CN103905406A - Failed firewall policy detection method and device - Google Patents
Failed firewall policy detection method and device Download PDFInfo
- Publication number
- CN103905406A CN103905406A CN201210583968.2A CN201210583968A CN103905406A CN 103905406 A CN103905406 A CN 103905406A CN 201210583968 A CN201210583968 A CN 201210583968A CN 103905406 A CN103905406 A CN 103905406A
- Authority
- CN
- China
- Prior art keywords
- firewall policy
- destination interface
- destination
- firewall
- destination address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a failed firewall policy detection method and device. The method comprises the steps that a firewall policy file of a target firewall to be detected is acquired; for each firewall policy x in the firewall policy file, the destination address and the destination port of the firewall policy x is acquired; an SYN data packet is sent to the destination address and the destination port, and whether RST response information is received is determined; if the RST response information is received, the fact that the destination port is closed is determined; a UDP data packet of zero byte is sent to the destination address and the destination port, and whether the response information of unreachable ICMP is received is determined; if the response information of unreachable ICMP is received, the fact that the destination port is closed is determined; if the fact that the destination port is closed is determined according to the detection, the firewall policy x is failed. By using the scheme of the invention, the detection efficiency is improved, and the accuracy of a detection result can be improved.
Description
Technical field
The present invention relates to network security technology, particularly a kind of firewall policy detection method and device of inefficacy.
Background technology
Fire compartment wall is the information safety devices of a software and hardware combining, can be firewall policy according to access control rule, to the packet of the flowing through control that conducts interviews, thereby ensures the safety of internal network.Specifically, firewall policy has stipulated that the coated permission of which external data or refusal enter internal network by fire compartment wall, has stipulated that the coated permission of which internal data or refusal pass through firewall access external network simultaneously.
Conventionally, in a fire compartment wall, can be provided with many firewall policies, these firewall policies are generally all recorded in firewall policy file.Every firewall policy includes the information such as source address, source port, destination address, destination interface and action (whether letting pass).
Such as, a typical firewall policy is as follows:
SourceIP SourcePort DestinationIP DestinationPort Action
1.1.1.1 Any 2.2.2.2 80 permit;
This firewall policy represents: be that 1.1.1.1, source port (SourcePort) are not limit packet that (Any), destination address (DestinationIP) are 80 for 2.2.2.2 and destination interface (DestinationPort) all let pass (permit) for source address (SourceIP).
In actual applications, due to a variety of causes, tend to have a large amount of invalid firewall policies in firewall policy file, described reason comprises: business change or roll off the production line, and corresponding firewall policy is not removed in time with it; Due to the interim firewall policy that some interim demands increase, do not remove in time etc.
Invalid firewall policy can reduce the performance of fire compartment wall greatly, and can cause certain potential safety hazard, therefore, must invalid firewall policy be detected by certain mode, and remove in time.
In prior art, conventionally adopt following two kinds of detection modes:
1) mode one
For all firewall policies in firewall policy file, manually analyze one by one, and in conjunction with practical business situation etc., determine the firewall policy of inefficacy;
2) mode two
Statistics scheduled duration destination address and destination interface as corresponding in the packet of the fire compartment wall of flowing through in the week, form a set, for every firewall policy in firewall policy file, determine respectively whether its destination address and destination interface have appeared in this set, if, determine that this firewall policy is effective, otherwise invalid.
But all can there is in actual applications certain problem in above-mentioned two kinds of modes, as:
In mode one, have higher requirement for analyst's quality, analyst need to be familiar with fire compartment wall operation principle, to possess certain O&M experience, and to be familiar with firewall policy file grammer etc.; And, tens at least of the firewall policies in firewall policy file, thousands of at most, the words of manual analysis can need long time, and efficiency is very low, also easily causes careless omission, thereby causes testing result inaccurate;
In mode two, the concrete value of described scheduled duration depends on artificial subjectivity definition, if arrange improperly, is easy to occur flase drop etc., thereby causes testing result inaccurate; In addition, network is day by day complicated at present, data on network are also day by day complicated, corresponding destination address and the destination interface of business having rolled off the production line for some, due to extraneous corpse, wooden horse or worm activity etc., also can produce once in a while a small amount of packet, thereby also can cause occurring flase drop, and then cause testing result inaccurate.
