CN109600395A - A kind of device and implementation method of terminal network access control system - Google Patents
A kind of device and implementation method of terminal network access control system Download PDFInfo
- Publication number
- CN109600395A CN109600395A CN201910062313.2A CN201910062313A CN109600395A CN 109600395 A CN109600395 A CN 109600395A CN 201910062313 A CN201910062313 A CN 201910062313A CN 109600395 A CN109600395 A CN 109600395A
- Authority
- CN
- China
- Prior art keywords
- module
- client
- strategy
- network access
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses the devices and implementation method of a kind of terminal network access control system, belong to terminal security field, the technical problem to be solved in the present invention is how to guarantee the safety of terminal network access control system, a kind of technical solution of use are as follows: 1. device of terminal network access control system, the device includes management end, server-side and client, and the strategy that management end is used to access terminal network is configured in real time and is shown to the audit log information of network insertion;Transmission of the server-side for configuration strategy and audit information specifically includes and the strategy of management end configuration is sent to client and the audit log that client generates is transmitted to management end;Client is used for the strategy parsed and storage service end is sent, performs corresponding processing according to pretreated configuration strategy to data packet, generates corresponding audit log according to processing result, and be sent to server-side.The invention also discloses a kind of implementation methods of terminal network access control system.
Description
Technical field
The present invention relates to terminal security field, the device of specifically a kind of terminal network access control system and realization
Method.
Background technique
As social informatization degree is higher and higher, information security issue is increasingly becoming focus concerned by people.In order to protect
Data resource is protected not by unauthorized access, people have done a large amount of research and practice in terms of the boundaries security protection such as firewall.So
And terminal carries out business processing, data processing and the main tool for accessing network as people, in information security management
And be but easy to be ignored in deployment, thus it is easy to cause loss of data or system to be invaded.
According to Prevention-Security investigation in recent years show government, school, in enterprises and institutions be more than 80% management and peace
Full problem comes from terminal.Terminal is widely used, and makes it have dispersibility, security means backwardness, is paid attention to
The features such as degree is weak, it has also become the weak link in information security system.
It is also indicated that by the fact that network safety event in recent years, network security threats majority comes from network internal.Number
According to display, security incident is up to 99.9% from the threat of network internal unexpectedly, and only 0.1% security incident is from net
Outside network.Client secure management is current network management workload the best part.The normal operation of network is threatened maximum
Be similarly client safety.Wherein Terminal Security Management core is the control to network insertion, therefore how to guarantee terminal
The safety of network access control system is current technical problem urgently to be solved.
Summary of the invention
Technical assignment of the invention is to provide the device and implementation method of a kind of terminal network access control system, to solve
The problem of how guaranteeing the safety of terminal network access control system.
Technical assignment of the invention realizes that a kind of device of terminal network access control system should in the following manner
Device includes,
Management end, for being configured to the strategy that terminal network accesses and being believed the audit log of network insertion in real time
Breath is shown;
Server-side specifically includes for the transmission of configuration strategy and audit information and is sent to the strategy of management end configuration
Client and by client generate audit log be transmitted to management end;
Client, the strategy for parsing and storage service end is sent, according to pretreated configuration strategy to data
Packet performs corresponding processing, and generates corresponding audit log according to processing result, and be sent to server-side.
Preferably, the management end includes tactful configuration module and message display module;Management end passes through WEB network address
Mode is realized;
Wherein, the strategy that tactful configuration module is used to access terminal network is configured in real time, and main includes adding, deleting
Remove or modify different network insertion strategies;
Message display module is for being shown the audit log information of network insertion.
More preferably, the server-side includes strategy transmission module, strategy transmission module monitored for policy configuration request and
Audit log reception processing;
Strategy transmission module includes that policy configuration request monitors module and audit log receiving processing module.
More preferably, the policy configuration request monitor module for monitor the order of network insertion policy configuration request and by its
It is sent to client, policy configuration request monitors module and safeguards that a network access IP list and SOCKET are programmed to;
Audit log receiving processing module solves audit log for receiving the audit log that client is sent
Analysis processing, including inquire, check, analytical auditing log;Audit log receiving processing module is by classifying come real to audit log
It is existing.
More preferably, the client includes tactful preprocessing module, core functions module and policy feedback module;
Tactful preprocessing module is used for the strategy parsed and storage service end is sent, and in due course to kernel function
The parameter of energy module carries out configuration modification, and tactful preprocessing module is programmed to by SOCKET;
Core functions module is for performing corresponding processing data packet according to pretreated configuration strategy, core functions
Module is run in the network subsystem of kernel;
Policy feedback module is used to generate corresponding audit log according to the processing result of core functions module, and is sent to
Server-side.
