CN102238145A - Method and device for preventing network attack - Google Patents
Method and device for preventing network attack Download PDFInfo
- Publication number
- CN102238145A CN102238145A CN2010101613688A CN201010161368A CN102238145A CN 102238145 A CN102238145 A CN 102238145A CN 2010101613688 A CN2010101613688 A CN 2010101613688A CN 201010161368 A CN201010161368 A CN 201010161368A CN 102238145 A CN102238145 A CN 102238145A
- Authority
- CN
- China
- Prior art keywords
- intranet host
- state information
- safety state
- described intranet
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method and a device for preventing network attack, which relate to the field of communication and are used for solving the problem that a fire wall cannot perform network defense on a host in the fire wall. The method comprises the following steps of: obtaining current security status information of an intranet host; and controlling the intranet host to communicate with an extranet according to the current security status information of the intranet host. The technical scheme provided by the invention can be used in the field of network security.
Description
Technical field
The present invention relates to the communications field, relate in particular to a kind of method and apparatus of defending against network attacks.
Background technology
Fire compartment wall is the protection barrier at defending against network attacks between internal network and the external network, between private network and the public network.By the website and the content of configuration certain protocol and port access correspondence, fire compartment wall is realized the defence to network attack.But along with virus, wooden horse and the worm of network is becoming increasingly rampant; in case the intranet host of protection is attacked in the fire compartment wall; initiatively the network outside fire compartment wall sends useful information, and fire compartment wall can't carry out cyber-defence to the main frame in the fire compartment wall, reduce the fail safe of network.
Summary of the invention
The invention provides a kind of method and apparatus of defending against network attacks, can communicate by letter with outer net by adaptive control intranet host.
To achieve the above object of the invention, the invention provides following technical scheme:
A kind of method of defending against network attacks comprises:
Fire compartment wall obtains the current safety state information of intranet host, and the safety state information current according to described intranet host, controls described intranet host and communicates by letter with outer net.
Further, described method also has following characteristics:
What the current safety state information of described intranet host was described intranet host according in the following information is one or more definite, comprising: the lastest imformation of virus base and service log-on message in the lastest imformation of system safety patch, the mount message of antivirus software, the antivirus software.
Further, described method also has following characteristics: the safety state information that described fire compartment wall is current according to described intranet host, and control described intranet host and communicate by letter with outer net, comprising:
The safety state information of current safety state information with the last time compared;
According to comparative result, adjust the firewall policy of described intranet host;
Adopting adjusted firewall policy to control described intranet host communicates by letter with outer net.
Further, described method also has following characteristics: described fire compartment wall is adjusted the firewall policy of described intranet host according to comparative result, comprising:
If last and current safety state information is safety, then do not adjust the firewall policy of described intranet host, keep the access rights of described intranet host to be in open state;
If last safety state information is a safety, but current safety state information is dangerous, the access rights of then adjusting described intranet host are in closed condition;
If last safety state information is dangerous, but current safety state information is a safety, the access rights of then adjusting described intranet host are in open state;
If last safety state information is unknown and current safety state information is dangerous, the access rights of then adjusting described intranet host are in closed condition.
A kind of fire compartment wall comprises:
Acquisition module is used to obtain the current safety state information of intranet host;
Control module is used for the safety state information current according to described intranet host, controls described intranet host and communicates by letter with outer net.
Further, described device also has following characteristics:
The current safety state information of described intranet host is that described intranet host is determined according to following information, comprising: the lastest imformation of virus base and service log-on message in the lastest imformation of system safety patch, the mount message of antivirus software, the antivirus software.
Further, described device also has following characteristics: described control module specifically comprises:
Comparing unit is used for the safety state information of current safety state information with the last time compared;
Adjustment unit is used for according to comparative result, adjusts the firewall policy of described intranet host;
Control unit is used to adopt adjusted firewall policy to control described intranet host and communicates by letter with outer net.
Further, described device also has following characteristics: described adjustment unit specifically is used for:
If last and current safety state information is safety, then do not adjust the firewall policy of described intranet host, keep the access rights of described intranet host to be in open state;
If last safety state information is a safety, but current safety state information is dangerous, the access rights of then adjusting described intranet host are in closed condition;
If last safety state information is dangerous, but current safety state information is a safety, the access rights of then adjusting described intranet host are in open state;
If last safety state information is unknown and current safety state information is dangerous, the access rights of then adjusting described intranet host are in closed condition.
Technical scheme provided by the invention, by obtaining the current safety state information of intranet host, and the safety state information current according to described intranet host, controlling described intranet host communicates by letter with outer net, realize that adaptive control intranet host communicates by letter with outer net, guarantee the secure access of intranet host, reduce the leakage of data in the intranet host, improve the fail safe of network; By the control of fire compartment wall, reduce the processing pressure of other equipment safety controls in the network simultaneously to the intranet host visit.