Summary of the invention
In view of this, the invention provides a kind of firewall policy detection method and device of inefficacy, can improve detection efficiency, and can improve the accuracy of testing result.
For achieving the above object, technical scheme of the present invention is achieved in that
A firewall policy detection method for inefficacy, comprising:
Obtain the firewall policy file of target fire compartment wall to be detected;
For every firewall policy x in described firewall policy file, carry out respectively following processing:
Obtain destination address and the destination interface of firewall policy x;
Send synchronous SYN packet to described destination address and destination interface, and determine whether to receive reset RST response message, if so, definite described destination interface is closed;
Send the user datagram protocol UDP packet of zero byte to described destination address and destination interface, and determine whether to receive the not accessibility response message of the Internet Internet Control Message Protocol ICMP, if so, definite described destination interface is closed;
All close if determine described destination interface according to above-mentioned detection, firewall policy x lost efficacy.
A firewall policy checkout gear for inefficacy, comprising:
Acquisition module, for obtaining the firewall policy file of target fire compartment wall to be detected, and sends to detection module;
Described detection module, for every firewall policy x for described firewall policy file, carries out respectively following processing: the destination address and the destination interface that obtain firewall policy x; Send synchronous SYN packet to described destination address and destination interface, and determine whether to receive reset RST response message, if so, definite described destination interface is closed; Send the user datagram protocol UDP packet of zero byte to described destination address and destination interface, and determine whether to receive the not accessibility response message of the Internet Internet Control Message Protocol ICMP, if so, definite described destination interface is closed; All close if determine described destination interface according to above-mentioned detection, firewall policy x lost efficacy.
Visible, adopt scheme of the present invention, can determine whether firewall policy lost efficacy by judging whether corresponding destination interface closes etc.; Than prior art, scheme of the present invention is without the processing such as manually analyzing, and Rule of judgment is more scientific and reasonable, therefore not only can improve detection efficiency, and can improve the accuracy of testing result.
Accompanying drawing explanation
Fig. 1 is the flow chart of the firewall policy detection method embodiment that lost efficacy of the present invention.
Fig. 2 is the flow chart of the present invention's firewall policy detection method preferred embodiment of losing efficacy.
Fig. 3 is the composition structural representation of the firewall policy checkout gear embodiment that lost efficacy of the present invention.
Embodiment
For problems of the prior art, a kind of firewall policy detection scheme of inefficacy is proposed in the present invention, detection efficiency can be improved, and the accuracy of testing result can be improved.
For make technical scheme of the present invention clearer, understand, referring to the accompanying drawing embodiment that develops simultaneously, scheme of the present invention is described in further detail.
Fig. 1 is the flow chart of the firewall policy detection method embodiment that lost efficacy of the present invention.As shown in Figure 1, comprising:
Step 11: the firewall policy file that obtains target fire compartment wall to be detected.
In the present embodiment, fire compartment wall to be detected is called to target fire compartment wall.
Step 12: for every firewall policy x in the firewall policy file getting, carry out respectively following processing: determine that whether business that firewall policy x is corresponding is in inactive state, if so, determine that firewall policy x lost efficacy.
Due to the diversity of firewall product, for different fire compartment walls, the form of the firewall policy in firewall policy file wherein may be also different, for ease of processing, can unify its form, in firewall policy file after consolidation form, effective information will be only included, thereby detection efficiency etc. can be improved.