More preferably, the core functions module is based on Netfilter frame and linux kernel connection follow-up mechanism is realized
The tracking of Linux data flow connection;Netfilter frame is a standard component of Linux, in conjunction with IP protocol stack, by
Multiple control points are inserted into the Message processing process of IP protocol stack, and insertion processing logic transmits the network equipment at control point
Message handled, to realize particular safety mechanism.
More preferably, the corresponding logic of heterogeneous networks configuration strategy is loaded into Netfilter by the core functions module
The control point NF_IP_LOCAL_IN and NF_IP_LOCAL_OUT, the logic main process task being embedded at NF_IP_LOCAL_IN is illegal
Logic at the connection of terminal, NF_IP_LOCAL_OUT is used to monitor the connection that terminal is actively initiated;
When each data packet enters network stack in linux kernel connection follow-up mechanism, it will all be connected to a struct
In the connection track record item of nf_conn structure, the data packet of same flow is connected in the same entry, to same flow
Data packet can be used as an entirety and be handled, to be much less repetition and unnecessary processing, improve data packet processing
Speed;A structure member is added in struct nf_conn structure, which is used to record the connection category of every stream
The processing status of property and core functions module;
The basic principle of linux kernel connection follow-up mechanism: each data packet will be linked to accordingly after entering kernel
In the entry of stream, core functions module is easily found the member added in struct nf_conn, and in one stream of processing
Before data packet when processing status and result are stored in the respective field of the structure, and can determine to connect down according to these values
Being to abandon or let pass to the data packet, or need to continue relevant treatment, by extension Linux connection tracing machine
Network throughput performance can be improved in the use of system, core functions module.
More preferably, the strategy of the client is used for the strategy parsed and storage service end is sent, after pretreatment
Configuration strategy data packet is performed corresponding processing, according to processing result and generate corresponding audit log, and be sent to clothes
Business end, the specific steps are as follows:
1., the tactful configuration order of tactful preprocessing module response server-side, by starting a SOCKET, to some end
Mouth is monitored;
2., when server-side is successfully connected the port, send tactful preprocessing module for corresponding configuration order;
3., tactful preprocessing module receive corresponding configuration order, corresponding configuration order is parsed;
4., according to parsing result modify subscriber policy storage organization, or modification core functions module parameter, and
The parameter of internal kernel function module carries out configuration modification when appropriate;
5., core functions module performs corresponding processing data packet according to pretreated configuration strategy;
6., policy feedback module according to the processing result of core functions module generates corresponding audit log, and is sent to
Server-side.
More preferably, detailed process is as follows for the management end, server-side and client transmissions data:
(1), the tactful configuration module of management end transmits data to the strategy transmission module of server-side;
(2), tactful preprocessing module of the strategy transmission module transfer data of server-side to client;
(3), the tactful preprocessing module of client transmits data to the core functions module of client;
(4), policy feedback module of the core functions module transfer data of client to client;
(5), strategy transmission module of the policy feedback module transfer data of client to server-side;
(6), the strategy transmission module transfer data of server-side complete the exhibition of message to the message display module of management end
Show.
A kind of implementation method of terminal network access control system, the method steps are as follows:
It is registered after S1, terminal installation client-side program, terminal essential information is committed to server, server will be whole
Essential information is held to be stored in database, management end carries out network insertion audit, distribution or modification network access policies to terminal, and leads to
Know server-side;
S2, server-side inquiry database generate network access control policy IP list, and IP list only includes that authorization allows to visit
The IP address of terminal and authorization white list IP address asked;
S3, server-side notice client update Network access control IP list;
Whether S4, client judge source IP address and purpose IP address in IP list:
1., if so, thening follow the steps S5;
2., if it is not, then forbid client update Network access control IP list;
S5, client update Network access control IP list to local, and are accessed according to IP list to network access
Control.
The device and implementation method of terminal network access control system of the invention have the advantage that the present invention by pair
The use for extending linux kernel connection follow-up mechanism improves core functions module network throughput performance and handles data packet
Performance guarantees terminal network access control system so that core functions module can carry out the control of network insertion based on stream
The safety of system.
Detailed description of the invention
The following further describes the present invention with reference to the drawings.
Attached drawing 1 is the apparatus structure block diagram of terminal network access control system;
Attached drawing 2 is the flow diagram of the implementation method of terminal network access control system.
Specific embodiment
Referring to Figure of description and specific embodiment to a kind of device of terminal network access control system of the invention and
Implementation method is described in detail below.
Embodiment 1:
As shown in Fig. 1, the device of terminal network access control system of the invention, structure mainly include management end,
Server-side and client, the strategy that management end is used to access terminal network is configured in real time and the audit to network insertion
Log information is shown;Transmission of the server-side for configuration strategy and audit information, specifically includes the plan for configuring management end
It is slightly sent to client and the audit log that client generates is transmitted to management end;Client is for parsing and storage service
The strategy sent is held, data packet is performed corresponding processing according to pretreated configuration strategy, is generated according to processing result
Corresponding audit log, and it is sent to server-side.
Wherein, management end includes tactful configuration module and message display module;Management end is real by way of WEB network address
It is existing;The strategy that tactful configuration module is used to access terminal network is configured in real time, and main includes adding, being deleted or modified not
Same network insertion strategy;The formulation of configuration strategy is the emphasis realized;Message display module is for the audit to network insertion
Log information is shown.
Server-side includes strategy transmission module, and strategy transmission module is monitored for policy configuration request and audit log receives
Processing;Strategy transmission module includes that policy configuration request monitors module and audit log receiving processing module.Policy configuration request
Module is monitored for monitoring the order of network insertion policy configuration request and sending it to client, policy configuration request monitors mould
Block safeguards that a network access IP list and SOCKET are programmed to;Audit log receiving processing module is for receiving client
The audit log sent, and dissection process is carried out to audit log, including inquire, check, analytical auditing log;Audit log
Receiving processing module is realized by classifying to audit log.
Client includes tactful preprocessing module, core functions module and policy feedback module;Tactful preprocessing module is used
In the strategy that parsing and storage service end are sent, and configuration is carried out to the parameter of core functions module in due course and is repaired
Change, tactful preprocessing module is programmed to by SOCKET;Core functions module is used for according to pretreated configuration strategy
Data packet is performed corresponding processing, core functions module is run in the network subsystem of kernel;Policy feedback module is used for
Corresponding audit log is generated according to the processing result of core functions module, and is sent to server-side.Wherein, core functions module
The tracking of Linux data flow connection is realized based on Netfilter frame and linux kernel connection follow-up mechanism;Netfilter frame
Frame is a standard component of Linux, multiple by being inserted into the Message processing process of IP protocol stack in conjunction with IP protocol stack
Control point, and the message that insertion processing logic transmits the network equipment at control point is handled, to realize particular safety
Mechanism.The corresponding logic of heterogeneous networks configuration strategy is loaded into the NF_IP_LOCAL_ in Netfilter by core functions module
The control point IN and NF_IP_LOCAL_OUT, the connection for the logic main process task illegal terminal being embedded at NF_IP_LOCAL_IN, NF_
Logic at IP_LOCAL_OUT is used to monitor the connection that terminal is actively initiated;Linux kernel connects every number in follow-up mechanism
When entering network stack according to packet, will all it be connected in the connection track record item of a struct nf_conn structure, same flow
Data packet be connected in the same entry, an entirety can be used as to the data packet of same flow and handle, thus
It is much less repetition and unnecessary processing, improves data packet processing speed;One is added in struct nf_conn structure
Structure member, the structure member are used to record the connection attribute of every stream and the processing status of core functions module;Linux kernel
Connect the basic principle of follow-up mechanism: each data packet will be linked in the entry of respective streams after entering kernel, kernel
Functional module is easily found the member added in struct nf_conn, and the handle when handling the data packet before a stream
Processing status and result store in the respective field of the structure, and can determine to be next to abandon to the data packet according to these values
Or it lets pass, or needs to continue relevant treatment, pass through the use to extension Linux connection follow-up mechanism, core functions
Network throughput performance can be improved in module.The strategy of client is used for the strategy parsed and storage service end is sent, according to pre-
Treated, and configuration strategy performs corresponding processing data packet, according to processing result and generates corresponding audit log, concurrently
It is sent to server-side, the specific steps are as follows:
1., the tactful configuration order of tactful preprocessing module response server-side, by starting a SOCKET, to some end
Mouth is monitored;
2., when server-side is successfully connected the port, send tactful preprocessing module for corresponding configuration order;
3., tactful preprocessing module receive corresponding configuration order, corresponding configuration order is parsed;
4., according to parsing result modify subscriber policy storage organization, or modification core functions module parameter, and
The parameter of internal kernel function module carries out configuration modification when appropriate;
5., core functions module performs corresponding processing data packet according to pretreated configuration strategy;
6., policy feedback module according to the processing result of core functions module generates corresponding audit log, and is sent to
Server-side.
As shown in Fig. 1, detailed process is as follows for management end, server-side and client transmissions data:
(1), the tactful configuration module of management end transmits data to the strategy transmission module of server-side;
(2), tactful preprocessing module of the strategy transmission module transfer data of server-side to client;
(3), the tactful preprocessing module of client transmits data to the core functions module of client;
(4), policy feedback module of the core functions module transfer data of client to client;
(5), strategy transmission module of the policy feedback module transfer data of client to server-side;
(6), the strategy transmission module transfer data of server-side complete the exhibition of message to the message display module of management end
Show.
Embodiment 2:
As shown in Fig. 2, the implementation method of terminal network access control system of the invention, the method steps are as follows:
It is registered after S1, terminal installation client-side program, terminal essential information is committed to server, server will be whole
Essential information is held to be stored in database, management end carries out network insertion audit, distribution or modification network access policies to terminal, and leads to
Know server-side;
S2, server-side inquiry database generate network access control policy IP list, and IP list only includes that authorization allows to visit
The IP address of terminal and authorization white list IP address asked;
S3, server-side notice client update Network access control IP list;
Whether S4, client judge source IP address and purpose IP address in IP list:
1., if so, thening follow the steps S5;
2., if it is not, then forbid client update Network access control IP list;
S5, client update Network access control IP list to local, and are accessed according to IP list to network access
Control.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (10)
1. a kind of device of terminal network access control system, which is characterized in that the device includes,
Management end, for the strategy that terminal network accesses is configured in real time and to the audit log information of network insertion into
Row is shown;
Server-side specifically includes the strategy of management end configuration being sent to client for the transmission of configuration strategy and audit information
It holds and the audit log that client generates is transmitted to management end;
Client, for parsing and the strategy that sends of storage service end, according to pretreated configuration strategy to data packet into
The corresponding processing of row, generates corresponding audit log according to processing result, and be sent to server-side.
2. the device of terminal network access control system according to claim 1, which is characterized in that the management end includes
Tactful configuration module and message display module;Management end is realized by way of WEB network address;
Wherein, the strategy that tactful configuration module is used to access terminal network is configured in real time, it is main include add, deletion or
Modify different network insertion strategies;
Message display module is for being shown the audit log information of network insertion.
3. the device of terminal network access control system according to claim 2, which is characterized in that the server-side includes
Strategy transmission module, strategy transmission module is monitored for policy configuration request and audit log reception processing;
Strategy transmission module includes that policy configuration request monitors module and audit log receiving processing module.
4. the device of terminal network access control system according to claim 3, which is characterized in that the strategy configuration is asked
It asks and monitors module for monitoring the order of network insertion policy configuration request and sending it to client, policy configuration request is monitored
Module safeguards that a network access IP list and SOCKET are programmed to;
Audit log receiving processing module carries out at parsing audit log for receiving the audit log that client is sent
Reason, including inquire, check, analytical auditing log;Audit log receiving processing module is realized by classifying to audit log.
5. the device of terminal network access control system according to claim 1 or 2 or 3 or 4, which is characterized in that described
Client includes tactful preprocessing module, core functions module and policy feedback module;
Tactful preprocessing module is used for the strategy parsed and storage service end is sent, and in due course to core functions mould
The parameter of block carries out configuration modification, and tactful preprocessing module is programmed to by SOCKET;
Core functions module is for performing corresponding processing data packet according to pretreated configuration strategy, core functions module
It runs in the network subsystem of kernel;
Policy feedback module is used to generate corresponding audit log according to the processing result of core functions module, and is sent to service
End.
6. the device of terminal network access control system according to claim 5, which is characterized in that the core functions mould
Block is based on Netfilter frame and linux kernel connection follow-up mechanism realizes the tracking of Linux data flow connection;Netfilter
Frame is a standard component of Linux, more by being inserted into the Message processing process of IP protocol stack in conjunction with IP protocol stack
A control point, and the message that insertion processing logic transmits the network equipment at control point is handled, to realize specific peace
Full mechanism.
7. the device of terminal network access control system according to claim 6, which is characterized in that the core functions mould
The corresponding logic of heterogeneous networks configuration strategy is loaded into NF_IP_LOCAL_IN and NF_IP_LOCAL_ in Netfilter by block
The control point OUT, at the connection of the logic main process task illegal terminal being embedded at NF_IP_LOCAL_IN, NF_IP_LOCAL_OUT
Logic is used to monitor the connection that terminal is actively initiated;
When each data packet enters network stack in linux kernel connection follow-up mechanism, it will all be connected to a struct nf_
In the connection track record item of conn structure, the data packet of same flow is connected in the same entry, to the number of same flow
It can be used as an entirety according to packet to be handled;A structure member is added in struct nf_conn structure, which is constituted
Member is for recording the connection attribute of every stream and the processing status of core functions module;
The basic principle of linux kernel connection follow-up mechanism: each data packet will be linked to respective streams after entering kernel
In entry, core functions module is easily found the member added in struct nf_conn, and before one stream of processing
Processing status and result are stored in the respective field of the structure when data packet in face, and can determine according to these values next it is right
The data packet is to abandon or let pass, or need to continue relevant treatment.
8. the device of terminal network access control system according to claim 7, which is characterized in that the plan of the client
Strategy slightly for parsing and storage service end is sent, locates data packet according to pretreated configuration strategy accordingly
Reason, according to processing result and generates corresponding audit log, and be sent to server-side, the specific steps are as follows:
1., the tactful configuration order of tactful preprocessing module response server-side, by starting a SOCKET, to some port into
Row is monitored;
2., when server-side is successfully connected the port, send tactful preprocessing module for corresponding configuration order;
3., tactful preprocessing module receive corresponding configuration order, corresponding configuration order is parsed;
4., modify according to parsing result the storage organization of subscriber policy, or the parameter of modification core functions module, and appropriate
When configuration modification is carried out to the parameter of core functions module;
5., core functions module performs corresponding processing data packet according to pretreated configuration strategy;
6., policy feedback module according to the processing result of core functions module generates corresponding audit log, and is sent to service
End.
9. the device of terminal network access control system according to claim 8, which is characterized in that the management end, clothes
Detailed process is as follows for business end and client transmissions data:
(1), the tactful configuration module of management end transmits data to the strategy transmission module of server-side;
(2), tactful preprocessing module of the strategy transmission module transfer data of server-side to client;
(3), the tactful preprocessing module of client transmits data to the core functions module of client;
(4), policy feedback module of the core functions module transfer data of client to client;
(5), strategy transmission module of the policy feedback module transfer data of client to server-side;
(6), the strategy transmission module transfer data of server-side complete the displaying of message to the message display module of management end.
10. a kind of implementation method of terminal network access control system, which is characterized in that the method steps are as follows:
It is registered after S1, terminal installation client-side program, terminal essential information is committed to server, server is by terminal base
This information is stored in database, and management end carries out network insertion audit, distribution or modification network access policies to terminal, and notifies to take
Business end;
S2, server-side inquiry database generate network access control policy IP list, and IP list only includes what authorization allowed to access
IP address of terminal and authorization white list IP address;
S3, server-side notice client update Network access control IP list;
Whether S4, client judge source IP address and purpose IP address in IP list:
1., if so, thening follow the steps S5;
2., if it is not, then forbid client update Network access control IP list;
S5, client update Network access control IP list to local, and carry out access control to network access according to IP list.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910062313.2A CN109600395A (en) | 2019-01-23 | 2019-01-23 | A kind of device and implementation method of terminal network access control system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910062313.2A CN109600395A (en) | 2019-01-23 | 2019-01-23 | A kind of device and implementation method of terminal network access control system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109600395A true CN109600395A (en) | 2019-04-09 |
Family
ID=65966521
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910062313.2A Pending CN109600395A (en) | 2019-01-23 | 2019-01-23 | A kind of device and implementation method of terminal network access control system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109600395A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111159715A (en) * | 2019-12-24 | 2020-05-15 | 贵州航天计量测试技术研究所 | Industrial control safety audit system and method based on artificial intelligence |
CN111901147A (en) * | 2020-06-28 | 2020-11-06 | 北京可信华泰信息技术有限公司 | Network access control method and device |
CN112491965A (en) * | 2020-11-03 | 2021-03-12 | 南方电网数字电网研究院有限公司 | Monitoring data transmission method based on Kafka and Netty framework |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102904889A (en) * | 2012-10-12 | 2013-01-30 | 北京可信华泰信息技术有限公司 | Cross-platform-unified-management-supported mandatory access controlling system and method |
CN103475637A (en) * | 2013-04-24 | 2013-12-25 | 携程计算机技术(上海)有限公司 | Network access control method and system based on IP access behaviors |
CN103647772A (en) * | 2013-12-12 | 2014-03-19 | 浪潮电子信息产业股份有限公司 | Method for carrying out trusted access controlling on network data package |
US20160285918A1 (en) * | 2015-03-29 | 2016-09-29 | Whitebox Security Ltd. | System and method for classifying documents based on access |
CN108173838A (en) * | 2017-12-26 | 2018-06-15 | 福建星瑞格软件有限公司 | A kind of control auditing method accessed the network equipment |
-
2019
- 2019-01-23 CN CN201910062313.2A patent/CN109600395A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102904889A (en) * | 2012-10-12 | 2013-01-30 | 北京可信华泰信息技术有限公司 | Cross-platform-unified-management-supported mandatory access controlling system and method |
CN103475637A (en) * | 2013-04-24 | 2013-12-25 | 携程计算机技术(上海)有限公司 | Network access control method and system based on IP access behaviors |
CN103647772A (en) * | 2013-12-12 | 2014-03-19 | 浪潮电子信息产业股份有限公司 | Method for carrying out trusted access controlling on network data package |
US20160285918A1 (en) * | 2015-03-29 | 2016-09-29 | Whitebox Security Ltd. | System and method for classifying documents based on access |
CN108173838A (en) * | 2017-12-26 | 2018-06-15 | 福建星瑞格软件有限公司 | A kind of control auditing method accessed the network equipment |
Non-Patent Citations (1)
Title |
---|
宋良梁: "基于Netfilter框架的上网行为管理***的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111159715A (en) * | 2019-12-24 | 2020-05-15 | 贵州航天计量测试技术研究所 | Industrial control safety audit system and method based on artificial intelligence |
CN111159715B (en) * | 2019-12-24 | 2023-11-14 | 贵州航天计量测试技术研究所 | Industrial control safety audit system and method based on artificial intelligence |
CN111901147A (en) * | 2020-06-28 | 2020-11-06 | 北京可信华泰信息技术有限公司 | Network access control method and device |
CN111901147B (en) * | 2020-06-28 | 2022-08-30 | 北京可信华泰信息技术有限公司 | Network access control method and device |
CN112491965A (en) * | 2020-11-03 | 2021-03-12 | 南方电网数字电网研究院有限公司 | Monitoring data transmission method based on Kafka and Netty framework |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Ahmed et al. | Scada systems: Challenges for forensic investigators | |
US6775657B1 (en) | Multilayered intrusion detection system and method | |
Maier et al. | Enriching network security analysis with time travel | |
US8135838B2 (en) | System and method for providing data and application continuity in a computer system | |
CN104954386B (en) | A kind of network anti-hijacking method and device | |
US20120180120A1 (en) | System for data leak prevention from networks using context sensitive firewall | |
US20030110392A1 (en) | Detecting intrusions | |
US7590844B1 (en) | Decryption system and method for network analyzers and security programs | |
EP3111616A1 (en) | Detecting and managing abnormal data behavior | |
US10192262B2 (en) | System for periodically updating backings for resource requests | |
CN109600395A (en) | A kind of device and implementation method of terminal network access control system | |
US11968235B2 (en) | System and method for cybersecurity analysis and protection using distributed systems | |
Rianafirin et al. | Design network security infrastructure cabling using network development life cycle methodology and ISO/IEC 27000 series in Yayasan Kesehatan (Yakes) Telkom Bandung | |
US10013237B2 (en) | Automated approval | |
CN105245336B (en) | A kind of file encryption management system | |
KR101201629B1 (en) | Cloud computing system and Method for Security Management for each Tenant in Multi-tenancy Environment | |
Killer et al. | Threat management dashboard for a blockchain collaborative defense | |
CN111049853A (en) | Security authentication system based on computer network | |
Ezenwe et al. | Mitigating denial of service attacks with load balancing | |
CN115720171A (en) | Safe intelligent gateway system and data transmission method | |
US9619840B2 (en) | Backing management | |
CN112351044A (en) | Network security system based on big data | |
JP2005156473A (en) | Analysis system using network | |
CN110110511A (en) | A kind of enterprise database secure access device | |
CN110933064A (en) | Method and system for determining user behavior track |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190409 |
|
RJ01 | Rejection of invention patent application after publication |