Description of drawings
Fig. 1 is the method flow diagram that the invention provides a kind of defending against network attacks;
Fig. 2 is the structural representation of network system in the embodiment of the invention;
Fig. 3 is another flow chart of the method for defending against network attacks in the embodiment of the invention;
Fig. 4 is the apparatus structure schematic diagram that the invention provides a kind of defending against network attacks;
Fig. 5 is the structural representation of middle control module 402 embodiment illustrated in fig. 4.
Embodiment
Below in conjunction with accompanying drawing technical scheme provided by the invention is described further.
As shown in Figure 1, the invention provides a kind of method of defending against network attacks, comprising:
The method of defending against network attacks provided by the invention, by obtaining the current safety state information of intranet host, and the safety state information current according to described intranet host, controlling described intranet host communicates by letter with outer net, realize that adaptive control intranet host communicates by letter with outer net, guarantee the secure access of intranet host, reduce the leakage of data in the intranet host, improve the fail safe of network.
Below method provided by the invention is described further:
As shown in Figure 2, Host1, Host2 and Host3 are main frame, and fire compartment wall is the protection barrier of the above-mentioned main frame of protection.For fire compartment wall, the network at main frame place is an Intranet, and the network that main frame need be visited is an outer net.Wherein the process of fire compartment wall defending against network attacks is as shown in Figure 3:
Step 301, intranet host obtain local system security management information.
Wherein said system security management information comprises the lastest imformation of operating system version information, operating system patch, the mount message of antivirus software, at least one in the lastest imformation of antivirus software and the service log-on message.For example, described intranet host can obtain whether the high patch of version number, importance information of operating system is installed, whether this machine is equipped with antivirus software, the update time of virus base in this antivirus software, is in the service of opening.
Concrete, intranet host can be periodically to obtain described system security management information, also can be to carry out after receiving the system security management information acquisition request that fire compartment wall sends.
Step 302, described intranet host are determined the safety state information of described intranet host according to described system security management information.
Concrete, described intranet host determines that described intranet host is dangerous under following arbitrary condition, comprising:
The patch that a plurality of importance information are high on the described intranet host is not installed;
Do not dispose antivirus software on the described intranet host;
Dispose antivirus software on the described intranet host, but this antivirus software do not upgrade in time, for example two weeks does not upgrade;
Dangerous or unknown service in the service that described intranet host starts.For example, in the current service entry than before the service entry that starts Duo one or more services, and intranet host can't resolve the function of this service, can think that then the one or more services that have more are danger or unknown service.
Optionally, the mode of obtaining the safe condition of main frame among the present invention is not limited to this, third party's safety management software (as 360 security guards) that described intranet host is installed on can also this intranet host obtains the safe condition of intranet host, for example, start third party's safety management software of installing on this intranet host, by obtaining safe class after each management item scanning of this third party's safety management software to system, obtain the safe condition of intranet host, for example, intranet host starts 360 security guards, carry out " health check-up " of intranet host, obtaining the appraisal result of " health check-up ", is 90 as scoring, represents that then this intranet host is very safe, as scoring is 10, represents that then this intranet host is dangerous.
Step 303, described intranet host send the safety state information of described intranet host to fire compartment wall.
Step 304, described fire compartment wall compare the safety state information of current safety state information with the last time.
Step 305, described fire compartment wall are adjusted the firewall policy of described intranet host according to comparative result.
Concrete, the fire compartment wall that described fire compartment wall is adjusted described intranet host comprises following multiple:
If last and current safety state information is safety, then do not adjust the firewall policy of described intranet host, keep the access rights of intranet host described in the described firewall policy to be in open state;
If last safety state information is a safety, but current safety state information is dangerous, the access rights of then adjusting described intranet host are in closed condition;
If last safety state information is dangerous, but current safety state information is a safety, the access rights of then adjusting described intranet host are in open state;
If last safety state information is unknown and current safety state information is dangerous, the access rights of then adjusting described intranet host are in closed condition.
Described fire compartment wall can be by opening or close the access rights of the IP corresponding with described intranet host, MAC and the described intranet host of port controlling.
For example, firewall management three intranet host H1, H2, H3, firewall policy comprises two kinds of situations, be respectively A and B, wherein A is open destination interface 80 and 25, allow Intranet user to use HTTP (Hypertext Transfer Protocol, HTML (Hypertext Markup Language)) and SMTP (Simple Mail TransferProtocol, Simple Mail Transfer protocol); B is not for allowing outer net IP visit intranet host.
