CN115242730A - Safe internet access method and system based on forward proxy technology - Google Patents
Safe internet access method and system based on forward proxy technology Download PDFInfo
- Publication number
- CN115242730A CN115242730A CN202210994041.1A CN202210994041A CN115242730A CN 115242730 A CN115242730 A CN 115242730A CN 202210994041 A CN202210994041 A CN 202210994041A CN 115242730 A CN115242730 A CN 115242730A
- Authority
- CN
- China
- Prior art keywords
- forward proxy
- internet application
- application request
- proxy gateway
- gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000005516 engineering process Methods 0.000 title claims abstract description 50
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000005540 biological transmission Effects 0.000 claims abstract description 52
- 230000004044 response Effects 0.000 claims abstract description 18
- 238000012544 monitoring process Methods 0.000 claims description 44
- 230000006399 behavior Effects 0.000 abstract description 46
- 230000003993 interaction Effects 0.000 description 20
- 230000006870 function Effects 0.000 description 14
- 238000002955 isolation Methods 0.000 description 5
- 238000012795 verification Methods 0.000 description 4
- 230000000007 visual effect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/82—Miscellaneous aspects
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a safe internet access method and a system thereof based on forward proxy technology, which comprises configuring at least one forward proxy gateway and a plurality of internal hosts in a local area network; configuring proxy settings of the internal host to point to a forward proxy gateway; transmitting an internet application request sent by an internal host to a forward proxy gateway; the Internet application request sent by the internal host is transmitted to a corresponding target server through the forward proxy gateway, and response data of the target server to the Internet application request is transmitted to the corresponding internal host through the forward proxy gateway; and, truncating the transmission route which does not pass through the forward proxy gateway. The invention mainly solves the problem of how to enable the internal host to have the Internet application function and simultaneously reduce the risk of being invaded; the invention reduces the risk of system intrusion, and can prevent various risks such as data leakage, property theft, data damage, hardware damage and the like caused by intrusion behaviors.
Description
Technical Field
The invention relates to the technical field of network communication, in particular to a safe internet access method and a safe internet access system based on a forward proxy technology.
Background
For organs, public institutions and enterprises, when an internal host in a local area Network is allocated with a local IP Address and needs to access the internet, a Network Address Translation (NAT) technology is usually used, so that each internal host in the local area Network can provide a shared public IP Address to access the internet through a NAT router.
However, since the NAT technology is a transparent proxy technology, and it can only provide an IP address translation function, and does not have a data encryption function, a hacker or a malicious program can directly transmit data to an external network after invading an internal host, and the invasion behavior is difficult to be monitored in real time, which easily causes various risks such as data leakage, data damage, and hardware damage.
Therefore, how to make the internal host of the unit have the internet application function and reduce the risk of being invaded becomes a problem to be solved urgently.
Disclosure of Invention
One of the objectives of the present invention is to provide a secure internet access method based on forward proxy technology, which improves the security of an internal host in a local area network during internet application.
Another objective of the present invention is to provide a secure internet access system based on forward proxy technology, which has higher security when performing internet applications.
In order to achieve the purpose, the invention provides the following technical scheme: a secure Internet access method based on forward proxy technology comprises the following steps:
configuring at least one forward proxy gateway and a plurality of internal hosts in a local area network;
configuring proxy settings of the internal host to point to the forward proxy gateway;
transmitting an internet application request issued by the internal host to the forward proxy gateway;
transmitting an internet application request sent by the internal host to a corresponding target server through the forward proxy gateway, and transmitting response data of the target server to the internet application request to the corresponding internal host through the forward proxy gateway;
and, truncating transmission routes that do not pass through the forward proxy gateway.
In the above technical solution, the proxy setting of the internal host includes: the IP address of the forward proxy gateway, the port of the forward proxy gateway and the identity authentication information.
In the foregoing technical solution, the secure internet access method based on forward proxy technology further includes:
setting an Access Control List (ACL) in the forward proxy gateway to set a Control condition for an Internet application request sent by the internal host;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the Internet application request meets the control condition of the access control list, transmitting the Internet application request to a corresponding target server through the forward proxy gateway;
and if the Internet application request does not meet the control condition of the access control list, the forward proxy gateway intercepts the Internet application request.
In the foregoing technical solution, the secure internet access method based on the forward proxy technology further includes:
setting a request body parameter limiting condition in the forward proxy gateway;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are performed:
if the internet application request meets the request body parameter limiting condition, transmitting the internet application request to a corresponding target server through the forward proxy gateway;
and if the internet application request does not meet the request body parameter limiting condition, the forward proxy gateway intercepts the internet application request.
In the foregoing technical solution, the secure internet access method based on the forward proxy technology further includes:
configuring at least one monitoring server and at least one honeypot host in the local area network;
monitoring, by the monitoring server, a routing behavior in the local area network;
and the monitoring server guides the transmission route which does not pass through the forward proxy gateway to the honeypot host according to the monitored route transmission behavior.
A secure Internet access method based on forward proxy technology comprises the following steps:
configuring a plurality of local area networks, configuring at least one NAT gateway and a plurality of internal hosts in each local area network, and converting the internal IP address of each internal host into a public network IP address through the NAT gateway;
configuring at least one forward proxy gateway in the Internet or one of the local area networks;
in each local area network, configuring proxy settings of the internal host and the NAT gateway to point to the forward proxy gateway;
transmitting an internet application request issued by the internal host to the forward proxy gateway;
transmitting an internet application request sent by the internal host to a corresponding target server through the forward proxy gateway, and transmitting response data of the target server to the internet application request to the corresponding internal host through the forward proxy gateway;
and intercepting transmission routes which do not pass through the forward proxy gateway.
In the above technical solution, the proxy setting of the internal host includes: the IP address of the forward proxy gateway, the port of the forward proxy gateway and the identity authentication information.
