CN116582469A - Illegal external connection monitoring method, device, equipment and storage medium - Google Patents

Illegal external connection monitoring method, device, equipment and storage medium Download PDF

Info

Publication number
CN116582469A
CN116582469A CN202310572237.6A CN202310572237A CN116582469A CN 116582469 A CN116582469 A CN 116582469A CN 202310572237 A CN202310572237 A CN 202310572237A CN 116582469 A CN116582469 A CN 116582469A
Authority
CN
China
Prior art keywords
service server
web service
static code
preset
result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310572237.6A
Other languages
Chinese (zh)
Inventor
李宏昆
王聪
范渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN202310572237.6A priority Critical patent/CN116582469A/en
Publication of CN116582469A publication Critical patent/CN116582469A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a method, a device, equipment and a storage medium for monitoring illegal external connection, which relate to the technical field of network security and comprise the following steps: sending a detection message to a preset Web service server to judge whether the Web service server survives or not, and generating a corresponding judgment result; inserting a target static code into the Web service server based on the judging result so that the target static code is loaded to a terminal where the Web service server is located after the Web service server is started; and accessing the preset public network receiving end platform based on the target static code, and determining whether to send access data to the preset public network receiving end platform by using the target static code based on the access result so as to carry out alarm operation after the preset public network receiving end platform receives the access data. Therefore, a detection message can be sent to the server, and after the survival of the server is confirmed, the illegal external connection monitoring is realized by inserting static codes into the server, so that the installation of a client program is avoided, and the operation flow is effectively simplified.

Description

Illegal external connection monitoring method, device, equipment and storage medium
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for monitoring illegal external connection.
Background
With the growing maturity of internet technology, various terminal layers are endless, and access of types of devices such as a PC terminal, an Internet of things terminal, a video terminal and the like to an enterprise intranet has become a trend of future development. In some secure environments, access is only allowed to internal network devices such as OA (Office Automation ) servers, NVR (Network Video Recorder, network video recorder) devices, network management type switches, and the like. However, there may still be illegal external connection phenomena such as private connection of mobile phone hotspots, private routers, illegal connection of the internet, etc. The illegal external connection may bring great potential safety hazard to enterprises and units, while the internal network of the units may involve confidential information, and disclosure of the confidential information may bring serious consequences to the units or enterprises, so a scheme for solving the illegal external connection is needed.
In the prior art, in order to realize the illegal external connection, a client plug-in is generally required to be installed on a PC end, namely, the client plug-in is respectively installed on a PC terminal connected with an intranet and a server, and an illegal external connection online monitoring and management system is deployed. However, in an intranet with huge flow, the communication between the PC end and the central I/O needs powerful hardware as a basis, if the hardware cost is too high, enterprises are hard to bear, if the hardware configuration is too low, too much flow access leads to downtime of a server, and therefore illegal external connection behavior in the intranet is difficult to monitor.
Disclosure of Invention
In view of the above, the present application aims to provide a method, an apparatus, a device and a storage medium for monitoring illegal external connection, which can send a detection message to a server, and when the survival of the server is confirmed, the illegal external connection monitoring is realized by inserting a static code into the server, so that the installation of a client program is avoided, and the operation flow is effectively simplified. The specific scheme is as follows:
in a first aspect, the application discloses an illegal external connection monitoring method, which is applied to an intranet monitoring server and comprises the following steps:
sending a detection message to a preset Web service server to judge whether the Web service server survives or not, and generating a corresponding judgment result;
inserting a target static code into the Web service server based on the judging result, so that the target static code is loaded to a terminal where the Web service server is located after the Web service server is started;
and accessing a preset public network receiving end platform based on the target static code, and determining whether to send access data to the preset public network receiving end platform by using the target static code based on an access result so that the preset public network receiving end platform can carry out alarm operation after receiving the access data.
Optionally, before sending the detection message to the preset Web service server to determine whether the Web service server survives and generating the corresponding determination result, the method further includes:
locally configuring a global JS service to generate a target static code based on the global JS service; the global JS service is a JavaScript service; the target static code is static code generated based on JavaScript.
