CN114756530A - Client information processing method based on bastion machine - Google Patents
Client information processing method based on bastion machine Download PDFInfo
- Publication number
- CN114756530A CN114756530A CN202210670804.7A CN202210670804A CN114756530A CN 114756530 A CN114756530 A CN 114756530A CN 202210670804 A CN202210670804 A CN 202210670804A CN 114756530 A CN114756530 A CN 114756530A
- Authority
- CN
- China
- Prior art keywords
- client
- information
- database
- bastion machine
- session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
- G06F16/252—Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Medicinal Preparation (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a client information processing method and a system based on a bastion machine, wherein the method comprises the following steps: the bastion machine acquires information of a first client logged on the bastion machine; the bastion machine calls a database client installed on the bastion machine under the control of the first client; the bastion machine accesses the database through the database client and sends the information of the first client in the access process; and the agent service and/or the auditing service acquires the information of the first client and associates the information of the first client with the session. The problem caused by the fact that the operation and maintenance personnel cannot acquire the information of the first client used by the operation and maintenance personnel when logging in the database through the bastion machine in the prior art is solved, so that the information of the first client can be acquired through the bastion machine and is notified to other services, and a basis is provided for subsequent processing of the other services.
Description
Technical Field
The application relates to the field of databases, in particular to a client information processing method based on a bastion machine.
Background
In the prior art, in order to ensure the safety of the internal environment, when operation and maintenance personnel need to operate computer equipment in the internal environment, a fortress machine is used. The operation and maintenance personnel log on the fortress machine firstly, the fortress machine can save the operations executed by the operation and maintenance personnel in modes of recording a screen or recording the operations of a mouse and a keyboard, and the like, and therefore the operation and maintenance of the operation and maintenance personnel can be monitored through the fortress machine.
The fortress machine is also used in a database access scene, a database client is installed on the fortress machine, and after an operation and maintenance person logs in the fortress machine by using a client (the client used by the operation and maintenance person is called as a first client for distinguishing the client from the database client), the operation and maintenance person logs in the database by using the database client of the fortress machine.
When the database is accessed, the access of the database needs to be controlled (for example, the access is audited), and when a database client on the bastion machine logs in the database, only the operation from the bastion machine to the database can be acquired, but the information of the first client used by the operation and maintenance personnel cannot be associated with the connection between the bastion machine and the database, so that the access of the database cannot be controlled according to the information of the first client.
Disclosure of Invention
The embodiment of the application provides a client information processing method based on a bastion machine, and at least solves the problem that in the prior art, when an operation and maintenance person logs in a database through the bastion machine, the information of a first client used by the operation and maintenance person cannot be acquired.
According to one aspect of the application, a bastion machine-based client information processing method is provided, and comprises the following steps: the method comprises the steps that the bastion machine obtains information of a first client which logs on the bastion machine, wherein the first client is a client which logs on the bastion machine, and the first client is used for controlling the bastion machine after logging on the bastion machine; the bastion machine calls a database client installed on the bastion machine under the control of the first client, wherein the database client is used for accessing a database; the bastion machine accesses the database through the database client and sends the information of the first client in the accessing process; and the agent service and/or the auditing service acquires the information of the first client and associates the information of the first client with a session, wherein the session is established by accessing the database by the database client.
Further, the step that the bastion machine sends the information of the first client through the database client comprises the following steps: the bastion machine acquires the information of the database and appends the information of the first client to the information of the database, wherein the information of the database is used for accessing the database; the bastion machine adds the information of the database and the information of the first client which is attached to the information of the database into an access request; the bastion machine sends the access request to the database; the proxy service acquires the information of the first client, and the associating the information of the first client with the predetermined session comprises: the proxy service receives the access request, acquires and stores the information of the first client from the access request; the agent service deletes the information of the first client from the database after deleting the information of the first client, and sends an access request to the database after deleting the information of the first client so as to establish the session with the database; the proxy service associates information of the first client with the session.