In the foregoing technical solution, the secure internet access method based on the forward proxy technology further includes:
setting an Access Control List (ACL) in the forward proxy gateway to set a Control condition for an Internet application request sent by the internal host;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the Internet application request meets the control condition of the access control list, transmitting the Internet application request to a corresponding target server through the forward proxy gateway;
and if the Internet application request does not meet the control condition of the access control list, the forward proxy gateway intercepts the Internet application request.
In the foregoing technical solution, the secure internet access method based on the forward proxy technology further includes:
setting a request body parameter limiting condition in the forward proxy gateway;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the internet application request meets the request body parameter limiting condition, transmitting the internet application request to a corresponding target server through the forward proxy gateway;
and if the internet application request does not meet the request body parameter limiting condition, the forward proxy gateway intercepts the internet application request.
In the foregoing technical solution, the secure internet access method based on the forward proxy technology further includes:
in at least one local area network, at least one monitoring server and at least one honeypot host are also configured;
monitoring, by the monitoring server, a routing behavior in the local area network;
and the monitoring server guides the transmission route which does not pass through the forward proxy gateway to the honeypot host according to the monitored route transmission behavior.
A safety internet access system based on forward proxy technology is applied in a single local area network and comprises an internal host configured in the local area network and a forward proxy gateway; the internal host is used for sending out an internet application request, configuring the proxy setting of the internal host to point to the forward proxy gateway, and transmitting the internet application request sent out by the internal host to the forward proxy gateway; the forward proxy gateway is used for transmitting the internet application request sent by the internal host to a corresponding target server and transmitting the response data of the target server to the internet application request to the corresponding internal host.
A safe internet access system based on forward proxy technology comprises a plurality of local area networks; in each local area network, at least one NAT gateway and a plurality of internal hosts are configured; at least one forward proxy gateway is configured in the Internet or one of the local area networks; the NAT gateway is used for converting the internal IP address of each internal host into a public network IP address and configuring the proxy setting of the NAT gateway to point to the forward proxy gateway; the internal host is used for sending out an internet application request, configuring the proxy setting of the internal host to point to the forward proxy gateway, and transmitting the internet application request sent out by the internal host to the forward proxy gateway; the forward proxy gateway is used for transmitting the internet application request sent by the internal host to a corresponding target server and transmitting the response data of the target server to the internet application request to the corresponding internal host.
Compared with the prior art, the invention has the beneficial effects that: the invention relates to a safe internet access method and a system thereof based on forward proxy technology, which are characterized in that proxy setting of an internal host is required to be configured to point to a forward proxy gateway, an internet application request is transmitted to a target server through the forward proxy gateway, and response data of the target server to the internet application request is transmitted to a corresponding internal host, so that the internet application function of the internal host is realized; meanwhile, the internal host only forwards the internet interactive data through the forward proxy gateway, and the internal host does not have the internet interactive authority, so that the physical isolation between the internal host and the internet is realized, the data of the internal host is opaque to the internet, and the IP address of the internal host is hidden under the forwarding of the forward proxy gateway; since a hacker or a malicious program cannot know the proxy setting pointing to the forward proxy gateway, the hacker or the malicious program cannot communicate with the internet through a default route (that is, a transmission route passing through the forward proxy gateway is not cut off), and cannot transmit data to the internet, the risk of system intrusion is reduced, and various risks such as data leakage, property theft, data damage, hardware damage and the like caused by intrusion behavior can be prevented.
Drawings
Fig. 1 is a network topology structure diagram of a first embodiment and a second embodiment of the present invention.
Fig. 2 is a network topology structure diagram of a third embodiment and a fourth embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
The first embodiment is as follows:
the embodiment provides a secure internet access method based on a forward proxy technology, which is applied to a network topology formed by a single local area network.
Referring to fig. 1, the secure internet access method based on the forward proxy technology of the embodiment includes:
configuring at least one forward proxy gateway and a plurality of internal hosts in a local area network;
configuring proxy settings of the internal host to point to a forward proxy gateway;
transmitting an internet application request sent by an internal host to a forward proxy gateway;
the Internet application request sent by the internal host is transmitted to a corresponding target server through the forward proxy gateway, and response data of the target server to the Internet application request is transmitted to the corresponding internal host through the forward proxy gateway;
and, truncating transmission routes that do not pass through the forward proxy gateway.
Specifically, the forward proxy gateway may be a proxy server, or may also be a router, a switch, or a host with a forward proxy function; the internal host is a computer, an internal server, a workstation, a mobile intelligent terminal, a cloud computing terminal and other terminal hosts.
Specifically, for the internal host running the visual operating system, the proxy setting of the internal host may be set for a global proxy of the operating system, or may be set for a proxy of an application such as a browser, an internet application, a mail application, and the like running on the operating system, and actually, only a corresponding proxy setting interface needs to be opened, so that the proxy setting of the internal host may be configured to point to the forward proxy gateway (that is, set to an IP address of the forward proxy gateway and a port of the forward proxy gateway); for application code, parameters regarding proxy settings therein may be set to the IP address of the forward proxy gateway and the port of the forward proxy gateway, i.e., the proxy settings of the internal host may be configured to point to the forward proxy gateway.
Specifically, the internet application request may be a web page access request, an internet application data interaction request, a mail sending and receiving request, and the like, and the internet application request needs to carry target server information (IP address, port, and the like) so that the forward proxy gateway can correctly transmit the internet application request to a corresponding target server.
In the secure internet access method based on the forward proxy technology of this embodiment, proxy settings of an internal host need to be configured to point to a forward proxy gateway, and an internet application request is transmitted to a target server through the forward proxy gateway, and response data of the target server to the internet application request is transmitted to a corresponding internal host, so that an internet application function of the internal host is realized; meanwhile, the internal host only forwards the internet interaction data through the forward proxy gateway, and the internal host does not have the internet interaction authority, so that the physical isolation between the internal host and the internet is realized, the data of the internal host is opaque to the internet, and the IP address of the internal host is hidden under the forwarding of the forward proxy gateway; since a hacker or a malicious program cannot know the proxy setting pointing to the forward proxy gateway, the hacker or the malicious program cannot communicate with the internet through a default route (that is, a transmission route passing through the forward proxy gateway is not cut off), and cannot transmit data to the internet, the risk of system intrusion is reduced, and various risks such as data leakage, property stealing, data damage, hardware damage and the like caused by intrusion can be prevented.
Further, the secure internet access method based on the forward proxy technology of the embodiment further includes:
setting an Access Control List (ACL) in the forward proxy gateway so as to set a Control condition for an Internet application request sent by an internal host;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the Internet application request meets the control conditions of the access control list, transmitting the Internet application request to a corresponding target server through the forward proxy gateway;
and if the Internet application request does not accord with the control condition of the access control list, intercepting the Internet application request to the proxy gateway.
In some possible embodiments, the control condition of the access control list may be set as a web access white list or a web access black list, for example, after the control condition of the access control list is set as the web access white list, when the internet application request sent by the internal host is a web access request, the proxy gateway is determined to determine whether a web page to which the web access request is directed is in the web access white list, if so, the internet application request conforms to the control condition of the access control list, and if not, the internet application request does not conform to the control condition of the access control list.
In other possible embodiments, the control condition of the access control list may be set as an internet application white list or an internet application black list, for example, after the control condition of the access control list is set as the internet application black list, when the internet application request sent by the internal host is an internet application data interaction request, the forward proxy gateway determines whether an internet application to which the internet application data interaction request is directed is in the internet application black list, if so, the internet application request does not meet the control condition of the access control list, and if not, the internet application request meets the control condition of the access control list.
By setting the access control list, the intrusion behavior can be further filtered, and the access of an internal host to unsafe webpages or unnecessary leisure and entertainment webpages can be avoided.
Further, the secure internet access method based on the forward proxy technology of the embodiment further includes:
setting a request body parameter limiting condition in a forward proxy gateway;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the Internet application request meets the request body parameter limiting condition, the Internet application request is transmitted to a corresponding target server through the forward proxy gateway;
and if the Internet application request does not meet the parameter limiting condition of the request body, intercepting the Internet application request to the proxy gateway.
For example, when the data length or byte size of the internet application request is lower than the data length or byte size set by the request body parameter limitation condition, the internet application request conforms to the request body parameter limitation condition, otherwise, the internet application request does not conform to the request body parameter limitation condition.
The intrusion behavior usually needs to transmit larger data volume to the internet, the data volume is far larger than the normal internet application request, and the intrusion behavior disguised as the internet application request can be further filtered by setting the request body parameter limit condition.
Further, the proxy setting of the internal host includes: the IP address of the forward proxy gateway, the port of the forward proxy gateway and the identity authentication information; the identity authentication information may only include a user name, a password, or both the user name and the password; the identity authentication information is added in the proxy setting, even if a hacker or a malicious program can know the IP address of the forward proxy gateway and the port of the forward proxy gateway and direct the transmission route to the forward proxy gateway, the hacker or the malicious program still cannot further know the identity authentication information, so that the hacker or the malicious program cannot pass the verification of the forward proxy gateway and still cannot transmit data to the internet, and various risks such as data leakage, data damage and hardware damage caused by intrusion are further reduced.
Further, the secure internet access method based on the forward proxy technology of the embodiment further includes:
configuring at least one monitoring server and at least one honeypot host in a local area network;
monitoring the route transmission behavior in the local area network through a monitoring server;
and the monitoring server guides the transmission route which does not pass through the forward proxy gateway to the honeypot host according to the monitored route transmission behavior.
Specifically, the honeypot host is a terminal host such as a computer, an internal server and a workstation which are loaded with data traps, false data or blank data, and after a transmission route which does not pass through the forward proxy gateway is guided to the honeypot host, a hacker or a malicious program can only acquire the data traps, the false data or the blank data loaded in the honeypot host, so that various risks such as data leakage, data damage and hardware damage caused by intrusion behavior are further reduced; in addition, the monitoring server monitors the route transmission behavior in the local area network, and after the notification or the recording rule is set, the monitoring server can feed back the suspicious route transmission behavior to an administrator in real time or record the suspicious route transmission behavior in a memory of the monitoring server.
Example two:
the embodiment provides a secure internet access system based on forward proxy technology, which is applied in a single lan, that is, in a network topology composed of a single lan.
Referring to fig. 1, a secure internet access system based on forward proxy technology of the present embodiment includes an internal host configured in a local area network and a forward proxy gateway;
the internal host is used for sending out an Internet application request, configuring the proxy setting of the internal host to point to the forward proxy gateway and transmitting the Internet application request sent out by the internal host to the forward proxy gateway;
the forward proxy gateway is used for transmitting the internet application request sent by the internal host to the corresponding target server and transmitting the response data of the target server to the internet application request to the corresponding internal host.
Specifically, the forward proxy gateway may be a proxy server, or may also be a router, a switch, or a host with a forward proxy function; the internal host is a computer, an internal server, a workstation, a mobile intelligent terminal, a cloud computing terminal and other terminal hosts.
Specifically, for the internal host running the visual operating system, the proxy setting of the internal host may be set for a global proxy of the operating system, or may be set for a proxy of an application such as a browser, an internet application, a mail application, and the like running on the operating system, and actually, only a corresponding proxy setting interface needs to be opened, so that the proxy setting of the internal host may be configured to point to the forward proxy gateway (that is, set to an IP address of the forward proxy gateway and a port of the forward proxy gateway); for application code, the parameters about proxy settings can be set to the IP address of the forward proxy gateway and the port of the forward proxy gateway, i.e. the proxy settings of the internal host can be configured to point to the forward proxy gateway.
Specifically, the internet application request may be a web page access request, an internet application data interaction request, a mail sending and receiving request, and the like, and the internet application request needs to carry target server information (IP address, port, and the like) so that the forward proxy gateway can correctly transmit the internet application request to a corresponding target server.
In the secure internet access system based on the forward proxy technology of this embodiment, proxy settings of the internal host need to be configured to point to the forward proxy gateway, and the internet application request is transmitted to the target server through the forward proxy gateway, and response data of the target server to the internet application request is transmitted to the corresponding internal host, so that the internet application function of the internal host is realized; meanwhile, the internal host only forwards the internet interaction data through the forward proxy gateway, and the internal host does not have the internet interaction authority, so that the physical isolation between the internal host and the internet is realized, the data of the internal host is opaque to the internet, and the IP address of the internal host is hidden under the forwarding of the forward proxy gateway; since a hacker or a malicious program cannot know the proxy setting pointing to the forward proxy gateway, the hacker or the malicious program cannot communicate with the internet through a default route (that is, a transmission route passing through the forward proxy gateway is not cut off), and cannot transmit data to the internet, the risk of system intrusion is reduced, and various risks such as data leakage, property theft, data damage, hardware damage and the like caused by intrusion behavior can be prevented.
Further, in this embodiment, an Access Control List (ACL) is set in the forward proxy gateway to set a Control condition for an internet application request sent by the internal host;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the Internet application request meets the control conditions of the access control list, transmitting the Internet application request to a corresponding target server through the forward proxy gateway;
and if the Internet application request does not meet the control condition of the access control list, intercepting the Internet application request to the proxy gateway.
In some possible embodiments, the control condition of the access control list may be set as a web access white list or a web access black list, for example, after the control condition of the access control list is set as the web access white list, when the internet application request sent by the internal host is a web access request, the proxy gateway is determined to determine whether a web page to which the web access request is directed is in the web access white list, if so, the internet application request conforms to the control condition of the access control list, and if not, the internet application request does not conform to the control condition of the access control list.
In other possible embodiments, the control condition of the access control list may be set as an internet application white list or an internet application blacklist, for example, after the control condition of the access control list is set as the internet application blacklist, when the internet application request sent by the internal host is an internet application data interaction request, the forward proxy gateway determines whether an internet application to which the internet application data interaction request is directed is in the internet application blacklist, if so, the internet application request does not meet the control condition of the access control list, and if not, the internet application request meets the control condition of the access control list.
By setting the access control list, the intrusion behavior can be further filtered, and the access of an internal host to unsafe webpages or unnecessary leisure and entertainment webpages can be avoided.
Further, in this embodiment, a request body parameter defining condition is set in the forward proxy gateway;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the internet application request meets the request body parameter limiting condition, the internet application request is transmitted to a corresponding target server through the forward proxy gateway;
and if the Internet application request does not meet the parameter limiting condition of the request body, intercepting the Internet application request to the proxy gateway.
For example, when the data length or byte size of the internet application request is lower than the data length or byte size set by the request body parameter limitation condition, the internet application request conforms to the request body parameter limitation condition, otherwise, the internet application request does not conform to the request body parameter limitation condition.
The intrusion behavior usually needs to transmit a larger data volume to the internet, the data volume is far larger than a normal internet application request, and the intrusion behavior disguised as the internet application request can be further filtered by setting a request body parameter limiting condition.
Further, the proxy setting of the internal host includes: the IP address of the forward proxy gateway, the port of the forward proxy gateway and the identity authentication information; the identity authentication information may only include a user name, a password, or both the user name and the password; the identity authentication information is added in the proxy setting, even if a hacker or a malicious program can know the IP address of the forward proxy gateway and the port of the forward proxy gateway and direct the transmission route to the forward proxy gateway, the hacker or the malicious program still cannot further know the identity authentication information, so that the hacker or the malicious program cannot pass the verification of the forward proxy gateway and still cannot transmit data to the internet, and various risks such as data leakage, data damage and hardware damage caused by intrusion are further reduced.
Further, the secure internet access system based on the forward proxy technology of this embodiment further includes: at least one monitoring server and at least one honeypot host configured in a local area network;
the monitoring server is used for monitoring the route transmission behavior in the local area network, guiding the transmission route which does not pass through the forward proxy gateway to the honeypot host computer according to the route transmission behavior monitored by the monitoring server.
Specifically, the honeypot host is a terminal host such as a computer, an internal server and a workstation which are loaded with data traps, false data or blank data, and after a transmission route which does not pass through the forward proxy gateway is guided to the honeypot host, a hacker or a malicious program can only acquire the data traps, the false data or the blank data loaded in the honeypot host, so that various risks such as data leakage, data damage and hardware damage caused by intrusion behavior are further reduced; in addition, the monitoring server monitors the route transmission behavior in the local area network, and after the notification or the recording rule is set, the monitoring server can feed back the suspicious route transmission behavior to an administrator in real time or record the suspicious route transmission behavior in a memory of the monitoring server.
Example three:
the embodiment provides a secure internet access method based on a forward proxy technology, which is applied to a network topology formed by a plurality of local area networks.
Referring to fig. 2, the secure internet access method based on the forward proxy technology of the embodiment includes:
configuring a plurality of local area networks, configuring at least one NAT gateway and a plurality of internal hosts in each local area network, and converting the internal IP address of each internal host into a public network IP address through the NAT gateway;
configuring at least one forward proxy gateway in the Internet or one of the local area networks;
in each local area network, configuring proxy settings of an internal host and an NAT gateway to point to a forward proxy gateway;
transmitting an internet application request sent by an internal host to a forward proxy gateway;
the Internet application request sent by the internal host is transmitted to a corresponding target server through the forward proxy gateway, and response data of the target server to the Internet application request is transmitted to the corresponding internal host through the forward proxy gateway;
and, truncating the transmission route which does not pass through the forward proxy gateway.
Specifically, the forward proxy gateway may be a proxy server, or may also be a router, a switch, or a host with a forward proxy function; the internal host is a terminal host such as a computer, an internal server, a workstation, a mobile intelligent terminal and a cloud computing terminal; the NAT gateway may be an NAT server, or a router, a switch, or a host having a NAT service function, and may provide NAT service for the internal hosts in the local area network where the NAT gateway is located, that is, convert the internal IP addresses of the internal hosts into public network IP addresses.
Specifically, for the internal host running the visual operating system, the proxy setting of the internal host may be set for a global proxy of the operating system, or may be set for a proxy of an application such as a browser, an internet application, a mail application, and the like running on the operating system, and actually, only a corresponding proxy setting interface needs to be opened, so that the proxy setting of the internal host may be configured to point to the forward proxy gateway (that is, set to an IP address of the forward proxy gateway and a port of the forward proxy gateway); for the application program code, the parameters related to the proxy setting can be set as the IP address of the forward proxy gateway and the port of the forward proxy gateway, that is, the proxy setting of the internal host can be configured to point to the forward proxy gateway; the proxy setting of the NAT gateway can configure the proxy setting of the internal host to point to the forward proxy gateway (namely, the proxy setting is set as the IP address of the forward proxy gateway and the port of the forward proxy gateway) only by opening a proxy setting interface of the NAT gateway.
Specifically, the internet application request may be a web page access request, an internet application data interaction request, a mail sending and receiving request, and the like, and the internet application request needs to carry target server information (IP address, port, and the like) so that the forward proxy gateway can correctly transmit the internet application request to a corresponding target server.
In the secure internet access method based on the forward proxy technology of this embodiment, proxy settings of the internal host and the NAT gateway need to be configured to point to the forward proxy gateway, and the internet application request is transmitted to the target server through the forward proxy gateway, and response data of the target server to the internet application request is transmitted to the corresponding internal host, thereby implementing the internet application function of the internal host; meanwhile, the internal host only forwards internet interaction data through the forward proxy gateway, and the internal host does not have internet interaction authority, so that physical isolation between the internal host and the internet is realized, the data of the internal host is opaque to the internet, and the IP address of the internal host is hidden under the forwarding of the forward proxy gateway; since a hacker or a malicious program cannot know the proxy setting pointing to the forward proxy gateway, the hacker or the malicious program cannot communicate with the internet through a default route (that is, a transmission route passing through the forward proxy gateway is not cut off), and cannot transmit data to the internet, the risk of system intrusion is reduced, and various risks such as data leakage, property theft, data damage, hardware damage and the like caused by intrusion behavior can be prevented.
Further, the secure internet access method based on the forward proxy technology of the embodiment further includes:
setting an Access Control List (ACL) in the forward proxy gateway so as to set a Control condition for an Internet application request sent by an internal host;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the Internet application request meets the control conditions of the access control list, transmitting the Internet application request to a corresponding target server through the forward proxy gateway;
and if the Internet application request does not accord with the control condition of the access control list, intercepting the Internet application request to the proxy gateway.
In some possible embodiments, the control condition of the access control list may be set as a web access white list or a web access black list, for example, after the control condition of the access control list is set as the web access white list, when the internet application request sent by the internal host is a web access request, the proxy gateway is determined to determine whether a web page to which the web access request is directed is in the web access white list, if so, the internet application request conforms to the control condition of the access control list, and if not, the internet application request does not conform to the control condition of the access control list.
In other possible embodiments, the control condition of the access control list may be set as an internet application white list or an internet application black list, for example, after the control condition of the access control list is set as the internet application black list, when the internet application request sent by the internal host is an internet application data interaction request, the forward proxy gateway determines whether an internet application to which the internet application data interaction request is directed is in the internet application black list, if so, the internet application request does not meet the control condition of the access control list, and if not, the internet application request meets the control condition of the access control list.
By setting the access control list, the intrusion behavior can be further filtered, and the access of an internal host to unsafe webpages or unnecessary leisure and entertainment webpages can be avoided.
Further, the secure internet access method based on the forward proxy technology of the embodiment further includes:
setting a request body parameter limiting condition in a forward proxy gateway;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the internet application request meets the request body parameter limiting condition, the internet application request is transmitted to a corresponding target server through the forward proxy gateway;
and if the Internet application request does not meet the parameter limiting condition of the request body, intercepting the Internet application request to the proxy gateway.
For example, when the data length or byte size of the internet application request is lower than the data length or byte size set by the request body parameter limitation condition, the internet application request conforms to the request body parameter limitation condition, otherwise, the internet application request does not conform to the request body parameter limitation condition.
The intrusion behavior usually needs to transmit larger data volume to the internet, the data volume is far larger than the normal internet application request, and the intrusion behavior disguised as the internet application request can be further filtered by setting the request body parameter limit condition.
Further, the proxy setting of the internal host includes: the IP address of the forward proxy gateway, the port of the forward proxy gateway and the identity authentication information; the identity authentication information may only include a user name, a password, or both the user name and the password; the identity authentication information is added in the proxy setting, even if a hacker or a malicious program can know the IP address of the forward proxy gateway and the port of the forward proxy gateway and direct the transmission route to the forward proxy gateway, the hacker or the malicious program still cannot further know the identity authentication information, so that the hacker or the malicious program cannot pass the verification of the forward proxy gateway and still cannot transmit data to the internet, and various risks such as data leakage, data damage and hardware damage caused by intrusion are further reduced.
Further, the secure internet access method based on the forward proxy technology of this embodiment further includes:
configuring at least one monitoring server and at least one honeypot host in a local area network;
monitoring the route transmission behavior in the local area network through a monitoring server;
and the monitoring server guides the transmission route which does not pass through the forward proxy gateway to the honeypot host according to the monitored route transmission behavior.
Specifically, the honeypot host is a terminal host such as a computer, an internal server and a workstation which are loaded with data traps, false data or blank data, and after a transmission route which does not pass through the forward proxy gateway is guided to the honeypot host, a hacker or a malicious program can only acquire the data traps, the false data or the blank data loaded in the honeypot host, so that various risks such as data leakage, data damage and hardware damage caused by intrusion behavior are further reduced; in addition, the monitoring server monitors the route transmission behavior in the local area network, and after the notification or the recording rule is set, the monitoring server can feed back the suspicious route transmission behavior to an administrator in real time or record the suspicious route transmission behavior in a memory of the monitoring server.
Example four:
the embodiment provides a secure internet access system based on forward proxy technology, which is applied in a plurality of local area networks, namely, is applied in a network topology formed by a plurality of local area networks, and is convenient for multi-place office or cooperative management.
Referring to fig. 2, a secure internet access system based on forward proxy technology of the present embodiment includes a plurality of lans;
in each local area network, at least one NAT gateway and a plurality of internal hosts are configured; at least one forward proxy gateway is configured in the Internet or one of the local area networks;
the NAT gateway is used for converting the internal IP address of each internal host into a public network IP address and configuring the proxy setting of the NAT gateway to point to a forward proxy gateway;
the internal host is used for sending out an internet application request, configuring the proxy setting of the internal host to point to the forward proxy gateway and transmitting the internet application request sent out by the internal host to the forward proxy gateway;
the forward proxy gateway is used for transmitting the internet application request sent by the internal host to the corresponding target server and transmitting the response data of the target server to the internet application request to the corresponding internal host.
Specifically, the forward proxy gateway may be a proxy server, or may also be a router, a switch, or a host with a forward proxy function; the internal host is a terminal host such as a computer, an internal server, a workstation, a mobile intelligent terminal and a cloud computing terminal; the NAT gateway may be an NAT server, or a router, a switch, or a host having a NAT service function, and may provide NAT service for the internal hosts in the local area network where the NAT gateway is located, that is, convert the internal IP addresses of the internal hosts into public network IP addresses.
Specifically, the proxy setting of the internal host may be, for the internal host running the visual operating system, a global proxy setting of the operating system, or a proxy setting of an application such as a browser, an internet application, a mail application, and the like running on the operating system, and actually, only a corresponding proxy setting interface needs to be opened, so that the proxy setting of the internal host can be configured to point to the forward proxy gateway (i.e., an IP address of the forward proxy gateway and a port of the forward proxy gateway are set); for the application program code, the parameters related to the proxy setting can be set as the IP address of the forward proxy gateway and the port of the forward proxy gateway, namely, the proxy setting of the internal host can be configured to point to the forward proxy gateway; the proxy setting of the NAT gateway can configure the proxy setting of the internal host to point to the forward proxy gateway (namely, the proxy setting is set as the IP address of the forward proxy gateway and the port of the forward proxy gateway) only by opening a proxy setting interface of the NAT gateway.
Specifically, the internet application request may be a web page access request, an internet application program data interaction request, a mail sending and receiving request, and the like, and the internet application request needs to carry target server information (an IP address, a port, and the like) so that the forward proxy gateway can correctly transmit the internet application request to a corresponding target server.
In the secure internet access system based on the forward proxy technology of this embodiment, proxy settings of an internal host and an NAT gateway need to be configured to point to a forward proxy gateway, and an internet application request is transmitted to a target server through the forward proxy gateway, and response data of the target server to the internet application request is transmitted to a corresponding internal host, thereby implementing an internet application function of the internal host; meanwhile, the internal host only forwards internet interaction data through the forward proxy gateway, and the internal host does not have internet interaction authority, so that physical isolation between the internal host and the internet is realized, the data of the internal host is opaque to the internet, and the IP address of the internal host is hidden under the forwarding of the forward proxy gateway; since a hacker or a malicious program cannot know the proxy setting pointing to the forward proxy gateway, the hacker or the malicious program cannot communicate with the internet through a default route (that is, a transmission route passing through the forward proxy gateway is not cut off), and cannot transmit data to the internet, the risk of system intrusion is reduced, and various risks such as data leakage, property theft, data damage, hardware damage and the like caused by intrusion behavior can be prevented.
Further, in this embodiment, an Access Control List (ACL) is set in the forward proxy gateway to set a Control condition for an internet application request sent by the internal host;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the Internet application request meets the control conditions of the access control list, transmitting the Internet application request to a corresponding target server through the forward proxy gateway;
and if the Internet application request does not meet the control condition of the access control list, intercepting the Internet application request to the proxy gateway.
In some possible embodiments, the control condition of the access control list may be set as a web access white list or a web access black list, for example, after the control condition of the access control list is set as the web access white list, when the internet application request sent by the internal host is a web access request, the proxy gateway is determined to determine whether a web page to which the web access request is directed is in the web access white list, if so, the internet application request conforms to the control condition of the access control list, and if not, the internet application request does not conform to the control condition of the access control list.
In other possible embodiments, the control condition of the access control list may be set as an internet application white list or an internet application black list, for example, after the control condition of the access control list is set as the internet application black list, when the internet application request sent by the internal host is an internet application data interaction request, the forward proxy gateway determines whether an internet application to which the internet application data interaction request is directed is in the internet application black list, if so, the internet application request does not meet the control condition of the access control list, and if not, the internet application request meets the control condition of the access control list.
By setting the access control list, the intrusion behavior can be further filtered, and the access of an internal host to unsafe webpages or unnecessary leisure and entertainment webpages can be avoided.
Further, in this embodiment, a request body parameter defining condition is set in the forward proxy gateway;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the internet application request meets the request body parameter limiting condition, the internet application request is transmitted to a corresponding target server through the forward proxy gateway;
and if the Internet application request does not meet the parameter limiting condition of the request body, intercepting the Internet application request to the proxy gateway.
For example, when the data length or byte size of the internet application request is lower than the data length or byte size set by the request body parameter limitation condition, the internet application request conforms to the request body parameter limitation condition, otherwise, the internet application request does not conform to the request body parameter limitation condition.
The intrusion behavior usually needs to transmit larger data volume to the internet, the data volume is far larger than the normal internet application request, and the intrusion behavior disguised as the internet application request can be further filtered by setting the request body parameter limit condition.
Further, the proxy setting of the internal host includes: the IP address of the forward proxy gateway, the port of the forward proxy gateway and the identity authentication information; the identity authentication information may only include a user name, a password, or both the user name and the password; the identity authentication information is added in the proxy setting, even if a hacker or a malicious program can know the IP address of the forward proxy gateway and the port of the forward proxy gateway and direct the transmission route to the forward proxy gateway, the hacker or the malicious program still cannot further know the identity authentication information, so that the hacker or the malicious program cannot pass the verification of the forward proxy gateway and still cannot transmit data to the internet, and various risks such as data leakage, data damage and hardware damage caused by intrusion are further reduced.
Further, the secure internet access system based on the forward proxy technology of this embodiment further includes: at least one monitoring server and at least one honeypot host configured in a local area network;
the monitoring server is used for monitoring the route transmission behavior in the local area network, guiding the transmission route which does not pass through the forward proxy gateway to the honeypot host computer according to the route transmission behavior monitored by the monitoring server.
Specifically, the honeypot host is a terminal host such as a computer, an internal server and a workstation which are loaded with data traps, false data or blank data, and after a transmission route which does not pass through the forward proxy gateway is guided to the honeypot host, a hacker or a malicious program can only obtain the data traps, the false data or the blank data loaded in the honeypot host, so that various risks such as data leakage, data damage and hardware damage caused by intrusion behavior are further reduced; in addition, the monitoring server monitors the route transmission behavior in the local area network, and after the notification or the recording rule is set, the monitoring server can feed back the suspicious route transmission behavior to an administrator in real time or record the suspicious route transmission behavior in a memory of the monitoring server.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. A secure Internet access method based on forward proxy technology is characterized by comprising the following steps:
configuring at least one forward proxy gateway and a plurality of internal hosts in a local area network;
configuring proxy settings of the internal host to point to the forward proxy gateway;
transmitting an internet application request issued by the internal host to the forward proxy gateway;
transmitting an internet application request sent by the internal host to a corresponding target server through the forward proxy gateway, and transmitting response data of the target server to the internet application request to the corresponding internal host through the forward proxy gateway;
and, truncating transmission routes that do not pass through the forward proxy gateway.
2. A secure internet access method based on forward proxy technology as claimed in claim 1, wherein the proxy setting of the internal host includes: the IP address of the forward proxy gateway, the port of the forward proxy gateway and the identity authentication information.
3. The secure internet access method based on forward proxy technology as claimed in claim 1, further comprising:
setting an Access Control List (ACL) in the forward proxy gateway to set a control condition for an Internet application request sent by the internal host;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the Internet application request meets the control condition of the access control list, transmitting the Internet application request to a corresponding target server through the forward proxy gateway;
if the Internet application request does not meet the control condition of the access control list, the forward proxy gateway intercepts the Internet application request;
setting a request body parameter limiting condition in the forward proxy gateway;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the internet application request meets the request body parameter limiting condition, transmitting the internet application request to a corresponding target server through the forward proxy gateway;
and if the internet application request does not meet the request body parameter limiting condition, the forward proxy gateway intercepts the internet application request.
4. The secure internet access method based on the forward proxy technology as claimed in claim 1, further comprising:
configuring at least one monitoring server and at least one honeypot host in the local area network;
monitoring, by the monitoring server, a routing behavior in the local area network;
and the monitoring server guides the transmission route which does not pass through the forward proxy gateway to the honeypot host according to the monitored route transmission behavior.
5. A secure Internet access method based on forward proxy technology is characterized by comprising the following steps:
configuring a plurality of local area networks, configuring at least one NAT gateway and a plurality of internal hosts in each local area network, and converting the internal IP address of each internal host into a public network IP address through the NAT gateway;
configuring at least one forward proxy gateway in the Internet or one of the local area networks;
in each local area network, configuring proxy settings of the internal host and the NAT gateway to point to the forward proxy gateway;
transmitting an internet application request issued by the internal host to the forward proxy gateway;
transmitting an internet application request sent by the internal host to a corresponding target server through the forward proxy gateway, and transmitting response data of the target server to the internet application request to the corresponding internal host through the forward proxy gateway;
and intercepting transmission routes which do not pass through the forward proxy gateway.
6. A secure internet access method based on forward proxy technology as claimed in claim 5, wherein the proxy setting of the internal host includes: the IP address of the forward proxy gateway, the port of the forward proxy gateway and the identity authentication information.
7. The secure internet access method based on forward proxy technology as claimed in claim 5, further comprising:
setting an Access Control List (ACL) in the forward proxy gateway to set a control condition for an Internet application request sent by the internal host;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the Internet application request meets the control condition of the access control list, transmitting the Internet application request to a corresponding target server through the forward proxy gateway;
and if the Internet application request does not meet the control condition of the access control list, the forward proxy gateway intercepts the Internet application request.
Setting a request body parameter limiting condition in the forward proxy gateway;
after the internet application request sent by the internal host is transmitted to the forward proxy gateway, the following steps are carried out:
if the Internet application request meets the request body parameter limiting condition, the Internet application request is transmitted to a corresponding target server through the forward proxy gateway;
and if the Internet application request does not accord with the request body parameter limiting condition, the forward proxy gateway intercepts the Internet application request.
8. The secure internet access method based on forward proxy technology as claimed in claim 5, further comprising:
in at least one local area network, at least one monitoring server and at least one honeypot host are also configured;
monitoring, by the monitoring server, a routing behavior in the local area network;
and the monitoring server guides the transmission route which does not pass through the forward proxy gateway to the honeypot host according to the monitored route transmission behavior.
9. A safe Internet access system based on forward proxy technology, which is applied in a single local area network, is characterized by comprising an internal host and a forward proxy gateway configured in the local area network;
the internal host is used for sending out an internet application request, configuring the proxy setting of the internal host to point to the forward proxy gateway, and transmitting the internet application request sent out by the internal host to the forward proxy gateway;
the forward proxy gateway is used for transmitting the internet application request sent by the internal host to a corresponding target server and transmitting the response data of the target server to the internet application request to the corresponding internal host.
10. A safe internet access system based on forward proxy technology is characterized by comprising a plurality of local area networks;
at least one NAT gateway and a plurality of internal hosts are configured in each local area network; at least one forward proxy gateway is configured in the Internet or one of the local area networks;
the NAT gateway is used for converting the internal IP address of each internal host into a public network IP address and configuring the proxy setting of the NAT gateway to point to the forward proxy gateway;
the internal host is used for sending out an internet application request, configuring the proxy setting of the internal host to point to the forward proxy gateway, and transmitting the internet application request sent out by the internal host to the forward proxy gateway;
the forward proxy gateway is used for transmitting the internet application request sent by the internal host to a corresponding target server and transmitting the response data of the target server to the internet application request to the corresponding internal host.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210994041.1A CN115242730A (en) | 2022-08-18 | 2022-08-18 | Safe internet access method and system based on forward proxy technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210994041.1A CN115242730A (en) | 2022-08-18 | 2022-08-18 | Safe internet access method and system based on forward proxy technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115242730A true CN115242730A (en) | 2022-10-25 |
Family
ID=83679494
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210994041.1A Pending CN115242730A (en) | 2022-08-18 | 2022-08-18 | Safe internet access method and system based on forward proxy technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115242730A (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030174648A1 (en) * | 2001-10-17 | 2003-09-18 | Mea Wang | Content delivery network by-pass system |
| US6751677B1 (en) * | 1999-08-24 | 2004-06-15 | Hewlett-Packard Development Company, L.P. | Method and apparatus for allowing a secure and transparent communication between a user device and servers of a data access network system via a firewall and a gateway |
| CN1553638A (en) * | 2003-06-06 | 2004-12-08 | 华为技术有限公司 | Address converting method based on identity authentication |
| US20070192593A1 (en) * | 2005-12-29 | 2007-08-16 | Boisjolie Darren R | Method and system for transparent bridging and bi-directional management of network data |
| CN101436958A (en) * | 2007-11-16 | 2009-05-20 | 太极计算机股份有限公司 | Method for resisting abnegation service aggression |
| CN102209124A (en) * | 2011-06-08 | 2011-10-05 | 杭州华三通信技术有限公司 | Method for communication between private network and public network and network address translation equipment |
| CN106534319A (en) * | 2016-11-22 | 2017-03-22 | 深圳市掌世界网络科技有限公司 | Method for direct access to target server through proxy server |
| US20170331856A1 (en) * | 2016-05-12 | 2017-11-16 | Attivo Networks Inc. | Luring attackers towards deception servers |
| US20170374088A1 (en) * | 2016-06-22 | 2017-12-28 | Sable Networks, Inc. | Individually assigned server alias address for contacting a server |
| CN114006715A (en) * | 2020-12-31 | 2022-02-01 | 广州非凡信息安全技术有限公司 | Method for setting attack counterscript based on transparent proxy |
-
2022
- 2022-08-18 CN CN202210994041.1A patent/CN115242730A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6751677B1 (en) * | 1999-08-24 | 2004-06-15 | Hewlett-Packard Development Company, L.P. | Method and apparatus for allowing a secure and transparent communication between a user device and servers of a data access network system via a firewall and a gateway |
| US20030174648A1 (en) * | 2001-10-17 | 2003-09-18 | Mea Wang | Content delivery network by-pass system |
| CN1553638A (en) * | 2003-06-06 | 2004-12-08 | 华为技术有限公司 | Address converting method based on identity authentication |
| US20070192593A1 (en) * | 2005-12-29 | 2007-08-16 | Boisjolie Darren R | Method and system for transparent bridging and bi-directional management of network data |
| CN101436958A (en) * | 2007-11-16 | 2009-05-20 | 太极计算机股份有限公司 | Method for resisting abnegation service aggression |
| CN102209124A (en) * | 2011-06-08 | 2011-10-05 | 杭州华三通信技术有限公司 | Method for communication between private network and public network and network address translation equipment |
| US20170331856A1 (en) * | 2016-05-12 | 2017-11-16 | Attivo Networks Inc. | Luring attackers towards deception servers |
| US20170374088A1 (en) * | 2016-06-22 | 2017-12-28 | Sable Networks, Inc. | Individually assigned server alias address for contacting a server |
| CN106534319A (en) * | 2016-11-22 | 2017-03-22 | 深圳市掌世界网络科技有限公司 | Method for direct access to target server through proxy server |
| CN114006715A (en) * | 2020-12-31 | 2022-02-01 | 广州非凡信息安全技术有限公司 | Method for setting attack counterscript based on transparent proxy |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11757941B2 (en) | System and method for providing network and computer firewall protection with dynamic address isolation to a device | |
| US10193924B2 (en) | Network intrusion diversion using a software defined network | |
| US8661250B2 (en) | Remote activation of covert service channels | |
| US7100201B2 (en) | Undetectable firewall | |
| US8082578B2 (en) | Intelligent firewall | |
| CN105430011B (en) | A kind of method and apparatus detecting distributed denial of service attack | |
| CN212850561U (en) | Network safety isolation device for realizing intranet information safety | |
| US10397225B2 (en) | System and method for network access control | |
| CN109995769B (en) | Multi-stage heterogeneous trans-regional full-real-time safety management and control method and system | |
| Toosarvandani et al. | The risk assessment and treatment approach in order to provide LAN security based on ISMS standard | |
| CN114884647A (en) | Network access management method and related equipment | |
| Kunal et al. | A secure software defined networking for distributed environment | |
| CN115242730A (en) | Safe internet access method and system based on forward proxy technology | |
| CN113206852B (en) | Safety protection method, device, equipment and storage medium | |
| CN113328976B (en) | Security threat event identification method, device and equipment | |
| Cisco | Glossary | |
| CN113630381A (en) | Distributed and artificial intelligence-based duplex energized network attack and defense method and system | |
| KR102184757B1 (en) | Network hidden system and method | |
| CN114124523B (en) | Zero-trust and network trapping combined network defense system and method | |
| US11916957B1 (en) | System and method for utilizing DHCP relay to police DHCP address assignment in ransomware protected network | |
| US20240259431A1 (en) | System and method for providing network and computer firewall protection with dynamic address isolation to a device | |
| CN118138257A (en) | Intranet abnormal equipment detection method, device, equipment and storage medium | |
| CN118199943A (en) | High-expansibility network security host | |
| CN118157967A (en) | Remote access system and method | |
| CN116260600A (en) | Network address identification method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |