910062313.2A CN109600395A (en) 2019-01-23 2019-01-23 A kind of device and implementation method of terminal network access control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910062313.2A CN109600395A (en) 2019-01-23 2019-01-23 A kind of device and implementation method of terminal network access control system

Publications (1)

Publication Number Publication Date
CN109600395A true CN109600395A (en) 2019-04-09

Family

ID=65966521

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910062313.2A Pending CN109600395A (en) 2019-01-23 2019-01-23 A kind of device and implementation method of terminal network access control system

Country Status (1)

Country Link
CN (1) CN109600395A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159715A (en) * 2019-12-24 2020-05-15 贵州航天计量测试技术研究所 Industrial control safety audit system and method based on artificial intelligence
CN111901147A (en) * 2020-06-28 2020-11-06 北京可信华泰信息技术有限公司 Network access control method and device
CN112491965A (en) * 2020-11-03 2021-03-12 南方电网数字电网研究院有限公司 Monitoring data transmission method based on Kafka and Netty framework

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102904889A (en) * 2012-10-12 2013-01-30 北京可信华泰信息技术有限公司 Cross-platform-unified-management-supported mandatory access controlling system and method
CN103475637A (en) * 2013-04-24 2013-12-25 携程计算机技术(上海)有限公司 Network access control method and system based on IP access behaviors
CN103647772A (en) * 2013-12-12 2014-03-19 浪潮电子信息产业股份有限公司 Method for carrying out trusted access controlling on network data package
US20160285918A1 (en) * 2015-03-29 2016-09-29 Whitebox Security Ltd. System and method for classifying documents based on access
CN108173838A (en) * 2017-12-26 2018-06-15 福建星瑞格软件有限公司 A kind of control auditing method accessed the network equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102904889A (en) * 2012-10-12 2013-01-30 北京可信华泰信息技术有限公司 Cross-platform-unified-management-supported mandatory access controlling system and method
CN103475637A (en) * 2013-04-24 2013-12-25 携程计算机技术(上海)有限公司 Network access control method and system based on IP access behaviors
CN103647772A (en) * 2013-12-12 2014-03-19 浪潮电子信息产业股份有限公司 Method for carrying out trusted access controlling on network data package
US20160285918A1 (en) * 2015-03-29 2016-09-29 Whitebox Security Ltd. System and method for classifying documents based on access
CN108173838A (en) * 2017-12-26 2018-06-15 福建星瑞格软件有限公司 A kind of control auditing method accessed the network equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
宋良梁: "基于Netfilter框架的上网行为管理***的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159715A (en) * 2019-12-24 2020-05-15 贵州航天计量测试技术研究所 Industrial control safety audit system and method based on artificial intelligence
CN111159715B (en) * 2019-12-24 2023-11-14 贵州航天计量测试技术研究所 Industrial control safety audit system and method based on artificial intelligence
CN111901147A (en) * 2020-06-28 2020-11-06 北京可信华泰信息技术有限公司 Network access control method and device
CN111901147B (en) * 2020-06-28 2022-08-30 北京可信华泰信息技术有限公司 Network access control method and device
CN112491965A (en) * 2020-11-03 2021-03-12 南方电网数字电网研究院有限公司 Monitoring data transmission method based on Kafka and Netty framework

Similar Documents

Publication Publication Date Title
Ahmed et al. Scada systems: Challenges for forensic investigators
US6775657B1 (en) Multilayered intrusion detection system and method
Maier et al. Enriching network security analysis with time travel
US8135838B2 (en) System and method for providing data and application continuity in a computer system
CN104954386B (en) A kind of network anti-hijacking method and device
US20120180120A1 (en) System for data leak prevention from networks using context sensitive firewall
US20030110392A1 (en) Detecting intrusions
US7590844B1 (en) Decryption system and method for network analyzers and security programs
EP3111616A1 (en) Detecting and managing abnormal data behavior
US10192262B2 (en) System for periodically updating backings for resource requests
CN109600395A (en) A kind of device and implementation method of terminal network access control system
US11968235B2 (en) System and method for cybersecurity analysis and protection using distributed systems
Rianafirin et al. Design network security infrastructure cabling using network development life cycle methodology and ISO/IEC 27000 series in Yayasan Kesehatan (Yakes) Telkom Bandung
US10013237B2 (en) Automated approval
CN105245336B (en) A kind of file encryption management system
KR101201629B1 (en) Cloud computing system and Method for Security Management for each Tenant in Multi-tenancy Environment
Killer et al. Threat management dashboard for a blockchain collaborative defense
CN111049853A (en) Security authentication system based on computer network
Ezenwe et al. Mitigating denial of service attacks with load balancing
CN115720171A (en) Safe intelligent gateway system and data transmission method
US9619840B2 (en) Backing management
CN112351044A (en) Network security system based on big data
JP2005156473A (en) Analysis system using network
CN110110511A (en) A kind of enterprise database secure access device
CN110933064A (en) Method and system for determining user behavior track

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190409

RJ01 Rejection of invention patent application after publication