Further, the adding, by the bastion machine, the information of the database and the information of the first client to the access request comprises: the bastion machine analyzes the access request according to the format of the access request to obtain a field used for storing the information of the database in the access request; and the bastion machine fills the information of the database and the information of the first client into the field.
Further, the step that the bastion machine sends the information of the first client comprises the following steps: the bastion machine sends the information of the first client and the connection information of the database client connected with the database to the auditing service; the auditing service associating the information of the first client with the session includes: the auditing service searches the session corresponding to the connection information in the established session, and associates the information of the first client with the session corresponding to the connection information after the session corresponding to the connection information is found, wherein the session corresponding to the connection information is the session established between the first client and the database through the database client after the first client logs in the bastion machine.
Further, the connection information includes a source IP address and a source port number of the database client, and a destination IP address and a destination port number of the database, where the database client establishes a connection with the destination IP address and the destination port number of the database using the source IP address and the source port number.
According to another aspect of the application, the bastion machine-based client information processing system comprises: the system comprises a bastion machine and at least one of auditing service and proxy service, wherein the bastion machine is used for acquiring information of a first client logged on the bastion machine, the first client is a client logged on the bastion machine, and the first client is used for controlling the bastion machine after logging on the bastion machine; the bastion machine is used for calling a database client installed on the bastion machine under the control of the first client, wherein the database client is used for accessing a database; the bastion machine is used for accessing the database through the database client and sending the information of the first client in the accessing process; the agent service and/or the audit service are used for acquiring the information of the first client and associating the information of the first client with a session, wherein the session is established by the database client accessing the database.
Further, the bastion machine is used for acquiring information of the database and attaching the information of the first client to the information of the database, wherein the information of the database is used for accessing the database; the bastion machine is used for adding the information of the database and the information of the first client which is attached behind the information of the database into an access request; the bastion machine is used for sending the access request to the database; the proxy service is configured to acquire the information of the first client, and associating the information of the first client with a predetermined session includes: the proxy service receives the access request, acquires and stores the information of the first client from the access request; the agent service is used for deleting the information of the first client from the database after the information of the first client is deleted, and sending an access request after the information of the first client is deleted to the database so as to establish the session with the database; the proxy service is configured to associate information of the first client with the session.
Further, the bastion machine is used for analyzing the access request according to the format of the access request to obtain a field used for storing the information of the database in the access request; the bastion machine is used for filling the information of the database and the information of the first client in the fields.
Further, the bastion machine is used for sending the information of the first client and the connection information of the database client to the database to the auditing service; the auditing service is used for searching the session corresponding to the connection information in the established session, and associating the information of the first client with the session corresponding to the connection information after the session corresponding to the connection information is found, wherein the session corresponding to the connection information is the session established between the first client and the database through the database client after the first client logs in the bastion machine.
Further, the connection information includes a source IP address and a source port number of the database client, and a destination IP address and a destination port number of the database, where the database client establishes a connection with the destination IP address and the destination port number of the database using the source IP address and the source port number.
In the embodiment of the application, the bastion host adopts a bastion host to acquire information of a first client logged on the bastion host, wherein the first client is a client logged on the bastion host, and the first client is used for controlling the bastion host after logging on the bastion host; the bastion machine calls a database client installed on the bastion machine under the control of the first client, wherein the database client is used for accessing a database; the bastion machine accesses the database through the database client and sends the information of the first client in the accessing process; and the agent service and/or the auditing service acquires the information of the first client and associates the information of the first client with a session, wherein the session is established by accessing the database by the database client. The problem caused by the fact that the operation and maintenance personnel cannot acquire the information of the first client used by the operation and maintenance personnel when logging in the database through the bastion machine in the prior art is solved, so that the information of the first client can be acquired through the bastion machine and is notified to other services, and a basis is provided for subsequent processing of the other services.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, are included to provide a further understanding of the application, and the description of the exemplary embodiments of the application are intended to be illustrative of the application and are not intended to limit the application. In the drawings:
fig. 1 is a flowchart of a bastion machine-based client information processing method according to an embodiment of the application.