For this reason, after getting the firewall policy file of target fire compartment wall, whether the form that can first determine the firewall policy in the firewall policy file getting is identical with predetermined format, if different, every firewall policy in the firewall policy file getting is all converted to described predetermined format, if identical, without changing.
Described predetermined format typically refers to: the standard quintuple that comprises source address, source port, destination address, destination interface and action.
In actual applications, for every firewall policy, according to its destination address and destination interface, can determine uniquely the i.e. business in order to support of this firewall policy correspondence; Afterwards, can carry out viability judgement to business corresponding to this firewall policy, the business that definite this firewall policy is corresponding, whether in inactive state, if in inactive state, can determine that this firewall policy lost efficacy, otherwise effectively.
In addition, in actual applications, for a firewall policy of optimizing, its action is refusal (deny), the firewall policy that action is deny can not bring security risk, and the firewall policy that is therefore deny for action, can judge whether it lost efficacy, and the firewall policy that is permit for action needs to judge whether it lost efficacy.
For this reason, in this step, for every firewall policy x in the firewall policy file of the target fire compartment wall getting (for ease of statement, any firewall policy in the firewall policy file that represents to get with firewall policy x), if need to carry out format conversion, for every firewall policy x after format conversion, carry out respectively following processing: the action message of obtaining firewall policy x, determine whether the action message getting is permit, if, obtain destination address and the destination interface of firewall policy x, and determine that whether the destination address that gets and business corresponding to destination interface are in inactive state, if, determine that firewall policy x lost efficacy.
In scheme of the present invention, can adopt transmission control protocol (TCP, Transmission Control Protocol) detection mode and User Datagram Protocol (UDP, User Datagram Protocol) mode that combines of detection mode determines the active state of business, is implemented as follows:
TCP detection mode: send synchronous (SYN to the destination address getting and destination interface, Synchronize) packet, and determine whether to receive reset (RST, Reset the connection) response message, if so, definite destination interface is closed, otherwise, determine that destination interface is open, port shutdown thinks that corresponding business also closes;
UDP detection mode: the UDP message bag that sends zero byte to the destination address getting and destination interface, and determine whether to receive the Internet Internet Control Message Protocol (ICMP, Internet Control Message Protocol) not accessibility response message, if, definite destination interface is closed, otherwise, determine that destination interface is open;
Close if all determine destination interface according to above-mentioned two kinds of modes, can determine that business that the destination address that gets and destination interface are corresponding is in inactive state.
After determining firewall policy x inefficacy, firewall policy x can be joined in expiration policy list, expiration policy list is initially sky.
In addition, consider the firewall policy that may have repetition in the firewall policy file getting, and business is carried out to the larger resource of viability judgement meeting consumption rate, therefore be saving resource, destination address and the destination interface of firewall policy x can obtained, and determine that the destination address that gets and business corresponding to destination interface are whether before inactive state, first determine whether firewall policy x has been present in expiration policy list, if do not existed, carry out again subsequent treatment, otherwise, do not carry out subsequent treatment.
Based on above-mentioned introduction, Fig. 2 is the flow chart of the present invention's firewall policy detection method preferred embodiment of losing efficacy.As shown in Figure 2, comprising:
Step 21: the firewall policy file that obtains target fire compartment wall.
Step 22: whether the form of determining the firewall policy in the firewall policy file getting is identical with predetermined format, if so, performs step 24, otherwise, execution step 23.
Step 23: every firewall policy in the firewall policy file getting is all converted to predetermined format.
Step 24: extract a firewall policy in slave firewall strategy file.
Step 25: determine whether the up-to-date firewall policy extracting has been present in expiration policy list, if so, performs step 29, otherwise, execution step 26.
Step 26: the destination address and the destination interface that obtain the up-to-date firewall policy extracting.
The action message of supposing the up-to-date firewall policy extracting is permit.
Step 27: determine that business that the destination address that gets and destination interface are corresponding, whether in inactive state, if so, performs step 28, otherwise, determine that the up-to-date firewall policy extracting is effective, execution step 29.
Step 28: determine that the up-to-date firewall policy extracting lost efficacy, and this firewall policy is joined to expiration policy list.
Step 29: determine in firewall policy file whether have the firewall policy not extracting, if so, perform step 210, otherwise, process ends.
Step 210: in slave firewall strategy file, extract a new firewall policy, and repeated execution of steps 25.
So far, completed the introduction about the inventive method embodiment.
Fig. 3 is the composition structural representation of the firewall policy checkout gear embodiment that lost efficacy of the present invention.As shown in Figure 3, comprising:
Acquisition module, for obtaining the firewall policy file of target fire compartment wall to be detected, and sends to detection module;
Detection module, for every firewall policy x of the firewall policy file for getting, carries out respectively following processing: determine that whether business that firewall policy x is corresponding is in inactive state, if so, determine that firewall policy x lost efficacy.
Particularly, detection module can, for every firewall policy x in firewall policy file, carry out respectively following processing: the destination address and the destination interface that obtain firewall policy x; Send SYN packet to destination address and destination interface, and determine whether to receive RST response message, if so, definite destination interface is closed; Send the UDP message bag of zero byte to destination address and destination interface, and determine whether to receive the not accessibility response message of ICMP, if so, definite destination interface is closed; All close if determine destination interface according to above-mentioned detection, firewall policy x lost efficacy.Close if all determine destination interface for twice, the business that definite destination address and destination interface are corresponding is in inactive state, and definite firewall policy x lost efficacy.
Acquisition module can adopt online crawl and two kinds of modes of off-line importing to obtain the firewall policy file of target fire compartment wall.
Wherein, online Grasp Modes refers to: acquisition module signs in to target fire compartment wall according to IP, account and the password analog subscriber of the configure target fire compartment wall of (human configuration), and therefrom extracts firewall policy file; When Fig. 3 shown device and target fire compartment wall be not at consolidated network or network when unreachable, can adopt off-line lead-in mode, off-line lead-in mode refers to: from target fire compartment wall, derive firewall policy file by artificial mode, off-line imports in acquisition module again, and acquisition module receives the firewall policy file of deriving from target fire compartment wall that off-line imports.
In addition, acquisition module can be further used for,
After getting firewall policy file, whether the form of determining the firewall policy in this firewall policy file is identical with predetermined format, if different, every firewall policy in this firewall policy file are all converted to described predetermined format, and send to detection module.
Detection module can be further used for,
After definite firewall policy x lost efficacy, firewall policy x is joined in expiration policy list;
Before obtaining the destination address and destination interface of firewall policy x, determine whether firewall policy x has been present in expiration policy list, if do not existed, obtain destination address and the destination interface of firewall policy x.
Detection module also can be further used for, and before obtaining the destination address and destination interface of firewall policy x, obtains the action message of firewall policy x; Determine whether the action message getting is permit, if so, obtains destination address and the destination interface of firewall policy x.
The specific works flow process of Fig. 3 shown device embodiment please refer to the respective description in embodiment of the method shown in Fig. 1~2, repeats no more herein.
Fig. 3 shown device can be deployed in the Intranet of fire compartment wall administration, and can reach with server end network.
In a word, adopt scheme of the present invention, can, by judging whether corresponding business determines in inactive state whether firewall policy lost efficacy, if corresponding business is in inactive state, determine that firewall policy lost efficacy; Than prior art, scheme of the present invention is without the processing such as manually analyzing, and Rule of judgment is more scientific and reasonable, therefore not only can improve detection efficiency, and can improve the accuracy of testing result; In addition, scheme of the present invention implements simple and convenient, is convenient to universal and promotes.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of making, be equal to replacement, improvement etc., within all should being included in the scope of protection of the invention.
Claims (10)
1. a firewall policy detection method for inefficacy, is characterized in that, comprising:
Obtain the firewall policy file of target fire compartment wall to be detected;
For every firewall policy x in described firewall policy file, carry out respectively following processing:
Obtain destination address and the destination interface of firewall policy x;
Send synchronous SYN packet to described destination address and destination interface, and determine whether to receive reset RST response message, if so, definite described destination interface is closed;
Send the user datagram protocol UDP packet of zero byte to described destination address and destination interface, and determine whether to receive the not accessibility response message of the Internet Internet Control Message Protocol ICMP, if so, definite described destination interface is closed;
All close if determine described destination interface according to above-mentioned detection, firewall policy x lost efficacy.
2. method according to claim 1, is characterized in that, described in obtain the firewall policy file of target fire compartment wall to be detected after, further comprise:
Whether the form of determining the firewall policy in described firewall policy file is identical with predetermined format, if different, every firewall policy in described firewall policy file is all converted to described predetermined format.
3. method according to claim 2, is characterized in that,
Described predetermined format is: the standard quintuple that comprises source address, source port, destination address, destination interface and action.
4. according to the method described in claim 1,2 or 3, it is characterized in that,
After described definite firewall policy x lost efficacy, further comprise: firewall policy x is joined in expiration policy list;
Before the described destination address and destination interface that obtains firewall policy x, further comprise: determine whether firewall policy x has been present in described expiration policy list, if do not existed, obtain destination address and the destination interface of firewall policy x.
5. according to the method described in claim 1,2 or 3, it is characterized in that, described in obtain the destination address and destination interface of firewall policy x before, further comprise:
Obtain the action message of firewall policy x;
Determine whether the action message getting is to allow permit, if so, obtains destination address and the destination interface of firewall policy x.
6. a firewall policy checkout gear for inefficacy, is characterized in that, comprising:
Acquisition module, for obtaining the firewall policy file of target fire compartment wall to be detected, and sends to detection module;
Described detection module, for every firewall policy x for described firewall policy file, carries out respectively following processing: the destination address and the destination interface that obtain firewall policy x; Send synchronous SYN packet to described destination address and destination interface, and determine whether to receive reset RST response message, if so, definite described destination interface is closed; Send the user datagram protocol UDP packet of zero byte to described destination address and destination interface, and determine whether to receive the not accessibility response message of the Internet Internet Control Message Protocol ICMP, if so, definite described destination interface is closed; All close if determine described destination interface according to above-mentioned detection, firewall policy x lost efficacy.
7. device according to claim 6, is characterized in that,
Described acquisition module signs in to described target fire compartment wall according to IP, account and the password of configured described target fire compartment wall, and therefrom extracts described firewall policy file;
Or described acquisition module receives the described firewall policy file of deriving from described target fire compartment wall that off-line imports.
8. device according to claim 6, is characterized in that, described acquisition module is further used for,
After getting described firewall policy file, whether the form of determining the firewall policy in described firewall policy file is identical with predetermined format, if different, every firewall policy in described firewall policy file is all converted to described predetermined format, and sends to described detection module.
9. according to the device described in claim 6 or 8, it is characterized in that, described detection module is further used for,
After definite firewall policy x lost efficacy, firewall policy x is joined in expiration policy list;
Before obtaining the destination address and destination interface of firewall policy x, determine whether firewall policy x has been present in described expiration policy list, if do not existed, obtain destination address and the destination interface of firewall policy x.
10. according to the device described in claim 6 or 8, it is characterized in that,
Described detection module is further used for, and before obtaining the destination address and destination interface of firewall policy x, obtains the action message of firewall policy x; Determine whether the action message getting is to allow permit, if so, obtains destination address and the destination interface of firewall policy x.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210583968.2A CN103905406B (en) | 2012-12-28 | 2012-12-28 | A kind of detection method and device of the firewall policy that fails |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210583968.2A CN103905406B (en) | 2012-12-28 | 2012-12-28 | A kind of detection method and device of the firewall policy that fails |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103905406A true CN103905406A (en) | 2014-07-02 |
CN103905406B CN103905406B (en) | 2017-09-12 |
Family
ID=50996561
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210583968.2A Active CN103905406B (en) | 2012-12-28 | 2012-12-28 | A kind of detection method and device of the firewall policy that fails |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103905406B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104519030A (en) * | 2013-09-30 | 2015-04-15 | 西门子公司 | Method and device for safety detection |
CN105071991A (en) * | 2015-08-11 | 2015-11-18 | 携程计算机技术(上海)有限公司 | Method for testing IP (Internet Protocol) connectivity of plurality of firewalls |
CN105847258A (en) * | 2016-03-25 | 2016-08-10 | 国家电网公司 | Firewall-based method for analyzing ACL company internal resource opening scope |
CN105978881A (en) * | 2016-05-13 | 2016-09-28 | 上海携程商务有限公司 | Method and system for searching firewall that ip address passes by |
CN107395395A (en) * | 2017-06-19 | 2017-11-24 | 国家电网公司 | The treating method and apparatus of security protection system |
CN108306890A (en) * | 2018-02-07 | 2018-07-20 | 河南中医药大学 | A kind of computer network security detection method |
CN108494771A (en) * | 2018-03-23 | 2018-09-04 | 平安科技(深圳)有限公司 | Electronic device, fire wall open verification method and storage medium |
CN109150655A (en) * | 2018-07-25 | 2019-01-04 | 赛尔网络有限公司 | A kind of detection method that IPv4 firewall IPv6 is bypassed |
CN114338246A (en) * | 2022-03-14 | 2022-04-12 | 章和技术(广州)有限公司 | Firewall strategy auditing method, device, equipment and storage medium |
CN115065538A (en) * | 2022-06-16 | 2022-09-16 | 北京天融信网络安全技术有限公司 | Security policy optimization method and device, electronic device and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101026510A (en) * | 2007-01-31 | 2007-08-29 | 华为技术有限公司 | Network flow abnormal detecting method and system |
CN101123492A (en) * | 2007-09-06 | 2008-02-13 | 杭州华三通信技术有限公司 | Method and device for detecting scanning attack |
WO2009108303A1 (en) * | 2008-02-28 | 2009-09-03 | Secure Computing Corporation | Unified network threat management with rule classification |
CN101582900A (en) * | 2009-06-24 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Firewall security policy configuration method and management unit |
CN102035847A (en) * | 2010-12-14 | 2011-04-27 | 成都市华为赛门铁克科技有限公司 | User access behavior processing method and system and client |
-
2012
- 2012-12-28 CN CN201210583968.2A patent/CN103905406B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101026510A (en) * | 2007-01-31 | 2007-08-29 | 华为技术有限公司 | Network flow abnormal detecting method and system |
CN101123492A (en) * | 2007-09-06 | 2008-02-13 | 杭州华三通信技术有限公司 | Method and device for detecting scanning attack |
WO2009108303A1 (en) * | 2008-02-28 | 2009-09-03 | Secure Computing Corporation | Unified network threat management with rule classification |
CN101582900A (en) * | 2009-06-24 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Firewall security policy configuration method and management unit |
CN102035847A (en) * | 2010-12-14 | 2011-04-27 | 成都市华为赛门铁克科技有限公司 | User access behavior processing method and system and client |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104519030A (en) * | 2013-09-30 | 2015-04-15 | 西门子公司 | Method and device for safety detection |
CN104519030B (en) * | 2013-09-30 | 2018-07-17 | 西门子公司 | A kind of method and apparatus for safety detection |