Optionally, before sending the detection message to the preset Web service server to determine whether the Web service server survives and generating the corresponding determination result, the method further includes:
locally configuring preset Web site information to insert a target static code into the Web service server based on the preset Web site information; the preset Web site information is information of an HTML portal file catalog of a Web service server.
Optionally, the sending a detection message to a preset Web service server to determine whether the Web service server survives, and generating a corresponding determination result, includes:
sending an ICMP or TCPING detection message to a preset Web service server to judge whether a response result fed back by the Web service server can be received or not;
if the response result fed back by the Web service server can be received, the Web service server is characterized to be in a survival state, and a first judgment result that the Web service server is in the survival state is generated;
and if the response result fed back by the Web service server cannot be received, characterizing that the Web service server is in a non-survival state, and generating a second judgment result that the Web service server is in the non-survival state.
Optionally, the inserting the target static code into the Web service server based on the determination result, so that after the Web service server is started, the target static code is loaded to a terminal where the Web service server is located, includes:
if the judgment result is the first judgment result, inserting the target static code into an HTML portal of the Web service server based on the preset Web site information, so that after the Web service server is started, loading the target static code into a terminal where the Web service server is located based on the HTML portal;
and if the judging result is the second judging result, ending the illegal external connection monitoring.
Optionally, the accessing the preset public network receiving end platform based on the target static code, and determining whether to send the access data to the preset public network receiving end platform by using the target static code based on the access result, so that the preset public network receiving end platform performs the alarm operation after receiving the access data, including:
judging whether the target static code is executed at the terminal, if so, accessing a preset public network receiving end platform based on the target static code, and generating an access result;
if the access result is successful access, indicating that the terminal has illegal external connection operation, and sending access data to the preset public network receiving end platform by utilizing the target static code so as to carry out alarm operation after the preset public network receiving end platform receives the access data;
and if the access result is access failure, characterizing that the terminal has no illegal external connection operation, and ending illegal external connection monitoring.
In a second aspect, the application discloses an illegal external connection monitoring device, which is applied to an intranet monitoring server and comprises:
the server state judging module is used for sending a detection message to a preset Web service server to judge whether the Web service server survives or not and generating a corresponding judging result;
the code sending module is used for inserting a target static code into the Web service server based on the judging result so that the target static code is loaded to a terminal where the Web service server is located after the Web service server is started;
and the alarm module is used for accessing a preset public network receiving end platform based on the target static code, determining whether to send access data to the preset public network receiving end platform by using the target static code based on an access result, and performing alarm operation after the preset public network receiving end platform receives the access data.
Optionally, the server state judging module includes:
the feedback receiving judging unit is used for sending an ICMP or TCPING detection message to a preset Web service server so as to judge whether a response result fed back by the Web service server can be received or not;
the first judgment result generation unit is used for characterizing that the Web service server is in a survival state and generating a first judgment result that the Web service server is in the survival state if the response result fed back by the Web service server can be received;
and the second judgment result generating unit is used for characterizing that the Web service server is in a non-survival state and generating a second judgment result that the Web service server is in the non-survival state if the response result fed back by the Web service server cannot be received.
In a third aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
and a processor for executing the computer program to implement the violation externally connected monitoring method as described above.
In a fourth aspect, the present application discloses a computer readable storage medium storing a computer program which, when executed by a processor, implements a method for monitoring for a violation of an external linkage as described above.
In the method, firstly, a detection message is sent to a preset Web service server to judge whether the Web service server survives or not, a corresponding judgment result is generated, then a target static code is inserted into the Web service server based on the judgment result so that the target static code is loaded to a terminal where the Web service server is located after the Web service server is started, finally, a preset public network receiving end platform is accessed based on the target static code, and whether access data are sent to the preset public network receiving end platform by using the target static code or not is determined based on the access result so that the preset public network receiving end platform can carry out alarm operation after receiving the access data. Therefore, according to the illegal external connection monitoring method, a detection message can be sent to the Web service server to judge the survival state of the Web service server, whether a static code is inserted into the Web service server is confirmed according to the judging result, if so, the static code can be loaded to a terminal after the service server is started, whether the public network receiving end platform can be accessed through the static code is judged, whether the illegal external connection behavior exists is confirmed according to the judging result, and corresponding alarm operation is carried out. In this way, on one hand, a detection message can be sent to the Web service server, and after the Web service server is confirmed to survive, a static code is sent to the service server, so that the condition that the Web service server fails but still sends the static code is avoided, the resource consumption is effectively reduced, and the illegal external connection monitoring efficiency is improved; on the other hand, the illegal external connection monitoring is realized by inserting the static codes into the server, so that the installation of a client program is avoided, and the operation flow is effectively simplified.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only embodiments of the application and that other drawings can be obtained according to the drawings provided without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of an out-of-band monitoring method for violations provided by the application;
FIG. 2 is a flow chart of a specific method for monitoring an illegal external connection provided by the application;
FIG. 3 is a timing diagram of an out-of-band monitoring of violations provided by the present application;
FIG. 4 is a schematic diagram of a structure of an illegal external connection monitoring device provided by the application;
fig. 5 is a block diagram of an electronic device according to the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In the prior art, in order to realize the illegal external connection, a client plug-in is generally required to be installed on a PC end, namely, the client plug-in is respectively installed on a PC terminal connected with an intranet and a server, and an illegal external connection online monitoring and management system is deployed. However, in an intranet with huge flow, the communication between the PC end and the central I/O needs powerful hardware as a basis, if the hardware cost is too high, enterprises are hard to bear, if the hardware configuration is too low, too much flow access leads to downtime of a server, and therefore illegal external connection behavior in the intranet is difficult to monitor.
In order to overcome the technical problems, the application provides a method, a device, equipment and a storage medium for monitoring illegal external connection, which can send a detection message to a server, and when the survival of the server is confirmed, the illegal external connection monitoring is realized by inserting a static code into the server, so that the installation of a client program is avoided, and the operation flow is effectively simplified.
Referring to fig. 1, the embodiment of the application discloses a method for monitoring illegal external connection, which is applied to an intranet monitoring server and comprises the following steps:
and S11, sending a detection message to a preset Web service server to judge whether the Web service server survives or not, and generating a corresponding judgment result.
In this embodiment, a detection message is sent to a preset Web service server to determine whether the Web service server survives, and a corresponding determination result is generated. That is, before performing the illegal external connection monitoring, a static code needs to be inserted into a preset Web service server so as to operate on the Web service server by using the static code to determine whether the Web service server can access a public network receiving end platform, and it needs to be described that if the Web service server has stopped operating or is damaged, the illegal external connection monitoring is continued to cause resource waste, so when performing the illegal external connection monitoring, a detection message needs to be sent to the Web service server first to determine whether the Web service server is in a surviving state, and a corresponding determination result that the Web service server is in a surviving state and a corresponding determination result that the Web service server is in a non-surviving state are generated so as to perform subsequent operations based on the determination result. In this way, the detection message is sent to the Web service server, and the survival state of the server is judged, so that the illegal external connection monitoring method is more accurate and reliable, and the waste of resources can be reduced.
It should be further noted that before sending a detection message to a preset Web service server to determine whether the Web service server survives and generating a corresponding determination result, the method further includes: locally configuring a global JS service to generate a target static code based on the global JS service; the global JS service is a JavaScript service; the target static code is static code generated based on JavaScript. That is, in this embodiment, the static code inserted into the Web service server is a static code generated based on JavaScript, that is, a script program based on JavaScript static code, so that a global JavaScript service needs to be configured locally in the intranet detection server to facilitate the generation of the script program.
The method includes the steps that before a detection message is sent to a preset Web service server to judge whether the Web service server survives and generate a corresponding judging result, the method further comprises the steps of: locally configuring preset Web site information to insert a target static code into the Web service server based on the preset Web site information; the preset Web site information is information of an HTML portal file catalog of a Web service server. That is, in this embodiment, the static code of the Web service server is inserted, and when the Web service server runs, the script program generated based on the static code needs to be inserted into the HTML portal of the Web service server, so that the information of the HTML portal file directory of the Web service server needs to be configured in advance, so that the static code is accurately inserted into the Web service server.
And step S12, inserting a target static code into the Web service server based on the judging result, so that the target static code is loaded to a terminal where the Web service server is located after the Web service server is started.
In this embodiment, a target static code is inserted into the Web service server based on the determination result, so that the Web service server loads the target static code to a terminal where the Web service server is located after being started. That is, whether to insert a static code into the Web service server is determined according to a judging result, if the judging result indicates that the Web service server is in a survival state, the static code can be generated based on the global JavaScript service to obtain a script program, and the script program is inserted into the Web service server, so that after the Web service server is started, the script program obtained based on the static code is loaded to an intranet terminal host where the Web service server is located; if the judging result indicates that the Web service server is in a non-survival state, illegal external connection monitoring is directly stopped, and resource waste is avoided.
And step S13, accessing a preset public network receiving end platform based on the target static code, and determining whether to send access data to the preset public network receiving end platform by using the target static code based on an access result so that the preset public network receiving end platform can carry out alarm operation after receiving the access data.
In this embodiment, the preset public network receiving end platform is accessed based on the target static code, and whether to send access data to the preset public network receiving end platform by using the target static code is determined based on an access result, so that the preset public network receiving end platform can perform alarm operation after receiving the access data. That is, after the script program obtained based on the static code is successfully loaded to the terminal host where the Web service server is located, the terminal host needs to access a preset public network receiving end platform through the script program, if the access is successful, one or more network connection channels exist between the terminal host located in the intranet and the public network receiving end platform, so that the condition that the intranet terminal host has illegal external connection behavior can be proved, and at the moment, alarm operation is needed; if the access fails, the fact that the intranet terminal host and the public network receiving end platform have no network connection channel is characterized, and the fact that the intranet terminal host has no illegal external connection behavior can be proved.
It can be seen that, in this embodiment, a detection message is first sent to a preset Web service server to determine whether the Web service server survives, and a corresponding determination result is generated, then a target static code is inserted into the Web service server based on the determination result, so that after the Web service server is started, the target static code is loaded to a terminal where the Web service server is located, finally, a preset public network receiving end platform is accessed based on the target static code, and based on an access result, whether access data is sent to the preset public network receiving end platform by using the target static code is determined, so that the preset public network receiving end platform receives the access data and then carries out an alarm operation. Therefore, according to the illegal external connection monitoring method, a detection message can be sent to the Web service server to judge the survival state of the Web service server, whether a static code is inserted into the Web service server is confirmed according to the judging result, if so, the static code can be loaded to a terminal after the service server is started, whether the public network receiving end platform can be accessed through the static code is judged, whether the illegal external connection behavior exists is confirmed according to the judging result, and corresponding alarm operation is carried out. In this way, on one hand, a detection message can be sent to the Web service server, and after the Web service server is confirmed to survive, a static code is sent to the service server, so that the condition that the Web service server fails but still sends the static code is avoided, the resource consumption is effectively reduced, and the illegal external connection monitoring efficiency is improved; on the other hand, the illegal external connection monitoring is realized by inserting the static codes into the server, so that the installation of a client program is avoided, and the operation flow is effectively simplified.
Referring to fig. 2, the embodiment of the application discloses a method for monitoring illegal external connection, which comprises the following steps:
and S21, sending an ICMP or TCPING detection message to a preset Web service server to judge whether a response result fed back by the Web service server can be received.
In this embodiment, as shown in fig. 3, before performing the illegal external connection monitoring, an internal network monitoring server needs to be installed and deployed in an internal network, a public network receiving end platform needs to be installed and deployed in an external network, then an ICMP or TCPING detection message is sent to a preset Web service server through the internal network monitoring server, and whether a response result fed back by the Web service server can be received is judged, that is, the internal network monitoring server can send 3 rounds of detection fingerprint packets, and whether the set Web service server IP address opens a common webpage port such as 80/8080/443 is judged. The intranet detection server needs to be hung beside the core switch and can communicate with the Web service server.
And step S22, if the response result fed back by the Web service server can be received, characterizing that the Web service server is in a survival state, and generating a first judgment result that the Web service server is in the survival state.
In this embodiment, if a response result fed back by the Web service server can be received, the Web service server is characterized to be in a surviving state, and a first judgment result that the Web service server is in the surviving state is generated. That is, if an http response packet (response code 200) correctly returned by the port such as the Web service server IP address 80/8080/443 can be received, the service server is characterized as being in a surviving state, a static code can be sent to the Web service server to start illegal external connection monitoring, and a judging result of survival of the Web service server is generated.
And step S23, if the response result fed back by the Web service server cannot be received, characterizing that the Web service server is in a non-survival state, and generating a second judgment result that the Web service server is in the non-survival state.
In this embodiment, if a response result fed back by the Web service server cannot be received, the Web service server is characterized to be in a non-survival state, and a second determination result that the Web service server is in the non-survival state is generated. That is, if an http response packet (response code 200) correctly returned by the port such as the Web service server IP address 80/8080/443 cannot be received, the service server is represented to be in a non-surviving state, if the static code is continuously sent to the Web service server, a correct monitoring result cannot be obtained, so that resource waste is caused, and a judging result that the Web service server is in the non-surviving state is generated at the moment.
And step S24, if the judgment result is the first judgment result, inserting the target static code into an HTML portal of the Web service server based on preset Web site information, so that after the Web service server is started, loading the target static code into a terminal where the Web service server is located based on the HTML portal.
In this embodiment, if the determination result is the first determination result, the target static code is inserted into an HTML portal of the Web service server based on the preset Web site information, so that after the Web service server is started, the target static code is loaded to a terminal where the Web service server is located based on the HTML portal. That is, if the service server is in a surviving state, inserting a script program obtained based on a static JavaScript code into the HTML portal of the Web server based on a preset HTML portal file directory of the Web server, so that after the Web service server is started, the terminal host where the Web service server is located browses the HTML portal, and loading the script program obtained based on the static JavaScript code to the intranet terminal host.
And S25, if the judgment result is the second judgment result, ending the illegal external connection monitoring.
And S26, judging whether the target static code is executed at the terminal, if so, accessing a preset public network receiving end platform based on the target static code, and generating an access result.
In this embodiment, whether the target static code is executed at the terminal is determined, and if so, the target static code is accessed to a preset public network receiving end platform and an access result is generated. That is, if the script program obtained through the static code is executed by the intranet terminal host, the static code is successfully loaded to the intranet terminal host, and the public network receiving end platform of the external network needs to be accessed through the static code.
And step S27, if the access result is successful access, characterizing that the terminal has illegal external connection operation, and sending access data to the preset public network receiving end platform by utilizing the target static code so as to carry out alarm operation after the preset public network receiving end platform receives the access data.
In this embodiment, if the access result is successful access, it is indicated that there is an illegal external connection operation in the terminal, and the target static code is used to send access data to the preset public network receiving end platform, so that the preset public network receiving end platform receives the access data and then performs an alarm operation. That is, if the public network receiving end platform can be accessed through the static code, the public network receiving end platform module receives the access data sent by the static code, then the illegal external connection behavior is represented, then alarm information is generated, the JS code is analyzed and executed in the browser of the intranet terminal host, the public network receiving end platform is accessed through the wired active wireless, and the background of the public network receiving end platform starts tcpdump to grasp the packet for analysis and extraction of the public network outlet IP address and the intranet IP address in the access message data. The alarm information is external network alarm information, and the external network alarm information comprises a public network outlet IP address and an internal network IP address of a terminal host and the number of times of external connection.
And step S28, if the access result is access failure, characterizing that the terminal has no illegal external connection operation, and ending illegal external connection monitoring.
Therefore, in this embodiment, a static JavaScript technology is adopted, by actively inserting a specific code into an HTML portal of a Web service server, and when an intranet terminal host accesses the Web service portal, the service server returns an http response message, so that the intranet terminal host receives a response packet containing the static JavaScript code, and operates the static JavaScript code while a browser displays a page, and if the intranet terminal host is simultaneously communicated with the internet at this time, a detection packet containing the static JavaScript code is sent to a public network receiving end platform through an accessible external network card, and mail alarm is generated. Therefore, the JS fixed code is only inserted into the HTML home page actively inserted into the Web server portal site, so that the JS code can be operated at the same time when the browser displays an interface, no client program is required to be installed, the monitoring step can be reduced, a large amount of resources are saved, and illegal external connection detection is realized.
Referring to fig. 4, an embodiment of the present application discloses a device for monitoring illegal external connection, including:
the server state judging module 11 is configured to send a detection message to a preset Web service server to judge whether the Web service server survives, and generate a corresponding judging result;
a code sending module 12, configured to insert a target static code into the Web service server based on the determination result, so that the Web service server loads the target static code to a terminal where the Web service server is located after being started;
and the alarm module 13 is used for accessing a preset public network receiving end platform based on the target static code, and determining whether to send access data to the preset public network receiving end platform by using the target static code based on an access result so that the preset public network receiving end platform can carry out alarm operation after receiving the access data.
In the method, firstly, a detection message is sent to a preset Web service server to judge whether the Web service server survives or not, a corresponding judgment result is generated, then a target static code is inserted into the Web service server based on the judgment result so that the target static code is loaded to a terminal where the Web service server is located after the Web service server is started, finally, a preset public network receiving end platform is accessed based on the target static code, and whether access data are sent to the preset public network receiving end platform by using the target static code or not is determined based on the access result so that the preset public network receiving end platform can carry out alarm operation after receiving the access data. Therefore, according to the illegal external connection monitoring method, a detection message can be sent to the Web service server to judge the survival state of the Web service server, whether a static code is inserted into the Web service server is confirmed according to the judging result, if so, the static code can be loaded to a terminal after the service server is started, whether the public network receiving end platform can be accessed through the static code is judged, whether the illegal external connection behavior exists is confirmed according to the judging result, and corresponding alarm operation is carried out. In this way, on one hand, a detection message can be sent to the Web service server, and after the Web service server is confirmed to survive, a static code is sent to the service server, so that the condition that the Web service server fails but still sends the static code is avoided, the resource consumption is effectively reduced, and the illegal external connection monitoring efficiency is improved; on the other hand, the illegal external connection monitoring is realized by inserting the static codes into the server, so that the installation of a client program is avoided, and the operation flow is effectively simplified.
In some embodiments, the violation onboarding monitoring device may further include:
the code generating unit is used for configuring the global JS service locally to generate a target static code based on the global JS service; the global JS service is a JavaScript service; the target static code is static code generated based on JavaScript.
In some embodiments, the violation onboarding monitoring device may further include:
an information configuration unit for configuring preset Web site information locally to insert a target static code into the Web service server based on the preset Web site information; the preset Web site information is information of an HTML portal file catalog of a Web service server.
In some embodiments, the server status determining module 11 may specifically include:
the response judging unit is used for sending an ICMP or TCPING detection message to a preset Web service server so as to judge whether a response result fed back by the Web service server can be received or not;
the first judging unit is used for characterizing that the Web service server is in a survival state and generating a first judging result that the Web service server is in the survival state if the response result fed back by the Web service server can be received;
and the second judging unit is used for characterizing that the Web service server is in a non-survival state and generating a second judging result that the Web service server is in the non-survival state if the response result fed back by the Web service server cannot be received.
In some embodiments, the code sending module 12 may specifically include:
the code sending unit is used for inserting the target static code into an HTML portal of the Web service server based on the preset Web site information if the judgment result is the first judgment result, so that after the Web service server is started, the target static code is loaded to a terminal where the Web service server is located based on the HTML portal;
and the first monitoring ending unit is used for ending the illegal external connection monitoring if the judging result is the second judging result.
In some embodiments, the alarm module 13 may specifically include:
the access result generating unit is used for judging whether the target static code is executed at the terminal, if so, accessing a preset public network receiving end platform based on the target static code, and generating an access result;
the alarm execution unit is used for characterizing that the terminal has illegal external connection operation if the access result is successful access, and sending access data to the preset public network receiving end platform by utilizing the target static code so as to carry out alarm operation after the preset public network receiving end platform receives the access data;
and the second monitoring ending unit is used for characterizing that the terminal has no illegal external connection operation if the access result is access failure, and ending the illegal external connection monitoring.
Further, the embodiment of the present application further discloses an electronic device, and fig. 5 is a block diagram of an electronic device 20 according to an exemplary embodiment, where the content of the figure is not to be considered as any limitation on the scope of use of the present application.
Fig. 5 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present application. The electronic device 20 specifically can include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. The memory 22 is used for storing a computer program, and the computer program is loaded and executed by the processor 21 to implement relevant steps in the method for monitoring the violation of the foreign link disclosed in any of the foregoing embodiments. In addition, the electronic apparatus 20 in the present embodiment can be specifically an electronic computer.
In this embodiment, the power supply 23 is configured to provide an operating voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein; the input/output interface 25 is used for acquiring external input data or outputting external output data, and the specific interface type thereof can be selected according to the specific application requirement, which is not limited herein.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the resources stored thereon may include an operating system 221, a computer program 222, and the like, and the storage may be temporary storage or permanent storage.
The operating system 221 is used for managing and controlling various hardware devices on the electronic device 20 and computer programs 222, which can be Windows Server, netware, unix, linux, and the like. The computer program 222 can further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the violation inline monitoring method performed by the electronic device 20 disclosed in any of the previous embodiments.
Further, the application also discloses a computer readable storage medium for storing a computer program; wherein the computer program, when executed by a processor, implements the previously disclosed method of monitoring for an violation of an external connection. For specific steps of the method, reference can be made to the corresponding contents disclosed in the foregoing embodiments, and no further description is given here.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Those skilled in the art will be able to implement the described functionality using different methods for each particular application, but such implementation is not intended to be limiting.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules can be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing has outlined rather broadly the more detailed description of the application in order that the detailed description of the application that follows may be better understood, and in order that the present principles and embodiments may be better understood; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.

Claims (10)

1. The illegal external connection monitoring method is characterized by being applied to an internal network monitoring server and comprising the following steps of:
sending a detection message to a preset Web service server to judge whether the Web service server survives or not, and generating a corresponding judgment result;
inserting a target static code into the Web service server based on the judging result, so that the target static code is loaded to a terminal where the Web service server is located after the Web service server is started;
and accessing a preset public network receiving end platform based on the target static code, and determining whether to send access data to the preset public network receiving end platform by using the target static code based on an access result so that the preset public network receiving end platform can carry out alarm operation after receiving the access data.
2. The method for monitoring the violation foreign link according to claim 1, wherein before sending a detection message to a preset Web service server to determine whether the Web service server survives and generating a corresponding determination result, further comprising:
locally configuring a global JS service to generate a target static code based on the global JS service; the global JS service is a JavaScript service; the target static code is static code generated based on JavaScript.
3. The method for monitoring the violation foreign link according to claim 1, wherein before sending a detection message to a preset Web service server to determine whether the Web service server survives and generating a corresponding determination result, further comprising:
locally configuring preset Web site information to insert a target static code into the Web service server based on the preset Web site information; the preset Web site information is information of an HTML portal file catalog of a Web service server.
4. The method for monitoring the violation foreign link according to claim 3, wherein the sending a detection message to a preset Web service server to determine whether the Web service server survives, and generating a corresponding determination result, includes:
sending an ICMP or TCPING detection message to a preset Web service server to judge whether a response result fed back by the Web service server can be received or not;
if the response result fed back by the Web service server can be received, the Web service server is characterized to be in a survival state, and a first judgment result that the Web service server is in the survival state is generated;
and if the response result fed back by the Web service server cannot be received, characterizing that the Web service server is in a non-survival state, and generating a second judgment result that the Web service server is in the non-survival state.
5. The method for monitoring the violation foreign link according to claim 4, wherein inserting the target static code into the Web service server based on the determination result so that the Web service server loads the target static code to a terminal where the Web service server is located after being started, includes:
if the judgment result is the first judgment result, inserting the target static code into an HTML portal of the Web service server based on the preset Web site information, so that after the Web service server is started, loading the target static code into a terminal where the Web service server is located based on the HTML portal;
and if the judging result is the second judging result, ending the illegal external connection monitoring.
6. The method for monitoring the illegal external connection according to any one of claims 1 to 5, wherein accessing a preset public network receiving end platform based on the target static code, and determining whether to send access data to the preset public network receiving end platform by using the target static code based on an access result, so that the preset public network receiving end platform performs an alarm operation after receiving the access data, includes:
judging whether the target static code is executed at the terminal, if so, accessing a preset public network receiving end platform based on the target static code, and generating an access result;
if the access result is successful access, indicating that the terminal has illegal external connection operation, and sending access data to the preset public network receiving end platform by utilizing the target static code so as to carry out alarm operation after the preset public network receiving end platform receives the access data;
and if the access result is access failure, characterizing that the terminal has no illegal external connection operation, and ending illegal external connection monitoring.
7. An illegal external connection monitoring device, which is characterized in that the device is applied to an intranet monitoring server and comprises:
the server state judging module is used for sending a detection message to a preset Web service server to judge whether the Web service server survives or not and generating a corresponding judging result;
the code sending module is used for inserting a target static code into the Web service server based on the judging result so that the target static code is loaded to a terminal where the Web service server is located after the Web service server is started;
and the alarm module is used for accessing a preset public network receiving end platform based on the target static code, determining whether to send access data to the preset public network receiving end platform by using the target static code based on an access result, and performing alarm operation after the preset public network receiving end platform receives the access data.
8. The violation foreign link monitoring device of claim 7, wherein the server state determination module includes:
the response judging unit is used for sending an ICMP or TCPING detection message to a preset Web service server so as to judge whether a response result fed back by the Web service server can be received or not;
the first judging unit is used for characterizing that the Web service server is in a survival state and generating a first judging result that the Web service server is in the survival state if the response result fed back by the Web service server can be received;
and the second judging unit is used for characterizing that the Web service server is in a non-survival state and generating a second judging result that the Web service server is in the non-survival state if the response result fed back by the Web service server cannot be received.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the violation inline monitoring method of any of claims 1 to 6.
10. A computer readable storage medium for storing a computer program which when executed by a processor implements the method of monitoring for an violation onboarding as claimed in any of claims 1 to 6.
CN202310572237.6A 2023-05-18 2023-05-18 Illegal external connection monitoring method, device, equipment and storage medium Pending CN116582469A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310572237.6A CN116582469A (en) 2023-05-18 2023-05-18 Illegal external connection monitoring method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310572237.6A CN116582469A (en) 2023-05-18 2023-05-18 Illegal external connection monitoring method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116582469A true CN116582469A (en) 2023-08-11

Family

ID=87537385

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310572237.6A Pending CN116582469A (en) 2023-05-18 2023-05-18 Illegal external connection monitoring method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116582469A (en)

Similar Documents

Publication Publication Date Title
CN104767775B (en) Web application information push method and system
CN103607385B (en) Method and apparatus for security detection based on browser
US8910129B1 (en) Scalable control system for test execution and monitoring utilizing multiple processors
CN104967542B (en) A kind of test method, the device and system of the mobile terminal page
US9241007B1 (en) System, method, and computer program for providing a vulnerability assessment of a network of industrial automation devices
CN104580085A (en) Business data updating method, system, client side and server
CN103685300A (en) Embedded web server
EP1997041A1 (en) Content management
CN104834588B (en) The method and apparatus for detecting resident formula cross site scripting loophole
CN109558148B (en) Router plug-in installation method, device, equipment and storage medium
CN104536890A (en) Testing system, method and device
CN106789535A (en) The IP cut-in methods and device of SSL VPN
CN103902534B (en) A kind of method and apparatus of web page program triggering local operation
CN104967644A (en) Message push method, apparatus and system
CN101163005A (en) Client terminal management method of embedded type WEB network management
CN104573520A (en) Method and device for detecting permanent type cross site scripting vulnerability
CN114465741B (en) Abnormality detection method, abnormality detection device, computer equipment and storage medium
CN111262746A (en) Equipment opening deployment system and method
CN111225038B (en) Server access method and device
CN103560884A (en) Method and system for user identity information logout, authentication server and client terminal
CN116582469A (en) Illegal external connection monitoring method, device, equipment and storage medium
CN108551461A (en) It is a kind of to detect the method that WAF is disposed, the method for calculating WAF support IPV6 degree
CN106533716B (en) A kind of management method and system of northbound interface
CN114915565A (en) Method and system for debugging network
CN111641664B (en) Crawler equipment service request method, device and system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination