CN110191102B - Illegal external connection comprehensive monitoring system and method thereof - Google Patents
Illegal external connection comprehensive monitoring system and method thereof Download PDFInfo
- Publication number
- CN110191102B CN110191102B CN201910385733.4A CN201910385733A CN110191102B CN 110191102 B CN110191102 B CN 110191102B CN 201910385733 A CN201910385733 A CN 201910385733A CN 110191102 B CN110191102 B CN 110191102B
- Authority
- CN
- China
- Prior art keywords
- monitoring
- service module
- intranet
- address
- connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an illegal external connection comprehensive monitoring system and a method thereof, wherein the system mainly comprises an internal network support guarantee platform, a monitoring client service module and an external network detector; in the method, an illegal external connection monitoring technology that a monitoring client service module is matched with an external network detector is adopted to monitor the illegal external connection behavior of an internal network computer in real time, and the method can be completely free from the influence of an internet access mode; the method for monitoring the modification of the IP address and the MAC address is adopted, so that the problem that warning information is inaccurate when a user modifies the Internet on the IP address and the MAC address is solved; by adopting a master-slave process protection technology, an intranet user is prevented from escaping from monitoring illegal Internet behaviors by closing the process of the monitoring client service module.
Description
Technical Field
The invention relates to the field of computer network information security, in particular to a system and a method for preventing an internal network computer from illegal external connection.
Background
Currently, information-based networking office models are introduced for daily offices of party administration departments, military departments and enterprises. In order to ensure the effectiveness and the safety of information sharing at the same time, all departments establish own internal networks, prevent information leakage by using a mode of physical isolation from the Internet and block attacks from the Internet. However, due to the reasons of low safety awareness and poor management system execution of the intranet user, the intranet user may intentionally and unintentionally make an illegal external connection, such as connecting the Wifi internet through a wireless network card, connecting the USB network card to the internet, and the like. Once the physical isolation environment is destroyed, a channel for leakage of intranet secret information is opened, and an attack window is provided for hackers and viruses. And the behavior that the intranet secret computer illegally connects the Internet is illegal external connection.
The behavior of illegal external connection is divided into networking external connection (connecting an intranet and simultaneously connecting the internet by using another internet access or a wireless network card) and offline external connection (connecting the internet after disconnecting the intranet). Illegal external connection monitoring mode packet sending detection mode in distributed network[1]And client mode[2]Two kinds. The internal network packet sending detection mode cannot monitor the behavior of off-line and external connection. The currently disclosed client monitoring scheme has a complex program structure and weak real-time performance, and cannot solve the problem of bypassing external connection after monitoring by modifying an IP address and an MAC address, closing a monitoring client and the like.
Reference to the literature
[1] Lei Qilin, design and implementation of intranet and extranet monitoring system, Guilin electronic technology university 2006
[2] Zhang Zhujun, an illegal external connection alarm and blocking method, institute of information and engineering of Chinese academy of sciences, 2013
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide an illegal external connection comprehensive monitoring system and a method thereof, standardizing the use habits of intranet users by technical means, promoting the implementation of network security and confidentiality regulation and improving the network security management level.
In order to achieve the purpose, the invention adopts the following technical scheme:
an illegal external connection comprehensive monitoring system comprises an internal network support and guarantee platform, a monitoring client service module and an external network detector;
the intranet support guarantee platform is used for storing the type of an intranet computer to be monitored, binding information between an IP address and an MAC address, configuring a monitoring strategy of a monitoring client service module, synchronizing the monitoring strategy with the corresponding monitoring client service module through an intranet, and receiving and managing alarm information; the monitoring strategy comprises the interval duration between each monitoring, the legal IP address and MAC address of the intranet computer where the monitoring client service module is located, and the address of the extranet detector;
the monitoring client service module is arranged on a monitored intranet computer and used for trying to connect an extranet detector every set time according to a monitoring strategy and disconnecting the network connection of the monitored intranet computer once the connection is successful;
the extranet detector is installed in an internet server and used for sending alarm information to monitoring personnel when the extranet detector detects connection.