CN105071991B (en) * | 2015-08-11 | 2018-11-02 | 上海携程商务有限公司 | The test method of the IP connectivity of multiple fire walls |
CN105071991A (en) * | 2015-08-11 | 2015-11-18 | 携程计算机技术(上海)有限公司 | Method for testing IP (Internet Protocol) connectivity of plurality of firewalls |
CN105847258A (en) * | 2016-03-25 | 2016-08-10 | 国家电网公司 | Firewall-based method for analyzing ACL company internal resource opening scope |
CN105847258B (en) * | 2016-03-25 | 2019-01-29 | 国家电网公司 | Internal enterprise resources range of opening analysis method based on firewall ACL |
CN105978881A (en) * | 2016-05-13 | 2016-09-28 | 上海携程商务有限公司 | Method and system for searching firewall that ip address passes by |
CN105978881B (en) * | 2016-05-13 | 2019-05-31 | 上海携程商务有限公司 | The querying method and system for the firewall that ip is passed through address |
CN107395395A (en) * | 2017-06-19 | 2017-11-24 | 国家电网公司 | The treating method and apparatus of security protection system |
CN108306890A (en) * | 2018-02-07 | 2018-07-20 | 河南中医药大学 | A kind of computer network security detection method |
CN108494771A (en) * | 2018-03-23 | 2018-09-04 | 平安科技(深圳)有限公司 | Electronic device, fire wall open verification method and storage medium |
CN109150655A (en) * | 2018-07-25 | 2019-01-04 | 赛尔网络有限公司 | A kind of detection method that IPv4 firewall IPv6 is bypassed |
CN109150655B (en) * | 2018-07-25 | 2020-09-11 | 赛尔网络有限公司 | IPv4 firewall IPv6 bypassing detection method |
CN114338246A (en) * | 2022-03-14 | 2022-04-12 | 章和技术(广州)有限公司 | Firewall strategy auditing method, device, equipment and storage medium |
CN115065538A (en) * | 2022-06-16 | 2022-09-16 | 北京天融信网络安全技术有限公司 | Security policy optimization method and device, electronic device and storage medium |
CN115065538B (en) * | 2022-06-16 | 2023-09-26 | 北京天融信网络安全技术有限公司 | Optimization method and device of security policy, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN103905406B (en) | 2017-09-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103905406A (en) | Failed firewall policy detection method and device | |
US10805438B2 (en) | Configuring the protocol-based generation of event streams by remote capture agents | |
US9843598B2 (en) | Capture triggers for capturing network data | |
EP2744151B1 (en) | Method, system, and computer-readable medium for monitoring traffic across diameter core agents | |
EP2661020B1 (en) | Adaptive monitoring of telecommunications networks | |
CN106034056A (en) | Service safety analysis method and system thereof | |
US20160127180A1 (en) | Streamlining configuration of protocol-based network data capture by remote capture agents | |
US20120173712A1 (en) | Method and device for identifying p2p application connections | |
CN104394122A (en) | HTTP (Hyper Text Transport Protocol) service firewall based on adaptive agent mechanism | |
CN110071852B (en) | Method and system for monitoring program network flow based on Linux operating system | |
CN110011973A (en) | Industrial control network access rule construction method and training system | |
US9894074B2 (en) | Method and system for extracting access control list | |
Matoušek et al. | Flow based monitoring of ICS communication in the smart grid | |
CN112995152B (en) | Risk port detection method, device, equipment and medium | |
CN107800722A (en) | Isolate the method and device of industrial control equipment and external network server | |
CN100493065C (en) | Method for using immediate information software by data detection network address switching equipment | |
CN103597466B (en) | Real time data based on data-pushing is monitored | |
CN105959289A (en) | Self-learning-based safety detection method for OPC Classic protocol | |
CN105939241B (en) | Connection disconnects method and device | |
CN105991353A (en) | Fault location method and device | |
CN106130787B (en) | Service processing system based on software defined network | |
CN202652270U (en) | Database audit system | |
CN103763150A (en) | Data acquisition system | |
WO2015176516A1 (en) | Method and apparatus for tracking service process | |
CN106161339A (en) | Obtain the method and device of IP access relation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |