CN101355415B - Method and system for implementing safety access public network of network terminal as well as special network access controller thereof - Google Patents
Method and system for implementing safety access public network of network terminal as well as special network access controller thereof Download PDFInfo
- Publication number
- CN101355415B CN101355415B CN2007100939857A CN200710093985A CN101355415B CN 101355415 B CN101355415 B CN 101355415B CN 2007100939857 A CN2007100939857 A CN 2007100939857A CN 200710093985 A CN200710093985 A CN 200710093985A CN 101355415 B CN101355415 B CN 101355415B
- Authority
- CN
- China
- Prior art keywords
- network
- network terminal
- packet
- control server
- configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method for realizing that a network terminal can safely access a public network. The method comprises the following steps: a network access controller is connected in series between the network terminal and the public network; when a firewall strategy database is required to be configured, a user on a network terminal submits configuration request information; the network access control server generates a group of corresponding configuration command data packet which is transmitted to the network terminal according to the configuration request information; the group of configuration command data packet is captured by the network access control server which is connected in series on the link so as to analyze and execute the corresponding configuration command and complete the update to the configuration of firewall policy; and the user on the network terminal access the public network under the security protection of the firewall policy configured by the network access control server. The invention also discloses a system for realizing that the network terminal can safely access the public network and the network access control server. The method, the system and the network access control server not only can ensure that the network terminal can safely access the public network, but also can be convenient for a user to use.
Description
Technical field
The present invention relates to computer network security technology, particularly a kind of network terminal safety that realizes inserts the method and system of public network.
Background technology
Fire compartment wall is meant the combination that is arranged on a series of parts between heterogeneous networks (as intranet trusty and incredible public network) or the network security territory.It is unique gateway of information between heterogeneous networks or the network security territory; data flow by monitoring, restriction, change leap fire compartment wall; as much as possible to information, structure and the operation conditions of outside gauze screen network inside; accept external reference selectively; the visit to server and external network is supervised, controlled to inner strengthening device; between protected network and external network, erect barrier together, invade to prevent uncertain, potential destructiveness.Simply, fire compartment wall is a kind of function, and it makes internal network and external network or Internet isolate mutually, protects internal network or main frame with this.On function, it mainly finishes packet filtering, and the transparent forwarding of bag stops external attack, functions such as record external attack.
In order to guarantee the safety of a certain network terminal when the access public ip network carries out access to netwoks, generally use firewall technology, at present, the implementation method of firewall technology roughly can be divided into two classes: firewall hardware equipment and firewall software system.
Firewall hardware equipment: the hardware firewall of saying here is based on the hardware platform of special use, or based on the computer of PC framework, some special-purpose operating system and firewall softwares of operation on these computers, use this class fire compartment wall, need the user to the operating system platform of being worked with hardware platform is all familiar could be configured and manage it, independently hardware device cost height, and this equipment is present in the network topology structure, has by the possibility of malicious intrusions.
The firewall software system: software firewall runs on the specific computer, and it needs client's support of mounted computer operating system in advance.Software firewall just can use just as other software product needs to install and carry out configuration on computers earlier.Firewall software takies the processor resource of the network terminal itself, uses this firewall software system to need the user familiar to the operating system platform of being worked, and these software systems have by the possibility of malicious intrusions.
At present firewall technology with in using, there is the part firewall product to possess the Remote configuration function, the user can carry out remote access and configuration to it based on the IP address of this fire compartment wall in network, but the firewall box that has been assigned with corresponding IP address in network topology structure exists by the possibility of malicious intrusions, and the other hardware of configuration and the needs of complexity operating system are all arranged, in the work of use and regular maintenance, need professional and technical personnel's configuration and management.And for general small-sized enterprise computer network and individual or home computer network, all do not possess the technical foundation that administers and maintains of firewall product is provided on the current market, can't bear yet and engage the professional and technical personnel to carry out firewall product to administer and maintain the cost that is brought.
Summary of the invention
The technical problem to be solved in the present invention is to guarantee that network terminal safety inserts public network, can be user-friendly to again.