Intranet host H1: last safety state information and current safety state information are safety, the Access status that keeps destination interface 80 and 25 is for open, allow intranet host H1 to use HTTP and SMTP service, the firewall policy of configuration intranet host H1 is A;
Intranet host H2: last safety state information is a safety, but, the antivirus software virus base do not reach the setting requirement because upgrading situation, current safety state information is dangerous, the Access status of adjusting destination interface 80 and 25 is for closing, refusal intranet host H2 uses HTTP and SMTP service, and the firewall policy of configuration intranet host H2 is B;
Intranet host H3: last safety state information the unknown, and current safety state information is dangerous, then refuses intranet host H3 and uses HTTP and SMTP service, the firewall policy of configuration intranet host H3 is B.
Step 306, described fire compartment wall adopt adjusted firewall policy to control described intranet host and communicate by letter with extraneous.
Concrete, when described intranet host when outer net is initiated access request, described fire compartment wall is inquired about the firewall policy of this intranet host, operating state according to IP, MAC and port in the firewall policy, controlling described intranet host communicates by letter with outer net, if the operating state of described IP, MAC and port then allows described intranet host to communicate by letter with outer net for opening; If, then refusing described intranet host for closing, the operating state of described IP, MAC and port communicates by letter with outer net.
The technical scheme that present embodiment provides is judged whether safety of intranet host, when intranet host is in a safe condition, allow it externally to conduct interviews, and when intranet host is in unsafe condition, refuse it externally to conduct interviews, reduce the probability that it is attacked, guarantee the safety of Intranet.
Corresponding, the invention provides a kind of fire compartment wall that adopts said method, as shown in Figure 4, comprising:
Further, what the current safety state information of described intranet host was described intranet host according in the following information is one or more definite, comprising: the lastest imformation of virus base and service log-on message in the lastest imformation of system safety patch, the mount message of antivirus software, the antivirus software.
Further, as shown in Figure 5, described control module 402 specifically comprises:
Comparing unit 501 is used for the safety state information of current safety state information with the last time compared;
Further, described adjustment unit specifically is used for:
If last and current safety state information is safety, then do not adjust the firewall policy of described intranet host, keep the access rights of described intranet host to be in open state;
If last safety state information is a safety, but current safety state information is dangerous, the access rights of then adjusting described intranet host are in closed condition;
If last safety state information is dangerous, but current safety state information is a safety, the access rights of then adjusting described intranet host are in open state;
If last safety state information is unknown and current safety state information is dangerous, the access rights of then adjusting described intranet host are in closed condition.
One of ordinary skill in the art will appreciate that all or part of step that realizes the foregoing description is to instruct relevant hardware to finish by program, described program can be stored in a kind of computer-readable recording medium, this program comprises one of step or its combination of method embodiment when carrying out.
In addition, each functional unit in each embodiment of the present invention can adopt the form of hardware to realize, also can adopt the form of software function module to realize.If described integrated module realizes with the form of software function module and during as independently production marketing or use, also can be stored in the computer read/write memory medium.
The above-mentioned storage medium of mentioning can be a read-only memory, disk or CD etc.
The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the described protection range of claim.
Claims (8)
1. the method for a defending against network attacks is characterized in that, comprising:
Fire compartment wall obtains the current safety state information of intranet host, and the safety state information current according to described intranet host, controls described intranet host and communicates by letter with outer net.
2. method according to claim 1, it is characterized in that, the current safety state information of described intranet host be described intranet host according to one or more definite in the following information, comprising: in the lastest imformation of system safety patch, the mount message of antivirus software, the antivirus software lastest imformation of virus base and the service log-on message.
3. method according to claim 1 and 2 is characterized in that, the safety state information that described fire compartment wall is current according to described intranet host is controlled described intranet host and communicated by letter with outer net, comprising:
The safety state information of current safety state information with the last time compared;
According to comparative result, adjust the firewall policy of described intranet host;
Adopting adjusted firewall policy to control described intranet host communicates by letter with outer net.
4. method according to claim 3 is characterized in that, described fire compartment wall is adjusted the firewall policy of described intranet host according to comparative result, comprising:
If last and current safety state information is safety, then do not adjust the firewall policy of described intranet host, keep the access rights of described intranet host to be in open state;
If last safety state information is a safety, but current safety state information is dangerous, the access rights of then adjusting described intranet host are in closed condition;
If last safety state information is dangerous, but current safety state information is a safety, the access rights of then adjusting described intranet host are in open state;
If last safety state information is unknown and current safety state information is dangerous, the access rights of then adjusting described intranet host are in closed condition.
5. a fire compartment wall is characterized in that, comprising:
Acquisition module is used to obtain the current safety state information of intranet host;
Control module is used for the safety state information current according to described intranet host, controls described intranet host and communicates by letter with outer net.
6. fire compartment wall according to claim 5, it is characterized in that, what the current safety state information of described intranet host was described intranet host according in the following information is one or more definite, comprising: the lastest imformation of virus base and service log-on message in the lastest imformation of system safety patch, the mount message of antivirus software, the antivirus software.
7. according to claim 5 or 6 described fire compartment walls, it is characterized in that described control module specifically comprises:
Comparing unit is used for the safety state information of current safety state information with the last time compared;
Adjustment unit is used for according to comparative result, adjusts the firewall policy of described intranet host;
Control unit is used to adopt adjusted firewall policy to control described intranet host and communicates by letter with outer net.
8. fire compartment wall according to claim 7 is characterized in that, described adjustment unit specifically is used for:
If last and current safety state information is safety, then do not adjust the firewall policy of described intranet host, keep the access rights of described intranet host to be in open state;
If last safety state information is a safety, but current safety state information is dangerous, the access rights of then adjusting described intranet host are in closed condition;
If last safety state information is dangerous, but current safety state information is a safety, the access rights of then adjusting described intranet host are in open state;
If last safety state information is unknown and current safety state information is dangerous, the access rights of then adjusting described intranet host are in closed condition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101613688A CN102238145A (en) | 2010-04-27 | 2010-04-27 | Method and device for preventing network attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101613688A CN102238145A (en) | 2010-04-27 | 2010-04-27 | Method and device for preventing network attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102238145A true CN102238145A (en) | 2011-11-09 |
Family
ID=44888365
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010101613688A Pending CN102238145A (en) | 2010-04-27 | 2010-04-27 | Method and device for preventing network attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102238145A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113779584A (en) * | 2021-11-15 | 2021-12-10 | 北京信达环宇安全网络技术有限公司 | Protection software installation method and system |
| CN113992369A (en) * | 2021-10-18 | 2022-01-28 | 北京天融信网络安全技术有限公司 | Network security device topology management method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1988439A (en) * | 2006-12-08 | 2007-06-27 | 亿阳安全技术有限公司 | Device and method for realizing network safety |
| CN101588360A (en) * | 2009-07-03 | 2009-11-25 | 深圳市安络大成科技有限公司 | Associated equipment and method for internal network security management |
-
2010
- 2010-04-27 CN CN2010101613688A patent/CN102238145A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1988439A (en) * | 2006-12-08 | 2007-06-27 | 亿阳安全技术有限公司 | Device and method for realizing network safety |
| CN101588360A (en) * | 2009-07-03 | 2009-11-25 | 深圳市安络大成科技有限公司 | Associated equipment and method for internal network security management |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113992369A (en) * | 2021-10-18 | 2022-01-28 | 北京天融信网络安全技术有限公司 | Network security device topology management method and system |
| CN113992369B (en) * | 2021-10-18 | 2023-07-18 | 北京天融信网络安全技术有限公司 | Topology management method and system for network security equipment |
| CN113779584A (en) * | 2021-11-15 | 2021-12-10 | 北京信达环宇安全网络技术有限公司 | Protection software installation method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10594708B2 (en) | Providing security in a communication network | |
| US7360237B2 (en) | System and method for secure network connectivity | |
| US8261355B2 (en) | Topology-aware attack mitigation | |
| CN101802837B (en) | System and method for providing network and computer firewall protection with dynamic address isolation to a device | |
| US9319429B2 (en) | Network quarantine system, network quarantine method and program therefor | |
| CN101675423B (en) | System and method for providing data and device security between external and host devices | |
| US10237301B2 (en) | Management of cellular data usage during denial of service (DoS) attacks | |
| US20110231534A1 (en) | Dynamic internet address assignment based on user identity and policy compliance | |
| US11606372B2 (en) | Mitigating against malicious login attempts | |
| CN103634786A (en) | Method and system for security detection and repair of wireless network | |
| EP3466136B1 (en) | Method and system for improving network security | |
| US9608973B2 (en) | Security management system including multiple relay servers and security management method | |
| KR20160036201A (en) | Abnormal communication interception apparatus and method | |
| US11539695B2 (en) | Secure controlled access to protected resources | |
| US8272043B2 (en) | Firewall control system | |
| CN103166960A (en) | Access control method and access control device | |
| KR20090121466A (en) | Apparatus and method for checking personal computer's security | |
| Kantola | Trust networking for beyond 5G and 6G | |
| CN106411852B (en) | Distributed terminal access control method and device | |
| US20200267146A1 (en) | Network analytics for network security enforcement | |
| CN102238145A (en) | Method and device for preventing network attack | |
| US11258793B2 (en) | Managing system and managing method for managing authentication for cloud service system | |
| CN105656927B (en) | A kind of safety access method and system | |
| JP6533823B2 (en) | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, PROGRAM, RECORDING MEDIUM, AND INFORMATION PROCESSING METHOD | |
| US7484094B1 (en) | Opening computer files quickly and safely over a network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20111109 |