Disclosure of Invention
The invention provides a network security configuration method, equipment and a storage medium, which are used for realizing the automatic completion of the configuration of network security policies.
A first aspect of the present invention provides a network security configuration method, the method including:
determining a target object of a network security policy to be configured according to the related information of the target service application system;
determining a target network security policy corresponding to the target object according to the attribute information of the target object;
selecting at least one target connection mode from a plurality of alternative connection modes according to the attribute information of the target object;
and sending an operation instruction to the target object in the target connection mode, so that the target object sets the network security policy as the target security policy according to the operation instruction.
Optionally, the determining, according to the related information of the target service application system, the target object of the network security policy to be configured includes:
determining a target network area where the target service application system is located according to the routing information of the target service application system;
and acquiring a target object of a network security policy to be configured, which is related to the target service application system, in the target network area, wherein the target object comprises at least one of network equipment and a security software and hardware product.
Optionally, the determining, according to the attribute information of the target object, a target network security policy corresponding to the target object includes:
if the target object is a firewall, selecting a corresponding security protection rule from preset network security policies according to the port number and/or the IP address of the target service application system, and determining the security protection rule as the target network security policy of the firewall.
Optionally, the determining, according to the attribute information of the target object, a target network security policy corresponding to the target object includes:
if the target equipment is the network middleware, selecting a corresponding security protection rule from preset network security policies according to version and/or type information of the network middleware, and determining the security protection rule as the target network security policy of the network middleware.
Optionally, the determining, according to the attribute information of the target object, a target network security policy corresponding to the target object includes:
if the target equipment is a database, selecting a corresponding security protection rule from preset network security policies according to version and/or type information of the database, and determining the security protection rule as the target network security policy of the database.
Optionally, the plurality of alternative connection modes include at least one of an SNMP connection mode, a connection mode of an analog terminal, and a connection mode of an analog browser access.
Optionally, the sending, by the target connection manner, an operation instruction to the target object includes:
if the target connection mode is an SNMP connection mode, connecting the target object through an SNMP protocol, and sending an operation instruction to the target object; or alternatively
If the target connection mode is the connection mode of the analog terminal, connecting the target object through an SSH protocol or a Telnet protocol, and sending an operation instruction to the target object by adopting the mode of the analog terminal; or alternatively
If the target connection mode is a connection mode simulating browser access, accessing a background management page of the target object, and simulating an operation instruction of submitting a form in the background management page.
Optionally, the method further comprises:
and after the target object completes the setting of the target security policy, sending a simulated access instruction and/or a simulated attack instruction to the target service application system so as to verify the network security policy of the target object.
A second aspect of the present invention provides a network security configuration apparatus, comprising:
the determining module is used for determining a target object of the network security policy to be configured according to the related information of the target service application system; determining a target network security policy corresponding to the target object according to the attribute information of the target object;
the connection module is used for selecting at least one target connection mode from a plurality of alternative connection modes according to the attribute information of the target object;
and the setting module is used for sending an operation instruction to the target object in the target connection mode so that the target object sets the network security policy as the target security policy according to the operation instruction.
Optionally, the determining module is configured to, when determining the target object of the network security policy to be configured according to the related information of the target service application system:
determining a target network area where the target service application system is located according to the routing information of the target service application system;
and acquiring a target object of a network security policy to be configured, which is related to the target service application system, in the target network area, wherein the target object comprises at least one of network equipment and a security software and hardware product.
Optionally, the determining module is configured to, when determining, according to attribute information of the target object, a target network security policy corresponding to the target object:
if the target object is a firewall, selecting a corresponding security protection rule from preset network security policies according to the port number and/or the IP address of the target service application system, and determining the security protection rule as the target network security policy of the firewall.
Optionally, the determining module is configured to, when determining, according to attribute information of the target object, a target network security policy corresponding to the target object:
if the target equipment is the network middleware, selecting a corresponding security protection rule from preset network security policies according to version and/or type information of the network middleware, and determining the security protection rule as the target network security policy of the network middleware.
Optionally, the determining module is configured to, when determining, according to attribute information of the target object, a target network security policy corresponding to the target object:
if the target equipment is a database, selecting a corresponding security protection rule from preset network security policies according to version and/or type information of the database, and determining the security protection rule as the target network security policy of the database.
Optionally, the plurality of alternative connection modes include at least one of an SNMP connection mode, a connection mode of an analog terminal, and a connection mode of an analog browser access.
Optionally, when sending an operation instruction to the target object through the target connection mode, the setting module is configured to:
if the target connection mode is an SNMP connection mode, connecting the target object through an SNMP protocol, and sending an operation instruction to the target object; or alternatively
If the target connection mode is the connection mode of the analog terminal, connecting the target object through an SSH protocol or a Telnet protocol, and sending an operation instruction to the target object by adopting the mode of the analog terminal; or alternatively
If the target connection mode is a connection mode simulating browser access, accessing a background management page of the target object, and simulating an operation instruction of submitting a form in the background management page.
Optionally, the setting instruction is further configured to:
and after the target object completes the setting of the target security policy, sending a simulated access instruction and/or a simulated attack instruction to the target service application system so as to verify the network security policy of the target object.
A third aspect of the present invention provides an electronic apparatus, comprising:
a memory for storing a computer program;
a processor for running a computer program stored in the memory to implement the method as described in the first aspect.
A fourth aspect of the present invention is to provide a computer-readable storage medium having a computer program stored thereon;
the computer program, when executed by a processor, implements the method as described in the first aspect.
According to the network security configuration method, the network security configuration equipment and the storage medium, the target object of the network security policy to be configured is determined according to the related information of the target service application system; determining a target network security policy corresponding to the target object according to the attribute information of the target object; selecting at least one target connection mode from a plurality of alternative connection modes according to the attribute information of the target object; and sending an operation instruction to the target object in a target connection mode, so that the target object sets the network security policy as a target security policy according to the operation instruction. The embodiment of the invention can automatically determine the target object of the network security policy to be configured and the corresponding target network security policy, and then realize the issuing of the operation instruction through a proper connection mode, thereby completing the configuration of the target security policy of the target object, avoiding the situations of incomplete manual analysis, analysis error, manual configuration policy error, configuration omission and the like, and ensuring the security protection capability of the target service application system.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
When a service application system is on line, operation and maintenance personnel are required to analyze manually, identify which network devices and security software and hardware products need to be configured, what network security policies need to be configured, and then log in the network devices and security software and hardware product systems one by one to configure the network security policies.
The existing network security policy configuration method is based on manual analysis, and may have the conditions of incomplete analysis, analysis error, manual configuration policy error, missing configuration and the like, thereby affecting the security protection capability of the service application system.
In order to solve the technical problems, the network security configuration method provided by the invention can determine the target object of the network security policy to be configured according to the related information of the target service application system; determining a target network security policy corresponding to the target object according to the attribute information of the target object; selecting at least one target connection mode from a plurality of alternative connection modes according to the attribute information of the target object; and sending an operation instruction to the target object in a target connection mode, so that the target object sets the network security policy as a target security policy according to the operation instruction. Through the process, the target object of the network security policy to be configured and the corresponding target network security policy can be automatically determined, and then the operation instruction is issued through a proper connection mode, so that the configuration of the target security policy of the target object is completed, the situations of incomplete manual analysis, analysis errors, manual configuration policy errors, configuration omission and the like are avoided, and the security protection capability of the target service application system is ensured.
The network security configuration method provided by the embodiment of the invention is suitable for the application scene shown in fig. 1, and comprises a server 101 and a target service application system 102; the target service application system 102 includes network devices, secure software and hardware products, and the like, and the server 101 and the network devices and the secure software and hardware products in the target service application system 102 can be connected through a plurality of alternative connection modes, for example, at least one of an SNMP (Simple Network Management Protocol ) connection mode, a connection mode of a simulation terminal, and a connection mode of a simulation browser access; the server 101 may determine a target object of the network security policy to be configured according to the related information of the target service application system, where the target object includes at least one of a network device and a security software product; determining a target network security policy corresponding to the target object according to the attribute information of the target object; selecting at least one target connection mode from a plurality of alternative connection modes according to the attribute information of the target object; and sending an operation instruction to the target object in a target connection mode, so that the target object sets the network security policy as a target security policy according to the operation instruction.
The network security configuration process is explained and illustrated in detail below in connection with specific embodiments.
Fig. 2 is a flowchart of a network security configuration method according to an embodiment of the present invention. The embodiment provides a network security configuration method, which is applied to electronic equipment such as a terminal or a server, and the method comprises the following specific steps:
s201, determining a target object of the network security policy to be configured according to the related information of the target service application system.
In this embodiment, when the target service application system is online, or when network security configuration is required, it may be determined which target objects need to be configured for network security. The target object comprises at least one of a network device and a secure software and hardware product.
Optionally, relevant information of the target service application system input by the user may be received, including, but not limited to, routing information such as an IP address, port number information, version and type of network middleware, version and type of database, etc., so that a target object of the network security policy to be configured may be determined based on the relevant information of the target service application system, for example, for the target service application system to be online, network equipment, a security software and hardware product through which the target service application system is online may be determined based on the relevant information of the target service application system, as the target object for determining the network security policy to be configured.
In an alternative embodiment, as shown in fig. 3, the determining, according to the related information of the target service application system, the target object of the network security policy to be configured may specifically include:
s301, determining a target network area where a target service application system is located according to routing information of the target service application system;
s302, a target object of a network security policy to be configured, which is related to the target service application system, in the target network area is obtained, wherein the target object comprises at least one of network equipment and a security software and hardware product.
In this embodiment, the information network may be divided into different network areas or security areas, where each network area includes various network devices and security software and hardware products, and the target service application system may be located in a certain network area, and the target network area where the target service application system is located may be determined according to the routing information of the target service application system, so that the network devices and security software and hardware products related to the target service application system may be determined in the target network area and used as the target object of the network security policy to be configured, so that security policy configuration is performed on the target object in the target network area without affecting other network areas.
S202, determining a target network security policy corresponding to the target object according to the attribute information of the target object.
In this embodiment, after determining the target object, it is further required to determine a target network security policy corresponding to the target object, and multiple preset network security policies may be preconfigured, so that an appropriate target network security policy is selected from the preset security policies based on attribute information of the target object, where the attribute information of the target object includes, but is not limited to, version, type, manufacturer, function, and so on. The preset network security policy can be a built-in default network security policy, and a user can add, delete and modify the network security policy according to own needs, and can also make a policy template for use.
Optionally, if the target object is a firewall, selecting a corresponding security protection rule from preset network security policies according to a port number and/or an IP address of the target service application system, and determining the security protection rule as the target network security policy of the firewall.
Specifically, according to the port number, it can be determined what security protection rule should be enabled, for example, the 22 port number should enable the security protection rule related to the SSH protocol, and the 80 port number should enable the security protection rule related to the WEB; meanwhile, the IP address and the port number can be combined to determine the firewall access control rule.
Optionally, if the target device is a network middleware, according to version and/or type information of the network middleware, selecting a corresponding security protection rule from preset network security policies, and determining the security protection rule as the target network security policy of the network middleware.
Specifically, according to the version and type of the network middleware, what security protection rule is enabled can be determined, what scanning rule is enabled can also be determined, for example, for the Apache middleware, the security protection rule related to the Apache vulnerability should be enabled, and when the security policy verification is performed, the scanning rule related to the Apache should be selected for the network security policy verification.
Optionally, if the target device is a database, selecting a corresponding security protection rule from preset network security policies according to version and/or type information of the database, and determining the security protection rule as the target network security policy of the database.
Specifically, it can determine which security area, which network area and which server the database is located on according to the IP address of the database, what security protection rule is enabled according to the version and type of the database, and what scanning rule is enabled, for example, for MySQL database, the security protection rule related to MySQL vulnerability should be enabled, and when performing security policy verification, the scanning rule related to MySQL database should be selected for network security policy verification.
S203, selecting at least one target connection mode from a plurality of alternative connection modes according to the attribute information of the target object.
In this embodiment, since the target objects are various, in order to improve the adaptation degree, and to be compatible with more kinds of target objects, network security configuration can be performed on more kinds of target objects, and in this embodiment, a plurality of alternative connection modes are configured, and further, at least one target connection mode can be selected from the alternative connection modes according to attribute information of the target objects.
Optionally, the plurality of alternative connection modes include at least one of an SNMP connection mode, a connection mode of an analog terminal, and a connection mode of an analog browser access; of course, alternative connection methods are not limited to the above-listed connection components, and other connection methods are also possible.
The SNMP protocol is a standard protocol specially designed for managing network nodes (servers, workstations, routers, switches, HUBS, etc.) in an IP network, and is an application layer protocol. SNMP enables network administrators to manage network performance, discover and solve network problems, and plan network growth. The management device can acquire the running state and/or the safety protection state of the network device and the safety software and hardware products through the SNMP connection component; if the network equipment, the safety software and hardware products support the writing function of the SNMP protocol and the management equipment has writing authority, the management equipment can send configuration instructions of the network safety strategy based on the SNMP protocol through the SNMP connection component.
The connection mode of the analog terminal can be connected with each network device and each Secure software and hardware product through an SSH (Secure Shell) protocol or a Telnet (Telnet) protocol, wherein the SSH is a protocol special for providing security for a Telnet session and other network services, and the Telnet protocol is a standard protocol and a main mode of Internet Telnet service, thereby providing the capability of completing remote host work on a local computer for a user. The management equipment can acquire the running state and/or the safety protection state of the network equipment and the safety software and hardware products in a mode of simulating terminal connection; in addition, the management device can send a configuration instruction of the network security policy based on the SSH protocol or the Telnet protocol by simulating a terminal connection mode.
The connection mode of the simulated browser access can access the Web background management pages of each network device and the safety software and hardware products in a mode of simulating the Web browser, and can simulate the behaviors of various different Web browsers, such as a *** browser, an IE browser, a firefox browser and the like, and the running states and/or the safety protection states of the network devices and the safety software and hardware products are obtained by accessing the Web background management pages of each network device and the safety software and hardware products; in addition, the management device can simulate the configuration instruction of the network security policy input in the Web background management page of the network device and the security software and hardware products by simulating the Web browser, and submit the configuration instruction.
Optionally, in this embodiment, at least one target connection mode is selected from a plurality of alternative connection modes according to attribute information of the target object, specifically, the target connection mode may be selected according to manufacturer and/or model of the target object, for example, the SNMP protocol is not supported for some manufacturer and/or model of the target object, and an SNMP protocol interface is not provided, and the SNMP connection mode cannot be adopted; for some Linux systems and target objects without Web interfaces, the connection mode of the simulation terminal can be selected; for some target objects, such as routers, which adopt a Web browser as a Web management background page, a connection mode simulating browser access can be selected.
Of course, the target object may not only support one connection mode, for example, some target objects may support an SNMP connection mode and an analog terminal connection mode at the same time, and an appropriate target connection mode may be selected from the supported connection modes, for example, the SNMP connection mode occupies the least resources, the SNMP connection mode may be selected when the resource occupancy rate of the CPU, the memory, etc. is higher, and other connection modes may be selected when the resource occupancy rate of the CPU, the memory, etc. is not higher; of course, a plurality of target connection modes can be selected to cooperate with each other. Of course, the policy of selecting the target connection mode is not limited to the above example, and more policies of selecting the target connection mode are not described here.
It should be noted that, in the present embodiment, the order of executing S202 and S203 may not be limited.
S204, sending an operation instruction to the target object in the target connection mode, so that the target object sets the network security policy as the target security policy according to the operation instruction.
In this embodiment, after determining the target security policy and the target connection mode, an operation instruction may be sent to the target object through the target connection mode, so that the target object sets the network security policy according to the operation instruction, and sets the network security policy as the target security policy.
Optionally, based on the foregoing embodiment, the sending, by the target connection manner, an operation instruction to the target object may specifically include:
if the target connection mode is an SNMP connection mode, connecting the target object through an SNMP protocol, and sending an operation instruction to the target object; or alternatively
If the target connection mode is the connection mode of the analog terminal, connecting the target object through an SSH protocol or a Telnet protocol, and sending an operation instruction to the target object by adopting the mode of the analog terminal; or alternatively
If the target connection mode is a connection mode simulating browser access, accessing a background management page of the target object, and simulating an operation instruction of submitting a form in the background management page.
By the mode, the configuration of the network security policy can be realized for different target objects, and most network equipment and security software and hardware products on the market are compatible.
As a specific example of the above embodiments, relevant information of the target service application system input by the user may be received, including but not limited to routing information such as IP address and port number information, version and type of network middleware, version and type of database, etc., according to the input relevant IP address and port number information, network equipment and security software and hardware products required to be passed through by the online release of the target service application system may be determined, and by selecting a target connection manner, the network equipment and security software and hardware products are connected, and then the determined network security policy required to be enabled may be issued, and an operation instruction may be issued on the corresponding network equipment and security software and hardware products to enable the corresponding security policy. For example, for a WEB application, a WEB protection policy needs to be enabled on a WEB application firewall, and a WEB tamper-proof policy needs to be enabled at the same time. Therefore, the method can be automatically connected to the WEB application firewall in a target connection mode, the WEB application protection strategy is started aiming at the corresponding IP address, port number and protocol, and meanwhile, the method is connected to the webpage tamper-proof system, and the tamper-proof strategy is started aiming at specific network middleware.
According to the network security configuration method provided by the embodiment, a target object of a network security policy to be configured is determined according to the related information of the target service application system; determining a target network security policy corresponding to the target object according to the attribute information of the target object; selecting at least one target connection mode from a plurality of alternative connection modes according to the attribute information of the target object; and sending an operation instruction to the target object in a target connection mode, so that the target object sets the network security policy as a target security policy according to the operation instruction. The embodiment can automatically determine the target object of the network security policy to be configured and the corresponding target network security policy, and then realize the issuing of the operation instruction through a proper connection mode, thereby completing the configuration of the target security policy of the target object, avoiding the situations of incomplete manual analysis, analysis error, manual configuration policy error, configuration omission and the like, and ensuring the security protection capability of the target service application system.
As a further improvement of the above embodiment, after the target object completes the setting of the target security policy, verification may also be performed with respect to the configured target security policy. Specifically, the method may further include:
and after the target object completes the setting of the target security policy, sending a simulated access instruction and/or a simulated attack instruction to the target service application system so as to verify the network security policy of the target object.
In this embodiment, the simulated access instruction and/or the simulated attack instruction may be sent to the target service application system, so as to verify whether the target network security policy of the target object is enabled, and further verify the connectivity of the target service application system.
Optionally, one or more probes (or scanners) may be deployed on the intranet and/or the extranet for the target service application system, and the control probes send a simulated access instruction and/or a simulated attack instruction to the target service application system. For example, aiming at a WEB application system, a probe can be controlled to carry out port scanning on an IP address of a target service application system, whether access control is strict or not is verified, and whether unnecessary ports are exposed or not is verified; and meanwhile, the probe can be controlled to scan the security holes of the service application system by using corresponding scanning rules according to the system type, verify whether the security protection capability is effective, and scan the security holes, for example, scan the security holes by using Apache related scanning rules for Apache, scan the security holes by using MySQL database related scanning rules for MySQL database, and the like. By verifying the network security policy, whether the target network security policy of the target object is effective or not can be verified, configuration errors or configuration missing situations can be prevented, and network security of the target service application system is further ensured.
Fig. 4 is a block diagram of a network security configuration device according to an embodiment of the present invention. The network security configuration device provided in this embodiment may execute the processing flow provided in the network security configuration method embodiment, as shown in fig. 4, where the network security configuration device 400 includes a determining module 401, a connecting module 402, and a setting module 403.
A determining module 401, configured to determine a target object of a network security policy to be configured according to related information of a target service application system; determining a target network security policy corresponding to the target object according to the attribute information of the target object;
a connection module 402, configured to select at least one target connection mode from a plurality of alternative connection modes according to attribute information of the target object;
and the setting module 403 is configured to send an operation instruction to the target object in the target connection manner, so that the target object sets the network security policy as the target security policy according to the operation instruction.
Optionally, the determining module 401 is configured to, when determining the target object of the network security policy to be configured according to the related information of the target service application system:
determining a target network area where the target service application system is located according to the routing information of the target service application system;
and acquiring a target object of a network security policy to be configured, which is related to the target service application system, in the target network area, wherein the target object comprises at least one of network equipment and a security software and hardware product.
Optionally, when determining, according to the attribute information of the target object, the determining module 401 is configured to:
if the target object is a firewall, selecting a corresponding security protection rule from preset network security policies according to the port number and/or the IP address of the target service application system, and determining the security protection rule as the target network security policy of the firewall.
Optionally, when determining, according to the attribute information of the target object, the determining module 401 is configured to:
if the target equipment is the network middleware, selecting a corresponding security protection rule from preset network security policies according to version and/or type information of the network middleware, and determining the security protection rule as the target network security policy of the network middleware.
Optionally, when determining, according to the attribute information of the target object, the determining module 401 is configured to:
if the target equipment is a database, selecting a corresponding security protection rule from preset network security policies according to version and/or type information of the database, and determining the security protection rule as the target network security policy of the database.
Optionally, the plurality of alternative connection modes include at least one of an SNMP connection mode, a connection mode of an analog terminal, and a connection mode of an analog browser access.
Optionally, when sending an operation instruction to the target object through the target connection manner, the setting module 403 is configured to:
if the target connection mode is an SNMP connection mode, connecting the target object through an SNMP protocol, and sending an operation instruction to the target object; or alternatively
If the target connection mode is the connection mode of the analog terminal, connecting the target object through an SSH protocol or a Telnet protocol, and sending an operation instruction to the target object by adopting the mode of the analog terminal; or alternatively
If the target connection mode is a connection mode simulating browser access, accessing a background management page of the target object, and simulating an operation instruction of submitting a form in the background management page.
Optionally, the setting instruction is further configured to:
and after the target object completes the setting of the target security policy, sending a simulated access instruction and/or a simulated attack instruction to the target service application system so as to verify the network security policy of the target object.
The network security configuration device provided in the embodiment of the present invention may be specifically used to execute the method embodiments provided in fig. 2 to 3, and specific functions are not described herein.
According to the network security configuration device provided by the embodiment of the invention, the target object of the network security policy to be configured is determined according to the related information of the target service application system; determining a target network security policy corresponding to the target object according to the attribute information of the target object; selecting at least one target connection mode from a plurality of alternative connection modes according to the attribute information of the target object; and sending an operation instruction to the target object in a target connection mode, so that the target object sets the network security policy as a target security policy according to the operation instruction. The embodiment can automatically determine the target object of the network security policy to be configured and the corresponding target network security policy, and then realize the issuing of the operation instruction through a proper connection mode, thereby completing the configuration of the target security policy of the target object, avoiding the situations of incomplete manual analysis, analysis error, manual configuration policy error, configuration omission and the like, and ensuring the security protection capability of the target service application system.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention. The electronic device provided by the embodiment of the present invention may execute the processing flow provided by the embodiment of the network security configuration method, as shown in fig. 5, the electronic device 50 includes a memory 51, a processor 52, and a computer program; wherein the computer program is stored in the memory 51 and configured to be executed by the processor 52 for the network security configuration method described in the above embodiments. The electronic device 50 may also have a communication interface 53 for transmitting control instructions and/or data.
The electronic device of the embodiment shown in fig. 5 may be used to implement the technical solution of the above-mentioned method embodiment, and its implementation principle and technical effects are similar, and are not described here again.
In addition, the present embodiment also provides a computer-readable storage medium having stored thereon a computer program that is executed by a processor to implement the network security configuration method described in the above embodiments.
In addition, the present embodiment also provides a computer program product, including a computer program, where the computer program is executed by a processor to implement the network security configuration method described in the foregoing embodiment.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in hardware plus software functional units.
The integrated units implemented in the form of software functional units described above may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform part of the steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above. The specific working process of the above-described device may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.