Furthermore, the intranet support guarantee platform comprises an intranet computer connection management unit and an alarm information management unit; the intranet computer connection management unit is used for storing binding information among the type, IP address and MAC address of the monitored intranet computer, configuring a monitoring strategy of the monitoring client service module and synchronizing the monitoring strategy with the corresponding monitoring client service module through the intranet; the alarm information management unit is used for receiving and managing alarm information.
Furthermore, the external network detector comprises a connection monitoring unit and an alarm information sending unit; the connection monitoring unit is used for detecting whether a connection request is received; and the alarm information sending unit is used for sending alarm information to monitoring personnel when the connection monitoring unit receives the connection request.
Further, the monitoring client service module comprises a main service module and a protection service module; the main service module is used for trying to connect the external network detector at intervals of set time according to a monitoring strategy, and disconnecting the network connection of the monitored internal network computer once the connection is successful; the protection service module is used for protecting the main service module, the main service module and the protection service module are started simultaneously and detect whether the opposite side is closed at regular time, and the opposite side is started again when the opposite side is found to be closed.
The invention also provides a method for carrying out illegal external connection comprehensive monitoring, blocking and alarming by utilizing the system, which comprises the following steps:
s1, installing a monitoring client service module on a monitored intranet computer, installing an extranet detector on an internet server, and deploying an intranet support guarantee platform on an intranet;
s2, storing binding information among the models, IP addresses and MAC addresses of all monitored intranet computers in the intranet support guarantee platform;
s3, configuring a monitoring strategy of each monitoring client service module in the intranet supporting and guaranteeing platform, and synchronizing the monitoring strategy with the corresponding monitoring client service module through the intranet; the monitoring strategy comprises the interval duration between each monitoring, the address of an external network detector, and the legal IP address and the MAC address of an internal network computer where the monitoring client service module is located;
s4, the monitoring client service module tries to connect the external network detector every set time according to the monitoring strategy, and if the connection is successful, the network connection of the monitored internal network computer is disconnected; and sending alarm information to monitoring personnel after the external network detector detects that the external network detector is connected.
Further, the method also comprises the following steps:
and the monitoring client service module detects the IP address and the MAC address of the monitored intranet computer at set intervals, compares the detected IP address and the MAC address with the legal IP address and the MAC address in the monitoring strategy, and disconnects the network connection of the intranet computer if the detected IP address and the MAC address are inconsistent.
Further, the method also comprises the following steps:
when the monitoring client service module is started, the main service module and the protection service module are started at the same time, the main service module and the protection service module detect whether the opposite side is closed or not at set time intervals, and once the opposite side is closed, the opposite side is started again immediately.
Further, in step S3, the intranet support and guarantee platform performs synchronization of the monitoring policy with the monitoring client service module in a polling manner.
Further, in step S4, the extranet probe sends an alarm message to the monitoring personnel by using one or both of short message and email.
Further, in step S4, when the illegal external connection behavior of the intranet computer is networking external connection, the monitoring client service module sends an alarm message to the intranet support and safeguard platform through the intranet after successfully connecting the extranet detector, and then disconnects the network connection of the monitored intranet computer; when the illegal external connection behavior is off-line external connection, the monitoring personnel receives the alarm information and then manually inputs the alarm information to the internal network support and guarantee platform; and the intranet support guarantee platform receives the alarm information and then stores and manages the alarm information.
The invention has the beneficial effects that:
1. the invention adopts the illegal external connection monitoring technology of the cooperation of the monitoring client service module and the external network detector, can monitor the illegal external connection behavior of the internal network computer in real time, and can be completely free from the influence of the mode of accessing the Internet.
2. The invention adopts a mode of monitoring the modification of the IP address and the MAC address, and solves the problem that the warning information is inaccurate when a user modifies the Internet on the IP address and the MAC address.
3. The invention adopts a master-slave process protection technology to prevent an intranet user from closing the process of the monitoring client service module and effectively avoid the behavior of escaping from monitoring the internet in violation.
Drawings
FIG. 1 is a schematic flow chart of the overall process of example 2 of the present invention;
fig. 2 is a schematic diagram of a monitoring client service module status detection process in embodiment 2 of the present invention.
Detailed Description
The present invention will be further described with reference to the accompanying drawings, and it should be noted that the present embodiment is based on the technical solution, and the detailed implementation and the specific operation process are provided, but the protection scope of the present invention is not limited to the present embodiment.
Example 1
The embodiment provides an illegal external connection comprehensive monitoring system which comprises an internal network support and guarantee platform, a monitoring client service module and an external network detector;
the intranet support guarantee platform is used for storing the type of an intranet computer to be monitored, binding information between an IP address and an MAC address, configuring a monitoring strategy of a monitoring client service module, synchronizing the monitoring strategy with the corresponding monitoring client service module through an intranet, and receiving and managing alarm information; the monitoring strategy comprises the interval duration between each monitoring, the legal IP address and MAC address of the intranet computer where the monitoring client service module is located, and the address of the extranet detector;
the monitoring client service module is arranged on a monitored intranet computer and is used for trying to connect an extranet detector every set time according to a monitoring strategy, and disconnecting the network connection of the monitored intranet computer once the connection is successful (the connection is proved to be illegal and external connection of the intranet computer);
the extranet detector is installed in an internet server and used for sending alarm information to monitoring personnel when the extranet detector detects connection.
In this embodiment, the intranet support security platform includes an intranet computer connection management unit and an alarm information management unit; the intranet computer connection management unit is used for storing binding information among the type, IP address and MAC address of the monitored intranet computer, configuring a monitoring strategy of the monitoring client service module and synchronizing the monitoring strategy with the corresponding monitoring client service module through the intranet; the alarm information management unit is used for receiving and managing alarm information.
In this embodiment, the extranet detector includes a connection monitoring unit and an alarm information sending unit; the connection monitoring unit is used for detecting whether a connection request is received; and the alarm information sending unit is used for sending alarm information to monitoring personnel when the connection monitoring unit receives the connection request.
In this embodiment, the monitoring client service module includes a main service module and a protection service module; the main service module is used for trying to connect the external network detector at intervals of set time according to a monitoring strategy, and disconnecting the network connection of the monitored internal network computer once the connection is successful; the protection service module is used for protecting the main service module, the main service module and the protection service module are started simultaneously and detect whether the opposite side is closed at regular time, and the opposite side is started again when the opposite side is found to be closed.
Example 2
The embodiment provides a method for performing comprehensive monitoring, blocking and alarming of illegal external connection by using the system described in embodiment 1, as shown in fig. 1, comprising the following steps:
s1, installing a monitoring client service module on a monitored intranet computer, installing an extranet detector on an internet server, and deploying an intranet support guarantee platform on an intranet;
s2, storing binding information among the models, IP addresses and MAC addresses of all monitored intranet computers in the intranet support guarantee platform;
s3, configuring a monitoring strategy of each monitoring client service module in the intranet supporting and guaranteeing platform, and synchronizing the monitoring strategy with the corresponding monitoring client service module through the intranet; the monitoring strategy comprises the interval duration between each monitoring, the address of an external network detector, and the legal IP address and the MAC address of an internal network computer where the monitoring client service module is located;
the intranet support guarantee platform scans the intranet computer when a newly-accessed intranet computer exists, confirms that no intranet computer with an unregistered IP address and an unregistered MAC address exists, and does not have an intranet computer with an inconsistent binding of the IP address and the MAC address or a monitoring client service module.
S4, the monitoring client service module tries to connect the extranet detector every set time according to the monitoring strategy, if the connection is successful, the network connection of the monitored intranet computer is disconnected (the user can be informed by popping up a locking interface); and sending alarm information to monitoring personnel after the external network detector detects that the external network detector is connected.
The monitoring client service module generates an unlocking code before the network connection of the monitored intranet computer is disconnected for subsequent recovery of network connection.
Further, as shown in fig. 2, in order to ensure that the connection of the intranet computer is consistent with the binding information stored in the intranet support guarantee platform, the method further includes the following steps:
the monitoring client service module detects the IP address and the MAC address of the monitored intranet computer at set time intervals, compares the detected IP address and the MAC address with the legal IP address and the MAC address in the monitoring strategy, and disconnects the network connection of the intranet computer (a user can be notified in a mode of popping up a locking interface) if the detected IP address and the MAC address are inconsistent.
Similarly, the monitoring client service module generates an unlocking code before disconnecting the network connection of the intranet computer for subsequent recovery of the network connection.
Further, as shown in fig. 2, in order to prevent the user of the intranet computer from closing the monitoring client service module, the method further includes the following steps:
when the monitoring client service module is started, the main service module and the protection service module are started at the same time, the main service module and the protection service module detect whether the opposite side is closed or not at set time intervals, and once the opposite side is closed, the opposite side is started again immediately.
In this embodiment, in step S3, the intranet support and guarantee platform performs synchronization of the monitoring policy with the monitoring client service module in a polling manner. When the monitoring strategy changes, the monitoring strategy can be timely synchronized with the monitoring client service module.
In this embodiment, in step S4, the extranet probe sends an alarm message to the monitoring person by using one or both of short message and email. The mobile phone number and the mailbox address of the monitoring personnel are pre-configured in the external network detector.
In this embodiment, in step S4, when the illegal external connection behavior of the intranet computer is networking external connection, the monitoring client service module sends an alarm message to the intranet support and safeguard platform (specifically, the alarm message management unit) through the intranet after successfully connecting the extranet detector, and then disconnects the network connection of the monitored intranet computer; when the illegal external connection behavior is off-line external connection, the monitoring personnel receives the alarm information and then manually inputs the alarm information to the internal network support and guarantee platform; and the intranet support guarantee platform receives the alarm information and then stores and manages the alarm information. In subsequent processing, monitoring personnel can view the alarm information and take measures (such as punishing relevant users) on the intranet support and guarantee platform.
Further, the alarm information may include illegal external connection time, alarm time, IP address and MAC address of the intranet computer performing illegal external connection, and violation information.
Various corresponding changes and modifications can be made by those skilled in the art based on the above technical solutions and concepts, and all such changes and modifications should be included in the protection scope of the present invention.
Claims (7)
1. An illegal external connection comprehensive monitoring system is characterized by comprising an internal network support and guarantee platform, a monitoring client service module and an external network detector;
the intranet support guarantee platform is used for storing the type of an intranet computer to be monitored, binding information between an IP address and an MAC address, configuring a monitoring strategy of a monitoring client service module, synchronizing the monitoring strategy with the corresponding monitoring client service module through an intranet, and receiving and managing alarm information; the monitoring strategy comprises the interval duration between each monitoring, the legal IP address and MAC address of the intranet computer where the monitoring client service module is located, and the address of the extranet detector;
the monitoring client service module is arranged on a monitored intranet computer and comprises a main service module and a protection service module; the main service module is used for trying to connect the external network detector at intervals of set time according to a monitoring strategy, and disconnecting the network connection of the monitored internal network computer once the connection is successful; the protection service module is used for protecting the main service module, the main service module and the protection service module are started simultaneously and detect whether the opposite side is closed at regular time, and the opposite side is started again when the opposite side is found to be closed; the monitoring client service module is also used for detecting the IP address and the MAC address of the monitored intranet computer at set time intervals, comparing the IP address and the MAC address with the legal IP address and the MAC address in the monitoring strategy, and disconnecting the network connection of the intranet computer if the IP address and the MAC address are inconsistent;
the extranet detector is installed in an internet server and used for sending alarm information to monitoring personnel when the extranet detector detects connection.
2. The illegal externally-connected integrated monitoring system according to claim 1, wherein the intranet support and safeguard platform comprises an intranet computer connection management unit and an alarm information management unit; the intranet computer connection management unit is used for storing binding information among the type, IP address and MAC address of the monitored intranet computer, configuring a monitoring strategy of the monitoring client service module and synchronizing the monitoring strategy with the corresponding monitoring client service module through the intranet; the alarm information management unit is used for receiving and managing alarm information.
3. The illegal externally-connected integrated monitoring system according to claim 1, wherein the external network detector comprises a connection monitoring unit and an alarm information sending unit; the connection monitoring unit is used for detecting whether a connection request is received; and the alarm information sending unit is used for sending alarm information to monitoring personnel when the connection monitoring unit receives the connection request.
4. A method for integrated illegal external connection monitoring, blocking and alarming by using the system of any one of claims 1-3, comprising the steps of:
s1, installing a monitoring client service module on a monitored intranet computer, installing an extranet detector on an internet server, and deploying an intranet support guarantee platform on an intranet;
s2, storing binding information among the models, IP addresses and MAC addresses of all monitored intranet computers in the intranet support guarantee platform;
s3, configuring a monitoring strategy of each monitoring client service module in the intranet supporting and guaranteeing platform, and synchronizing the monitoring strategy with the corresponding monitoring client service module through the intranet; the monitoring strategy comprises the interval duration between each monitoring, the address of an external network detector, and the legal IP address and the MAC address of an internal network computer where the monitoring client service module is located;
s4, the monitoring client service module tries to connect the external network detector every set time according to the monitoring strategy, and if the connection is successful, the network connection of the monitored internal network computer is disconnected; sending alarm information to a monitoring person after the external network detector detects that the external network detector is connected; the monitoring client service module detects the IP address and the MAC address of the monitored intranet computer at set time intervals, compares the IP address and the MAC address with the legal IP address and the MAC address in the monitoring strategy, and disconnects the network connection of the intranet computer if the IP address and the MAC address are inconsistent;
when the monitoring client service module is started, the main service module and the protection service module are started at the same time, the main service module and the protection service module detect whether the opposite side is closed or not at set time intervals, and once the opposite side is closed, the opposite side is started again immediately.
5. The method according to claim 4, wherein in step S3, the intranet support security platform performs synchronization of the monitoring policy with the monitoring client service module in a polling manner.
6. The method of claim 4, wherein in step S4, the extranet probe sends the alarm information to the monitoring personnel by using one or both of short message and mail.
7. The method according to claim 4, wherein in step S4, when the illegal external connection behavior of the intranet computer is networking external connection, the monitoring client service module sends an alarm message to the intranet support and safeguard platform through the intranet after successfully connecting the extranet detector, and then disconnects the network connection of the monitored intranet computer; when the illegal external connection behavior is off-line external connection, the monitoring personnel receives the alarm information and then manually inputs the alarm information to the internal network support and guarantee platform; and the intranet support guarantee platform receives the alarm information and then stores and manages the alarm information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910385733.4A CN110191102B (en) | 2019-05-09 | 2019-05-09 | Illegal external connection comprehensive monitoring system and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910385733.4A CN110191102B (en) | 2019-05-09 | 2019-05-09 | Illegal external connection comprehensive monitoring system and method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110191102A CN110191102A (en) | 2019-08-30 |
CN110191102B true CN110191102B (en) | 2021-12-21 |
Family
ID=67715934
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910385733.4A Active CN110191102B (en) | 2019-05-09 | 2019-05-09 | Illegal external connection comprehensive monitoring system and method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110191102B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111917701A (en) * | 2020-03-31 | 2020-11-10 | 北京融汇画方科技有限公司 | Passive checking online violation external connection technology based on non-client mode |
CN111917702A (en) * | 2020-03-31 | 2020-11-10 | 北京融汇画方科技有限公司 | Non-client-side mode passive checking off-line illegal external connection technology |
CN113938305B (en) * | 2021-10-18 | 2024-04-26 | 杭州安恒信息技术股份有限公司 | Illegal external connection judging method, system and device |
CN114244808B (en) * | 2021-11-17 | 2023-08-08 | 广东电网有限责任公司 | Offline illegal external connection method and device based on passive inspection of non-client mode |
CN114553734A (en) * | 2022-01-05 | 2022-05-27 | 重庆东电通信技术有限公司 | Open type Internet of things terminal evaluation system |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101521578A (en) * | 2009-04-03 | 2009-09-02 | 北京邮电大学 | Method for detecting computer illegal external connection in closed network |
CN102006186A (en) * | 2010-11-16 | 2011-04-06 | 暨南大学 | System for monitoring illegal external connection of intranet equipment and method thereof |
CN102315992A (en) * | 2011-10-21 | 2012-01-11 | 北京海西赛虎信息安全技术有限公司 | Detection method for illegal external connection |
CN103391216A (en) * | 2013-07-15 | 2013-11-13 | 中国科学院信息工程研究所 | Alarm and blocking method for illegal external connections |
CN103441864A (en) * | 2013-08-12 | 2013-12-11 | 江苏华大天益电力科技有限公司 | Method for monitoring illegal external connection of terminal equipment |
CN107426208A (en) * | 2017-07-24 | 2017-12-01 | 郑州云海信息技术有限公司 | A kind of method for monitoring network illegal external connection |
CN107733706A (en) * | 2017-09-30 | 2018-02-23 | 北京北信源软件股份有限公司 | The illegal external connection monitoring method and system of a kind of no agency |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104915252B (en) * | 2015-06-15 | 2018-04-06 | 上海斐讯数据通信技术有限公司 | A kind of process port management means and method |
CN108833155A (en) * | 2018-03-19 | 2018-11-16 | 山东超越数控电子股份有限公司 | A kind of two-node cluster hot backup storage system |
-
2019
- 2019-05-09 CN CN201910385733.4A patent/CN110191102B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101521578A (en) * | 2009-04-03 | 2009-09-02 | 北京邮电大学 | Method for detecting computer illegal external connection in closed network |
CN102006186A (en) * | 2010-11-16 | 2011-04-06 | 暨南大学 | System for monitoring illegal external connection of intranet equipment and method thereof |
CN102315992A (en) * | 2011-10-21 | 2012-01-11 | 北京海西赛虎信息安全技术有限公司 | Detection method for illegal external connection |
CN103391216A (en) * | 2013-07-15 | 2013-11-13 | 中国科学院信息工程研究所 | Alarm and blocking method for illegal external connections |
CN103441864A (en) * | 2013-08-12 | 2013-12-11 | 江苏华大天益电力科技有限公司 | Method for monitoring illegal external connection of terminal equipment |
CN107426208A (en) * | 2017-07-24 | 2017-12-01 | 郑州云海信息技术有限公司 | A kind of method for monitoring network illegal external connection |
CN107733706A (en) * | 2017-09-30 | 2018-02-23 | 北京北信源软件股份有限公司 | The illegal external connection monitoring method and system of a kind of no agency |
Also Published As
Publication number | Publication date |
---|---|
CN110191102A (en) | 2019-08-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110191102B (en) | Illegal external connection comprehensive monitoring system and method thereof | |
US11775622B2 (en) | Account monitoring | |
US8667581B2 (en) | Resource indicator trap doors for detecting and stopping malware propagation | |
US9294505B2 (en) | System, method, and computer program product for preventing a modification to a domain name system setting | |
US8997201B2 (en) | Integrity monitoring to detect changes at network device for use in secure network access | |
US20110078792A1 (en) | System and method for providing network security | |
US20040083408A1 (en) | Heuristic detection and termination of fast spreading network worm attacks | |
CN101626368A (en) | Device, method and system for preventing web page from being distorted | |
CN103391216A (en) | Alarm and blocking method for illegal external connections | |
CN101188557A (en) | Method, client, server and system for managing user network access behavior | |
CN109120599A (en) | A kind of external connection managing and control system | |
CN111556473A (en) | Abnormal access behavior detection method and device | |
US8161558B2 (en) | Network management and administration | |
CN112788035A (en) | Network attack warning method of UPF terminal under 5G and terminal | |
US10826944B1 (en) | Systems and methods for network security | |
CN101540681A (en) | Method and system for monitoring computer network connection statuses | |
CN103618613A (en) | Network access control system | |
US9124618B2 (en) | Process of reliability for the generation of warning messages on a network of synchronized data | |
CN112187699B (en) | Method and system for sensing file theft | |
CN110912869A (en) | Big data-based monitoring and reminding method | |
EP2911362B1 (en) | Method and system for detecting intrusion in networks and systems based on business-process specification | |
KR20130033161A (en) | Intrusion detection system for cloud computing service | |
CN110674499A (en) | Method, device and storage medium for identifying computer threat | |
CN109275136A (en) | Block the method and system of Wi-Fi malicious attack | |
CN111556024B (en) | Reverse access control system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20230424 Address after: 471000 intersection of Yingzhou road and Guanlin Road, Luolong District, Luoyang City, Henan Province Patentee after: UNIT 63891 OF PLA Address before: 471000 Room 101, building 20, courtyard 104, Tianjin Road, Jianxi District, Luoyang City, Henan Province Patentee before: Huang Zhiying |