For solving the problems of the technologies described above, the invention provides a kind of network terminal safety that realizes and insert the method for public network, it is characterized in that, may further comprise the steps:
Step 1, the network terminal (NT:Net Terminal) user installation one network insertion controller (NTAC:NT Access Controller), the network insertion controller is serially connected on the link between the network terminal and the public network, inserts a network insertion Control Server (Server) on the public network;
Step 2, when network terminal user need be configured the firewall policy storehouse of network insertion controller, enter step 3; Otherwise enter step 10;
Step 3, network terminal user logging in network accessing control server are set up link between the network terminal, network insertion controller and network insertion Control Server;
Step 4, network insertion Control Server are verified network terminal user and network insertion controller;
Step 5, network terminal user submit configuring request information to the network insertion Control Server;
Step 6, network insertion Control Server generate a corresponding configuration set command packet according to configuring request information;
Step 7, network insertion Control Server send this configuration set command packet to the network terminal, and intercept and capture this configuration set command packet by the network insertion controller that is serially connected on the described data link of step 1;
Step 8, network insertion controller parse corresponding configuration order from the configuration order packet of intercepting and capturing, and carry out this configuration order, finish the renewal to the firewall policy configuration;
Step 9, the network terminal receive this configuration set command packet, confirm its integrality, and will confirm that the result turns back to the network insertion Control Server;
Step 10, network terminal user visit public network under the safeguard protection of the firewall policy of network insertion controller configuration.
For solving the problems of the technologies described above, the present invention also provides a kind of network terminal safety that realizes to insert the system of public network, comprise NT, NTAC, Server, Server is linked into public network, the configuring request information that Server submits to according to NT user is configured the firewall policy storehouse of NTAC, it is characterized in that, NTAC is serially connected in NT with on the data link between the public network, need not to be its distributing IP address, it in the overall network topology structure transparent equipment, the inner preservation is used for firewall policy that the packet of flowing through is detected and controls, initialization is set to " stopping firewall policy ", when stopping firewall policy the packet that flows to NT is carried out transparent forwarding, when starting firewall policy, the packet that only meets the firewall policy access rule is not met the packet conductively-closed of firewall policy access rule by transparent forwarding.
The present invention also provides a kind of network terminal safety that realizes to insert the network insertion controller of public network, comprise network processing unit, the firewall policy storehouse, the firewall policy dispensing unit, the packet inspection unit, network interface, one network interface connects with public network, one network interface connects with the network terminal, by intercepting and capturing the packet flow through and detect and control in the packet inspection unit, by the access rule of network processing unit packet is filtered and transparent forwarding, under network processing unit and the control of firewall policy dispensing unit, deposit the firewall policy information that receives in the firewall policy storehouse according to the firewall policy configuration; It can not be assigned with the IP address, and access network need not to be its distributing IP address.
Among the present invention, NTAC has a unique device id; NTAC is serially connected in NT with on the link between the public network, and all packets of the NTAC that flows through are detected and control, and it can not be assigned with the IP address, need not to be its distributing IP address, and in the overall network topology structure transparent equipment; NTAC is inner to be preserved and is used for firewall policy that packet is detected and controls, characteristics of firewall policy be default mask all flow to the packet of NT, have only when detect meet the packet that access rule allows just can be by transparent forwarding; This firewall policy can be stopped or start, when stopping firewall policy the packet that flows to NT is carried out transparent forwarding, when starting firewall policy, the packet that only meets the firewall policy access rule is by transparent forwarding, do not meet the packet conductively-closed of firewall policy access rule, the NTAC initialization is set to " stopping the NTAC fire compartment wall "; This firewall policy can be by Remote configuration and management, and NTAC intercepts and captures the configuration order from far-end network terminal accessing control server (Server), and this configuration order comprises: start and stop the NTAC firewall policy; Access rule in interpolation, modification and the deletion firewall policy storehouse.In the present invention, NTAC need not any software support at user side, the user only need be serially connected in this equipment on its network line and get final product, centralized management and maintenance by Server realization firewall policy need not network terminal user and possess relevant professional knowledge and technical ability, can be user-friendly to; NTAC is transparent to user and other network equipments, is not its distributing IP address, and is invisible in whole network topology structure, so other hostile networks user can't attack and destroy it, can guarantee network terminal safety.
Description of drawings
Below in conjunction with the drawings and the specific embodiments the present invention is described in further detail.
Fig. 1 is network topology structure figure of the present invention;
Fig. 2 is a NTAC structural representation of the present invention;
Fig. 3 is NT user of the present invention by Server to the prevent fires flow chart of policy configurations of NTAC;
Embodiment
In an embodiment of the present invention, a network terminal access controller (NTAC) is serially connected between the network terminal (NT) and the Internet, and is serially connected on the link of Internet and NT, the packet of the NTAC that flows through is detected and controls.NTAC is transparent equipment to NT and Internet in network topology structure, need not to be its distributing IP address.
Related NTAC has following feature:
NTAC can not be assigned with the IP address, is not its distributing IP address, is transparent establishing in the overall network topology structure;
NTAC has a unique EIC equipment identification code ID;
NTAC inside can be preserved and is used for firewall policy that the IP packet is detected and controls;
The NTAC initialization is set to " stopping the NTAC fire compartment wall ".
Characteristics of firewall policy be default mask all flow to the packet of NT, have only when detect meet the packet that access rule allows just can be by transparent forwarding.
NTAC intercepts and captures the configuration order from far-end network terminal accessing control server (Server), and this configuration order comprises:
1, starts and cease and desist order: start the NTAC firewall policy, NTAC enters operating state, the packet that flows to NT is detected and controls, according to the described access rule of firewall policy packet is filtered, the packet that meets access rule obtains transparent forwarding, does not meet the packet conductively-closed of access rule and abandons; Stop the NTAC firewall policy, the packet that flows to NT is only carried out transparent forwarding.
2, update command: add, revise and the deletion firewall policy, configuration and renewal firewall policy storehouse.
Related Server has following feature:
This Sever comprises a database management module, and this functions of modules comprises: administer and maintain a customer data base, for the user provides registration, login and authentication; Administer and maintain a NTAC device id database; Administer and maintain a credit access to netwoks tabulation, other network services on the network are examined in advance, and authorize corresponding credit grade, offering the user selects, here the credit grade of indication, can be the relevant industries standard, also can be the self-defining relevant criterion of Server place system.
The execution mode flow process that the user is configured NTAC by Server is as shown in Figure 3:
1, login Server-login by the HTTP page;
2, set up NT and connect (such as HTTPS) to the safety between the Server;
3, checking user-connect the submission username and password safely by this;
4, checking NTAC equipment-by this connects safely and submits the NTAC device id to;
The ID of NTAC produces ID number of factory definition, offers the user by the form of product description, when the user is configured NTAC at login Server, this ID need be provided, and binds together with username and password, is checked and is verified by Server.
" step 1 is to step 4 " can be generically and collectively referred to as the checking flow process of validated user and equipment.In this series of steps, the authorization information that the user need submit to comprises three key elements: the ID of the NTAC of user name, password and required configuration number.By carrying out this series of steps, between NT and Server, set up link.This link also is used for transmitting the configuration order packet that Server sends to NT, and NTAC is serially connected on this link, intercepts and captures this class configuration command packet automatically.
5, the user submits " configuring request information " to, and promptly the user submits individual demand to: the behavior description of submitting " firewall functionality that requires NTAC to finish " to;
Server provides other Internet Service Providers' relevant information and credit grade for the user provides the alternative network service list of a credit grade, inquires about and uses for the user.The user carries out reference when submitting individual demand to.
6, Server is converted to the collocation strategy of NTAC with user's individual demand, forms a corresponding configuration set command packet.
The function that Server provides the NTAC to connecting system to manage and safeguard, by webpage, the mode of short message or manual telephone system obtains each fire compartment wall customized information from the user, user's individual demand is converted to the collocation strategy of NTAC, forms corresponding configuration order packet.The safety management environment that the user who uses NTAC also can provide by Server, easily dispose and manage, this transfer process can be that Server finishes automatically, as for the request of submitting to by HTTP visit, also can generate, as the request of submitting to by hotline, short message or other immediate communication tools by the Customer Service Representative.
7, Server sends this configuration set command packet to NT
In the security consideration of NTAC; because this equipment is transparent in network; so can not attacked by the visitor of malice; simultaneously when needs dispose; initiate application by the NT that NTAC protected earlier; set up NT and connect to the safety between the Server, NTAC is serially connected on the link between Serve and the NT simultaneously, so can intercept and capture the configuration order packet from Server.
This configuration order packet has the self-defining data format of system, can be discerned automatically by NTAC.Add the self-defining specific data feature of system such as some field at this packet, or the combination of such specific data feature.
The combination of this specific data feature must comprise the relevant data content of device id that is configured object NTAC, it is the device id of corresponding NTAC in the detected configuration order packet of NTAC, under the condition consistent, just be considered to a possible effective configuration data bag with the device id of self.This is for security consideration, has prevented the behavior of " forging configuring request information " effectively.
An entire arrangement order is transmitted by a plurality of configuration order packets, and NTAC only receives that an entire arrangement order just can carry out, carry out an entire arrangement order like this, need NT to send solicited message to Server step by step many times, Server sends corresponding configuration order packet according to the solicited message of NT, has prevented the behavior of " forging the configuration order packet " so effectively.
8, NTAC detects the packet that flows to NT on the link in real time, at first detects this packet and whether meets the defined access rule of firewall policy, and incongruently shielded and abandoned, the transparent forwarding that meets, access rule includes but not limited to: IP address check; Protocol type is checked; Serve port is checked; The IP source address access time is provided with; To IP source address integrated flow setting in the certain hour section, detect this packet that meets access rule then and whether comprise the self-defining specific data feature of system, the identification of data packets that will comprise specific data feature is the configuration order packet, extracts relevant configuration information and carry out buffer memory from packet.NTAC parses configuration order according to a plurality of configuration order packets that constitute a complete configuration order, and carries out this configuration order, finishes the renewal to the firewall policy configuration;
When 9, the configuration order packet is resolved by NTAC, also can receive a configuration order packet so work as NT by transparent forwarding to NT, this configuration order packet of system default is successfully resolved by NTAC.When NT receives a plurality of configuration order packets that constitute an entire arrangement order, expression NTAC successful execution this configuration order, send configuration order by the affirmation information of successful execution by NT to Server then.
10, Server confirms the affirmation information that NT sends, and flow process finishes;
As shown in Figure 1, realize that network terminal safety inserts the system of public network, comprise NT, NT can be the single network terminal, and also the localized network that can be made up of a plurality of network terminals also comprises NTAC, Server; NTAC is serially connected in NT with on the data link between the public network, the inner preservation is used for firewall policy that packet is detected and controls, when stopping firewall policy the packet that flows to NT is carried out transparent forwarding, when starting firewall policy, the packet that only meets the firewall policy access rule is not met the packet conductively-closed of firewall policy access rule by transparent forwarding; Server is linked into public network, and the configuring request information that Server submits to according to NT user is configured the firewall policy storehouse of NTAC.
As shown in Figure 2, NTAC comprises network processing unit, firewall policy storehouse, firewall policy dispensing unit, packet inspection unit, network interface, one network interface connects with public network, one network interface connects with the network terminal, check through the packet of NTAC by the packet inspection cellular convection, by the access rule of network processing unit packet is filtered and transparent forwarding, under network processing unit and the control of firewall policy dispensing unit, deposit the firewall policy information that receives in the firewall policy storehouse according to the firewall policy configuration; It can not be assigned with the IP address, and access network need not to be its distributing IP address.
Provide a specific embodiment below.
At a certain network user, in order to carry out the needs of stock exchange, prepared a NT (PC) who is specifically designed to stock exchange, and this NT only is used to carry out the network access service of stock exchange, this customer requirements NT safety access network can not be subjected to other network users' attack.This user does not possess any background of related of network security, requires simultaneously need not to guarantee NT safety under the situation of any NT end software support.
Can satisfy above-mentioned user's application demand by system provided by the present invention:
Design a NTAC, be installed in series on the data link of customer access network, the most close subscriber network terminal is surveyed.This NTAC has the IP packet and detects controlled function.One of this plant maintenance " IP source address tabulation " has only when detected packet described " IP source address ", and when belonging to " IP source address tabulation ", this packet is able to transparent forwarding, otherwise this packet and shield and abandon.
Set up a Server, this Server is linked into internet, provide this user to register, offer user name of this user and login password, this Server safeguards the ID tabulation of a NTAC and is awarded " IP address list " at the access to netwoks provider place of credit grade simultaneously.
1. the user is serially connected in the most close NT side on the network data link by NT (PC) visit Internet network with NTAC.This NTAC is a transparent equipment with respect to NT and Internet.
At this moment, the tabulation of the firewall policy storehouse of NTAC is for empty, and firewall policy also is not activated, and NTAC is the IP packet on all data link of transparent forwarding.The user can visit the all-network equipment among the Internet, simultaneously also can be by the every other device access on the network.
2. the user logins Server (refer in particular in the native system set up Server), submits device id number (such as being " 88888888 "), registered user name and the password simultaneously of employed NTAC to.Server is configured to its own IP address in " the IP source address tabulation " of NTAC, and enables the firewall policy of NTAC.
At this moment, the tabulation of the firewall policy storehouse of NTAC is the IP address that has comprised Server in " IP source address tabulation ".NTAC is all IP packets from Server of transparent forwarding, and shielding and abandon the IP packet that send every other IP address.This time, NT can safety visit Internet, but can only visit Server.
3. the user continues to login Server, by being tabulated by credit network clothes services sites of inquiry Server maintenance and management, selects a website (is 11.11.11.11 such as its IP address) that can satisfy the stock exchange associated network services.Submit a configuration application to, application is added IP source address " 11.11.11.11 " in ID number firewall policy repository for the NTAC of " 88888888 " to.
4. under the security strategy of NTAC, the user begins to visit Internet.
At this moment, it is the website of " 11.11.11.11 " that NTAC allows user capture IP address, obtains the stock exchange associated network services that it provides.Shield the IP packet that send every other IP address simultaneously.Reached under the prerequisite that satisfies user's particular network access services demand, safety inserts the purpose of Internet.
The present invention is by be connected in series a NTAC between the NT network terminal and the public network, and this NTAC is by detecting and control the packet of flowing through, thereby guarantees that NT carries out the safeguard protection of network connection.NT user inserts Server by logging in network, can finish the user profile registration, customization personal fire wall strategy, and download and be updated to NTAC inside.The employed NTAC of each user has one independently and unique device numbering in Server, the user profile registration mainly is that the personal fire wall strategy with this device numbering and customization carries out related.Customization personal fire wall strategy can carry out differentiated control and setting according to user's self technology application level.When Server receives that user request is configured firewall policy and when upgrading, the firewall policy of user individual customization is downloaded to corresponding NTAC, this corresponding relation is to finish by the data packet format of define system uniqueness and agreement, such as some field of application data bag, the special command form that definition NTAC can discern.
The function that Server among the present invention provides the NTAC to connecting system to manage and safeguard, mode by webpage, short message or manual telephone system, obtain each fire compartment wall customized information, describe downloading among the corresponding NTAC then by the professional of Server end or by the specialty that Server generates the discernible correspondence of NTAC automatically from the user.Safety management (Security Manager) environment that the user who uses NTAC also can provide by Server is easily disposed and is managed.The function that administers and maintains of Server is based on the html web page page operation, is highly suitable for unprofessional user, and particularly individual family or small business be the most economical solution of integrated security efficiently.
In technical scheme of the present invention, NTAC is at user side, need not any background of related, also need not any software support, the user only need be serially connected in this equipment on its network line and get final product, centralized management and maintenance by network terminal accessing control server realization firewall policy need not network terminal user and possess relevant professional knowledge and technical ability, can be user-friendly to; NTAC is transparent to user and other network equipments, need not to be its distributing IP address, and is invisible in whole network topology structure, so other hostile networks user can't attack and destroy it, can guarantee network terminal safety; NTAC mainly finishes the detection and the control of the packet of flowing through, based on the hardware system of lower-performance, also or system-on-a-chip just can realize having relatively low cost.
Claims (9)
1. realize that network terminal safety inserts the method for public network for one kind, it is characterized in that, may further comprise the steps:
Step 1, network terminal user installation one network insertion controller are serially connected in the network insertion controller on the link between the network terminal and the public network, insert a network insertion Control Server on the public network;
Step 2, when network terminal user need be configured the firewall policy storehouse of network insertion controller, enter step 3; Otherwise enter step 10;
Step 3, network terminal user logging in network accessing control server are set up link between the network terminal, network insertion controller and network insertion Control Server;
Step 4, network insertion Control Server are verified network terminal user and network insertion controller;
Step 5, network terminal user submit configuring request information to the network insertion Control Server;
Step 6, network insertion Control Server generate a corresponding configuration set command packet according to configuring request information;
Step 7, network insertion Control Server send this configuration set command packet to the network terminal, and intercept and capture this configuration set command packet by the network insertion controller that is serially connected on the described link of step 1;
Step 8, network insertion controller parse corresponding configuration order from the configuration order packet of intercepting and capturing, and carry out this configuration order, finish the renewal to the firewall policy configuration;
Step 9, the network terminal receive this configuration set command packet, confirm its integrality, and will confirm that the result turns back to the network insertion Control Server;
Step 10, network terminal user visit public network under the safeguard protection of the firewall policy of network insertion controller configuration.
2. realization network terminal safety according to claim 1 inserts the method for public network, it is characterized in that, comprise specific data feature in this configuration order packet, the network insertion controller detects the packet that flows to the network terminal and whether meets the defined access rule of current firewall policy, incongruently shielded and abandoned, the transparent forwarding that meets, and detect this packet that meets access rule and whether comprise specific data feature, the identification of data packets that comprises specific data feature is the configuration order packet, from packet, extract relevant configuration information and carry out buffer memory, the network insertion controller parses configuration order according to a configuration set command packet that constitutes a complete configuration order, and carry out this configuration order, finish renewal to the firewall policy configuration; The packet of transparent forwarding is received by the network terminal, receive a configuration set command packet that constitutes an entire arrangement order when the network terminal, expression network insertion controller has successfully extracted relevant configuration information, sends the affirmation information that configuration order is successfully extracted by the network terminal to the network insertion Control Server.
3. realization network terminal safety according to claim 1 and 2 inserts the method for public network, it is characterized in that, network terminal user submits configuring request information to by the HTTP page, set up the safety connection of the network terminal by HTTPS to the network insertion Control Server, connect the submission user name safely by this, password and network insertion controller equiment identification code, when the checking of network terminal user username and password is passed through, and after network insertion controller equiment identification code verification was passed through, the network insertion Control Server generated a corresponding configuration set command packet automatically according to configuring request information.
4. realization network terminal safety according to claim 1 and 2 inserts the method for public network, it is characterized in that, an entire arrangement order is transmitted by a plurality of configuration order packets, sending an entire arrangement order needs the network terminal repeatedly to send solicited message to the network insertion Control Server step by step, and the network insertion Control Server sends corresponding configuration order packet according to the solicited message of the network terminal.
5. realization network terminal safety according to claim 2 inserts the method for public network, it is characterized in that, the specific data feature that comprises in the configuration order packet comprises the data content that network insertion controller equiment identification code is relevant.
6. realization network terminal safety according to claim 1 and 2 inserts the method for public network, it is characterized in that, this network insertion Control Server administers and maintains a network terminal customer data base, for network terminal user provides registration, login and authentication; Administer and maintain a network insertion controller equiment identification code data storehouse; Administer and maintain a credit access to netwoks tabulation, the network service on the network is examined, and authorized corresponding credit grade, offer network terminal user and select.
7. realization network terminal safety according to claim 2 inserts the method for public network, it is characterized in that access rule comprises: IP address check, protocol type inspection, serve port inspection, to the IP source address access time be provided with, to IP source address integrated flow setting in the certain hour section.
8. realize that network terminal safety inserts the system of public network for one kind, comprise the network terminal, the network insertion controller, the network insertion Control Server, the network insertion Control Server is linked into public network, the configuring request information that the network insertion Control Server is submitted to according to network terminal user is configured the firewall policy storehouse of network insertion controller, it is characterized in that, the network insertion controller is serially connected in the network terminal with on the data link between the public network, need not to be its distributing IP address, it in the overall network topology structure transparent equipment, the inner preservation is used for firewall policy that the packet of flowing through is detected and controls, initialization is set to " stopping firewall policy ", when stopping firewall policy the packet that flows to the network terminal is carried out transparent forwarding, when starting firewall policy, the packet that only meets the firewall policy access rule is not met the packet conductively-closed of firewall policy access rule by transparent forwarding.
9. realization network terminal safety according to claim 8 inserts the system of public network, it is characterized in that, the network insertion Control Server comprises a Data Control module, and Data Control module management and customer data base of maintenance are for the user provides registration, login and authentication; Administer and maintain a network insertion controller equiment identification code data storehouse; Administer and maintain a credit access to netwoks tabulation, the network service on the network is examined, and authorized corresponding credit grade, offer network terminal user and select.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100939857A CN101355415B (en) | 2007-07-26 | 2007-07-26 | Method and system for implementing safety access public network of network terminal as well as special network access controller thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100939857A CN101355415B (en) | 2007-07-26 | 2007-07-26 | Method and system for implementing safety access public network of network terminal as well as special network access controller thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101355415A CN101355415A (en) | 2009-01-28 |
| CN101355415B true CN101355415B (en) | 2010-12-01 |
Family
ID=40308028
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007100939857A Active CN101355415B (en) | 2007-07-26 | 2007-07-26 | Method and system for implementing safety access public network of network terminal as well as special network access controller thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101355415B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103095709B (en) * | 2013-01-17 | 2016-08-10 | 深信服网络科技(深圳)有限公司 | Safety protecting method and device |
| CN103873469B (en) * | 2014-03-14 | 2017-04-12 | 中央电视台 | Broadcast control system |
| CN105634899A (en) * | 2014-10-29 | 2016-06-01 | 中兴通讯股份有限公司 | Method and system for providing virtual network service |
| CN104836797B (en) * | 2015-04-14 | 2019-03-08 | 广东小天才科技有限公司 | Processing method of network data packets and system |
| CN105007282B (en) * | 2015-08-10 | 2018-08-10 | 济南大学 | The Malware network behavior detection method and system of network-oriented service provider |
| CN105681327B (en) * | 2016-02-26 | 2019-05-31 | 上海携程商务有限公司 | The automatic querying method and system of firewall policy |
| CN107770118A (en) * | 2016-08-15 | 2018-03-06 | 台山市金讯互联网络科技有限公司 | A kind of network access control method controlled by strategic server |
| CN107070883B (en) * | 2017-02-28 | 2019-12-31 | 青岛海信移动通信技术股份有限公司 | Method and device for carrying out security detection on wireless network |
| CN108574667B (en) * | 2017-03-09 | 2021-01-15 | 华为技术有限公司 | Service flow control method and device |
| CN109587230B (en) * | 2018-11-23 | 2022-04-26 | 江苏艾默软件技术有限公司 | Remote control terminal and control method for Internet of things |
| CN110113337A (en) * | 2019-05-07 | 2019-08-09 | 山东渔翁信息技术股份有限公司 | A kind of data transmission method, correlation technique and the relevant apparatus of zero-address equipment |
| CN111818577B (en) * | 2020-07-30 | 2023-05-12 | 中国联合网络通信集团有限公司 | User access method and access network equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1286430A (en) * | 1999-08-26 | 2001-03-07 | 网观科技(加拿大)有限公司 | Fireproof wall for interconnecting network |
| CN1437115A (en) * | 2002-02-08 | 2003-08-20 | 联想(北京)有限公司 | Method of realizing firewall exchange type transparent deputy |
| CN1462536A (en) * | 2001-03-16 | 2003-12-17 | 松下电器产业株式会社 | Method and apparatus for setting up firewall |
| CN1561058A (en) * | 2004-03-04 | 2005-01-05 | 上海交通大学 | Method for implementing virtual fire wall teaching experiment to multi-user |
| CN1984032A (en) * | 2006-05-09 | 2007-06-20 | 华为技术有限公司 | Method and system for controlling user access in network access equipment |
-
2007
- 2007-07-26 CN CN2007100939857A patent/CN101355415B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1286430A (en) * | 1999-08-26 | 2001-03-07 | 网观科技(加拿大)有限公司 | Fireproof wall for interconnecting network |
| CN1462536A (en) * | 2001-03-16 | 2003-12-17 | 松下电器产业株式会社 | Method and apparatus for setting up firewall |
| CN1437115A (en) * | 2002-02-08 | 2003-08-20 | 联想(北京)有限公司 | Method of realizing firewall exchange type transparent deputy |
| CN1561058A (en) * | 2004-03-04 | 2005-01-05 | 上海交通大学 | Method for implementing virtual fire wall teaching experiment to multi-user |
| CN1984032A (en) * | 2006-05-09 | 2007-06-20 | 华为技术有限公司 | Method and system for controlling user access in network access equipment |
Non-Patent Citations (1)
| Title |
|---|
| CN 1561058 A,全文. |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101355415A (en) | 2009-01-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101355415B (en) | Method and system for implementing safety access public network of network terminal as well as special network access controller thereof | |
| CN100492991C (en) | Network element management method, system and network element | |
| CN101802837B (en) | System and method for providing network and computer firewall protection with dynamic address isolation to a device | |
| CA2570783C (en) | Systems, methods and computer-readable media for regulating remote access to a data network | |
| CN102904749B (en) | Adopt the method for safety means protecting network device, safety means and data network | |
| CN101022341B (en) | System and method for managing network device in network | |
| CN100464518C (en) | Green internet-accessing system based on concentrated management and dictributed control, and method therefor | |
| CN101527721B (en) | Anti-virus method on the basis of household gateway and device thereof | |
| CN101184088B (en) | Multi-point interlinked LAN firewall cooperating method | |
| CN104767748B (en) | Opc server security protection system | |
| CN107113297A (en) | system and method for protecting network endpoint | |
| CN105745869B (en) | For regional network/home network security gateway | |
| US7606170B2 (en) | Method and apparatus for configuring a router, and a computer program product | |
| CN1972297A (en) | Computer system and method for policy-based content filtering | |
| CN102045337A (en) | Apparatus and methods for managing network resources | |
| CN109074456A (en) | The computer attack blocking method of two-stage filtering and the device for using this method | |
| CN107317816A (en) | A kind of method for network access control differentiated based on client application | |
| CN102045309A (en) | Method and device for preventing computer from being attacked by virus | |
| CN101616038B (en) | SOA security guarantee system and method | |
| KR101233934B1 (en) | Integrated Intelligent Security Management System and Method | |
| US20220103526A1 (en) | Policy integration for cloud-based explicit proxy | |
| JP3660497B2 (en) | Maintenance operation access method in switching system | |
| CN106888186A (en) | Mobile terminal payment class application security method of payment and device | |
| CN101464889B (en) | Database security monitoring apparatus and method thereof | |
| GB2532951A (en) | Device management user centric identity for security protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: SUZHOU LINGXI INTERNET OF THINGS TECHNOLOGY CO., L Free format text: FORMER OWNER: WAN NENG Effective date: 20130402 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 201204 PUDONG NEW AREA, SHANGHAI TO: 215211 SUZHOU, JIANGSU PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20130402 Address after: 215211, Suzhou, Jiangsu province Wujiang Fen Lake Town, Lake Avenue, No. 558 Patentee after: Suzhou Lingxi Internet of Things Technology Co., Ltd. Address before: 201204 Shanghai city Pudong New Area road 73 Lane 24, Pittosporum room 402 Patentee before: Wan Neng |
|
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20090128 Assignee: Suzhou Lingxi Internet of Things Technology Co., Ltd. Assignor: Wan Neng Contract record no.: 2013320000083 Denomination of invention: Method and system for implementing safety access public network of network terminal as well as special network access controller thereof Granted publication date: 20101201 License type: Exclusive License Record date: 20130312 |
|
| LICC | Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model |