Detailed Description
It should be noted that, in the present application, the embodiments and features of the embodiments may be combined with each other without conflict. The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
In the present embodiment, a bastion machine-based client information processing method is provided, and fig. 1 is a flowchart of a bastion machine-based client information processing method according to an embodiment of the present application, as shown in fig. 1, the method includes the following steps:
and S102, the bastion machine acquires information of a first client logged on the bastion machine, wherein the first client is a client logged on the bastion machine, and the first client is used for controlling the bastion machine after logging on the bastion machine.
Step S104, the bastion machine calls a database client installed on the bastion machine under the control of the first client, wherein the database client is used for accessing a database;
step S106, the bastion machine accesses the database through the database client and sends the information of the first client in the access process;
and S108, acquiring the information of the first client by proxy service and/or audit service, and associating the information of the first client with a session, wherein the session is established when the database client accesses the database.
As an optional implementation manner, the broker service and/or the audit service may further perform an operation on the database in a session associated with the information of the first client, determine whether an illegal operation occurs, and if the illegal operation occurs, send the information of the first client to a bastion machine, where the bastion machine adds the information of the first client to a list, where the clients in the list are limited to log in to the bastion machine or limited to use the database client on the bastion machine.
As another optional embodiment, the bastion machine may further establish an association relationship between a first session and a second session, wherein the first session is established between a first client and the bastion machine, and the second session is established between a database client and a database on the bastion machine (i.e. the session), wherein the bastion machine acquires data packets in the first session and data packets in the second session at the same time, and the bastion machine determines whether a difference between times indicated by timestamps of the data packets in the first session and the data packets in the second session is within a predetermined range, and if the difference is within the predetermined range, establishes the association between the first session and the second session. After the association is established, after the proxy service and/or the auditing service determines that the database operation carried out in the second session is illegal, the bastion machine is informed, the bastion machine searches for a first session associated with the second session, acquires information (namely an IP address and a user name used for logging in the first client) of the first session, and limits logging in the bastion machine by using the information of the first client.
The problem caused by the fact that the operation and maintenance personnel cannot acquire the information of the first client used by the operation and maintenance personnel when logging in the database through the bastion machine in the prior art is solved through the steps, so that the information of the first client can be acquired through the bastion machine and is notified to other services, and a basis is provided for subsequent processing of the other services.
The above steps relate to an agent service (or referred to as an agent program) and an audit service (or referred to as an audit program), and the following describes optional processes of the agent service and the audit service for obtaining the information of the first client, respectively.
The proxy service may intercept all messages sent by the database client to the database, in which case the bastion machine may send the first client's information to the proxy service whenever needed. For example, the information of the first client may be sent to the proxy service through an access request for establishing a database connection when the database connection is established.
The bastion machine acquires the information of the database and appends the information of the first client to the information of the database, wherein the information of the database is used for accessing the database; the bastion machine adds the information of the database and the information of the first client which is attached behind the information of the database to an access request; the bastion machine sends the access request to the database; the proxy service acquires the information of the first client, and the associating the information of the first client with the predetermined session comprises: the proxy service receives the access request, acquires and stores the information of the first client from the access request; the agent service deletes the information of the first client from the database after deleting the information of the first client, and sends an access request to the database after deleting the information of the first client so as to establish the session with the database; the proxy service associates information of the first client with the session.
For example, the bastion machine analyzes the access request according to the format of the access request to obtain a field used for storing the information of the database in the access request; and the bastion machine fills the information of the database and the information of the first client in the field. As an alternative embodiment, the information of the database and the information of the first client may be separated using a predefined special character.
The bastion machine may send information of the first client to the audit service in real time as the audit service is involved, for example, after the bastion machine logs on to the bastion machine at the first client.
The auditing service can audit a plurality of sessions, and the following method can be adopted when association is carried out: the auditing service searches the session corresponding to the connection information in the established session, and associates the information of the first client with the session corresponding to the connection information after the session corresponding to the connection information is found, wherein the session corresponding to the connection information is the session established between the first client and the database through the database client after the first client logs in the bastion machine.
The aforementioned connection information includes a source IP address and a source port number of the database client, and a destination IP address and a destination port number of the database, wherein the database client establishes a connection with the destination IP address and the destination port number of the database using the source IP address and the source port number.
This is described below in connection with an alternative embodiment. The present embodiment can be applied to a proxy mode and an audit mode, and the proxy mode will be described first.
In the proxy mode, a database client is installed on the bastion machine, the database client is connected with a proxy program (or called proxy service) on the firewall, and the database client accesses the database through the proxy program. And logging the operation and maintenance personnel into the bastion machine by using the client, and then logging in the database by using the database client on the bastion machine. In this mode, two clients are used, the first client is a client used by the operation and maintenance personnel logging in the bastion machine, and is referred to as the first client in the embodiment; the second type of client is a client installed on the bastion machine to log in the database, and is called a database client in the embodiment.
When an operation and maintenance person logs in a bastion machine by using a first client to use a database client, the operation and maintenance person does not need to input a user name and a password of the database, the operation and maintenance person only needs to select the logged-in database on the bastion machine, after the bastion machine clicks the logging-in, the bastion machine well fills information (such as an IP address, the user name and the password of the database) of the database, and the logging-in of the database is carried out by using the filled-in information (or called database information), wherein the function is called a database information filling-in function.
In the embodiment, when the bastion machine replaces and fills the database information, the IP address and the user name of the first client are placed behind the user name of the database, and the IP address of the database is used for initiating an access request to the database. The agent program acquires and analyzes the access request sent by the bastion machine, and acquires and stores the IP address and the user name of the first client during analysis; then, the agent program replaces the IP address and the user name of the first client in the access request with the database user name (i.e., deletes the IP address and the user name of the first client after the user name of the database), and then sends the access request to the database.
In the embodiment, the bastion machine adds the information of the first client to the database access request, and the agent program replaces the added information of the first client with the information capable of accessing the database after receiving the database access request, and then accesses the database by using the information capable of accessing the database. Therefore, the database agent program can acquire the information of the first client using the bastion machine, and then the first client information is associated with the access of the database using the database client, so that the information of the first client used by the operation and maintenance personnel can be obtained.
In the embodiment, the bastion machine records what operation is carried out on the database by the operation and maintenance personnel through the bastion machine at the database client at the time point according to the information of the first client, and the agent program records the operation of the first client on the database through the bastion machine at the time point, so that the operation carried out by the first client on the database client on the bastion machine can be related to the operation carried out by the bastion machine client on the database.
In the proxy mode, since the agent can acquire the information of the first client, a predetermined rule may be configured in the agent in advance for the first client, so that the agent information can control access from the first client.
This embodiment may also be applied in an audit mode, as will be explained below.
Under the condition that the audit of the database is needed, the operation and maintenance personnel log in the bastion machine through the first client and then access the database through the database client of the bastion machine, so that the audit program can only acquire which bastion machine is operated, and the audit of the first client used by the operation and maintenance personnel is not realized. In order to solve the problem, the bastion machine needs to send the recorded information of the first client to an auditing system in real time, wherein the current active session (the session is the session of the bastion machine connected to the database) is recorded, and the information of the first client is updated to the session. The database can be audited by the first client information to which operation and maintenance personnel use which bastion machines to access the database.
In this embodiment, the bastion machine sends information of an operation and maintenance person logging in the bastion machine to the auditing program, the operation and maintenance person logs in the bastion machine through the first client, the bastion machine records an IP address and a logging account (namely a user name for logging in the first client) of the first client, and simultaneously, after logging in the database, the bastion machine can also record an IP address and a port number of the database connected with the database client on the bastion machine. After receiving the information, the auditing equipment searches the session in the active state, acquires the IP address and the port number of the database in the active state session, matches the received IP address and the port number of the database from the bastion machine with the IP address and the port number of the database in the session, determines that the session is established with the database after the first client logs in the bastion machine after the matching is successful, and further associates the information of the first client with the session successfully matched.
In this embodiment, after a session with a database is established by a bastion machine, an auditing program (or referred to as an auditing service) audits the session by using the auditing service in a mirror image manner, the auditing service establishes a TCP connection with the database according to information of the session, if the session is in an inactive state, the TCP connection established by the auditing service is deleted, and the auditing service searches whether a corresponding TCP connection exists according to a source IP address, a source port number, a destination IP address and a destination port number recorded in the session, and if the corresponding TCP connection exists, the session is in an active state.
In this embodiment, an electronic device is provided, comprising a memory in which a computer program is stored and a processor configured to run the computer program to perform the method in the above embodiments.
The programs described above may be run on a processor or may also be stored in memory (or referred to as computer-readable media), which includes both non-transitory and non-transitory, removable and non-removable media, that implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
These computer programs may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks, and corresponding steps may be implemented by different modules.
This embodiment provides a system referred to as a bastion-based client information processing system, which includes the bastion machine and the agency service and/or the audit service, wherein the steps performed by the bastion machine, the agency service and the audit service are described above and will not be described herein.
The system or the apparatus is used for implementing the functions of the method in the foregoing embodiments, and each module in the system or the apparatus corresponds to each step in the method, which has been described in the method and is not described herein again.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art to which the present application pertains. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A client information processing method based on a bastion machine is characterized by comprising the following steps:
the method comprises the steps that the bastion machine acquires information of a first client logged on the bastion machine, wherein the first client is a client logged on the bastion machine, and the first client is used for controlling the bastion machine after logging on the bastion machine;
the bastion machine calls a database client installed on the bastion machine under the control of the first client, wherein the database client is used for accessing a database;
the bastion machine accesses the database through the database client and sends the information of the first client in the access process;
and the agent service and/or the auditing service acquires the information of the first client and associates the information of the first client with a session, wherein the session is established by accessing the database by the database client.
2. The method of claim 1,
the step that the bastion machine sends the information of the first client through the database client comprises the following steps: the bastion machine acquires the information of the database, and attaches the information of the first client to the information of the database, wherein the information of the database is used for accessing the database; the bastion machine adds the information of the database and the information of the first client which is attached behind the information of the database to an access request; the bastion machine sends the access request to the database;
The proxy service acquires the information of the first client, and associating the information of the first client with a predetermined session comprises: the proxy service receives the access request, acquires and stores the information of the first client from the access request; the agent service deletes the information of the first client from the database after deleting the information of the first client, and sends an access request to the database after deleting the information of the first client so as to establish the session with the database; the proxy service associates information of the first client with the session.
3. The method of claim 2, wherein the adding, by the bastion machine, the information of the database and the information of the first client to the access request comprises:
the bastion machine analyzes the access request according to the format of the access request to obtain a field for storing the information of the database in the access request;
and the bastion machine fills the information of the database and the information of the first client in the field.
4. The method of claim 1,
The step that the bastion machine sends the information of the first client comprises the following steps: the bastion machine sends the information of the first client and the connection information of the database client to the database to the auditing service;
the auditing service associating the information of the first client with the session includes: the auditing service searches the session corresponding to the connection information in the established session, and associates the information of the first client with the session corresponding to the connection information after the session corresponding to the connection information is found, wherein the session corresponding to the connection information is the session established between the first client and the database through the database client after the first client logs in the bastion machine.
5. The method of claim 4, wherein the connection information comprises a source IP address and a source port number for the database client, and a destination IP address and a destination port number for the database, and wherein the database client establishes a connection with the destination IP address and the destination port number for the database using the source IP address and the source port number.
6. A client information processing system based on a bastion machine is characterized by comprising: a bastion machine and at least one of an audit service and a proxy service, wherein,
The bastion machine is used for acquiring information of a first client logged on the bastion machine, wherein the first client is a client logged on the bastion machine, and the first client is used for controlling the bastion machine after logging on the bastion machine;
the bastion machine is used for calling a database client installed on the bastion machine under the control of the first client, wherein the database client is used for accessing a database;
the bastion machine is used for accessing the database through the database client and sending the information of the first client in the accessing process;
the agent service and/or the audit service are used for acquiring the information of the first client and associating the information of the first client with a session, wherein the session is established by the database client accessing the database.
7. The system of claim 6,
the bastion machine is used for acquiring the information of the database and attaching the information of the first client to the information of the database, wherein the information of the database is used for accessing the database; the bastion machine is used for adding the information of the database and the information of the first client which is attached behind the information of the database into an access request; the bastion machine is used for sending the access request to the database;
The proxy service is configured to acquire the information of the first client, and associating the information of the first client with a predetermined session includes: the proxy service receives the access request, acquires and stores the information of the first client from the access request; the agent service is used for deleting the information of the first client from the database after the information of the first client is deleted, and sending an access request after the information of the first client is deleted to the database so as to establish the session with the database; the proxy service is configured to associate information of the first client with the session.
8. The system of claim 7,
the bastion machine is used for analyzing the access request according to the format of the access request to obtain a field used for storing the information of the database in the access request; the bastion machine is used for filling the information of the database and the information of the first client in the fields.
9. The system of claim 6,
the bastion machine is used for sending the information of the first client and the connection information of the database client connected with the database to the auditing service;
The auditing service is used for searching the session corresponding to the connection information in the established session, and associating the information of the first client with the session corresponding to the connection information after the session corresponding to the connection information is found, wherein the session corresponding to the connection information is the session established between the first client and the database through the database client after the first client logs in the bastion machine.
10. The system of claim 9, wherein the connection information comprises a source IP address and a source port number for the database client, and a destination IP address and a destination port number for the database, wherein the database client establishes a connection with the destination IP address and the destination port number for the database using the source IP address and the source port number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210670804.7A CN114756530B (en) | 2022-06-15 | 2022-06-15 | Client information processing method based on bastion machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210670804.7A CN114756530B (en) | 2022-06-15 | 2022-06-15 | Client information processing method based on bastion machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114756530A true CN114756530A (en) | 2022-07-15 |
| CN114756530B CN114756530B (en) | 2022-08-19 |
Family
ID=82336607
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210670804.7A Active CN114756530B (en) | 2022-06-15 | 2022-06-15 | Client information processing method based on bastion machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114756530B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115150199A (en) * | 2022-09-02 | 2022-10-04 | 北京中安星云软件技术有限公司 | Database operation and maintenance client account management and control method, system, equipment and medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110099219A1 (en) * | 2009-10-23 | 2011-04-28 | International Business Machines Corporation | Universal architecture for client management extensions on monitoring, control, and configuration |
| CN104618449A (en) * | 2014-12-31 | 2015-05-13 | 北京神州绿盟信息安全科技股份有限公司 | Web singe-point login implementing method and device |
| CN108965388A (en) * | 2018-06-13 | 2018-12-07 | 新华三信息安全技术有限公司 | A kind of operation audit method and device |
| CN109714345A (en) * | 2018-12-28 | 2019-05-03 | 中电福富信息科技有限公司 | A kind of character fort machine method and system of user's unaware |
| CN112528337A (en) * | 2020-12-21 | 2021-03-19 | 中电福富信息科技有限公司 | WFP-based method for authorizing database high-risk commands in real time |
| CN112887287A (en) * | 2021-01-18 | 2021-06-01 | 杭州安恒信息技术股份有限公司 | Fortress machine, operation and maintenance auditing method, electronic device and storage medium |
| CN113886366A (en) * | 2021-10-25 | 2022-01-04 | 杭州安恒信息技术股份有限公司 | Database operation and maintenance method and device, electronic equipment and readable storage medium |
| CN114238889A (en) * | 2021-12-13 | 2022-03-25 | 北京天融信网络安全技术有限公司 | Database login method and device |
| CN114531304A (en) * | 2022-04-24 | 2022-05-24 | 北京安华金和科技有限公司 | Session processing method and system based on data packet |
-
2022
- 2022-06-15 CN CN202210670804.7A patent/CN114756530B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110099219A1 (en) * | 2009-10-23 | 2011-04-28 | International Business Machines Corporation | Universal architecture for client management extensions on monitoring, control, and configuration |
| CN104618449A (en) * | 2014-12-31 | 2015-05-13 | 北京神州绿盟信息安全科技股份有限公司 | Web singe-point login implementing method and device |
| CN108965388A (en) * | 2018-06-13 | 2018-12-07 | 新华三信息安全技术有限公司 | A kind of operation audit method and device |
| CN109714345A (en) * | 2018-12-28 | 2019-05-03 | 中电福富信息科技有限公司 | A kind of character fort machine method and system of user's unaware |
| CN112528337A (en) * | 2020-12-21 | 2021-03-19 | 中电福富信息科技有限公司 | WFP-based method for authorizing database high-risk commands in real time |
| CN112887287A (en) * | 2021-01-18 | 2021-06-01 | 杭州安恒信息技术股份有限公司 | Fortress machine, operation and maintenance auditing method, electronic device and storage medium |
| CN113886366A (en) * | 2021-10-25 | 2022-01-04 | 杭州安恒信息技术股份有限公司 | Database operation and maintenance method and device, electronic equipment and readable storage medium |
| CN114238889A (en) * | 2021-12-13 | 2022-03-25 | 北京天融信网络安全技术有限公司 | Database login method and device |
| CN114531304A (en) * | 2022-04-24 | 2022-05-24 | 北京安华金和科技有限公司 | Session processing method and system based on data packet |
Non-Patent Citations (1)
| Title |
|---|
| 匡石磊: "基于堡垒机的屏幕录像***的运维操作审计研究与实践", 《网络安全技术与应用》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115150199A (en) * | 2022-09-02 | 2022-10-04 | 北京中安星云软件技术有限公司 | Database operation and maintenance client account management and control method, system, equipment and medium |
| CN115150199B (en) * | 2022-09-02 | 2023-01-31 | 北京中安星云软件技术有限公司 | Database operation and maintenance client account management and control method, system, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114756530B (en) | 2022-08-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10447560B2 (en) | Data leakage protection in cloud applications | |
| US11303647B1 (en) | Synthetic request injection to disambiguate bypassed login events for cloud policy enforcement | |
| US11178188B1 (en) | Synthetic request injection to generate metadata for cloud policy enforcement | |
| US11831685B2 (en) | Application-specific data flow for synthetic request injection | |
| US11831683B2 (en) | Cloud object security posture management | |
| US11985168B2 (en) | Synthetic request injection for secure access service edge (SASE) cloud architecture | |
| US11271973B1 (en) | Synthetic request injection to retrieve object metadata for cloud policy enforcement | |
| US11336698B1 (en) | Synthetic request injection for cloud policy enforcement | |
| US11647052B2 (en) | Synthetic request injection to retrieve expired metadata for cloud policy enforcement | |
| CN107786551B (en) | Method for accessing intranet server and device for controlling access to intranet server | |
| CN112131205A (en) | Database blocking method and device | |
| CN114756530B (en) | Client information processing method based on bastion machine | |
| CN114531304B (en) | Session processing method and system based on data packet | |
| CN113114794A (en) | Method and device for processing domain name based on secondary proxy | |
| CN113660292B (en) | Method and device for acquiring information of calling client main body | |
| CN113536304B (en) | Anti-detour method and equipment based on operation and maintenance audit system | |
| CN113098758A (en) | Enterprise message pushing security gateway system based on enterprise WeChat | |
| CN113778709B (en) | Interface calling method, device, server and storage medium | |
| US20050177630A1 (en) | Service analysis | |
| CN108768987B (en) | Data interaction method, device and system | |
| CN117093639B (en) | Socket connection processing method and system based on audit service | |
| CN112069149A (en) | Database protocol analysis method and device | |
| CN115118640B (en) | Database auditing processing method and system in presence of proxy equipment | |
| CN118245514A (en) | Log recording method, device, equipment and storage medium | |
| CN115766191A (en) | Auditing system and method for operation and maintenance operation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |