CN104967609A - Intranet development server access method, intranet development server access device and intranet development server access system - Google Patents
Intranet development server access method, intranet development server access device and intranet development server access system Download PDFInfo
- Publication number
- CN104967609A CN104967609A CN201510209834.8A CN201510209834A CN104967609A CN 104967609 A CN104967609 A CN 104967609A CN 201510209834 A CN201510209834 A CN 201510209834A CN 104967609 A CN104967609 A CN 104967609A
- Authority
- CN
- China
- Prior art keywords
- server
- intranet
- access
- tcp
- quarantine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention discloses an intranet development server access method, an intranet development server access device and an intranet development server access system, and belongs to the internet communication field. The method comprises the steps of using an isolating server located between an intranet and an extranet to receive a request packet sent by an access layer server located in the extranet, wherein the request packet is sent by a client located in the extranet to the access layer server; using the isolating server to detect whether the request packet satisfies an access condition by using a network isolation technology; if the request packet satisfies the access condition, using the isolating server to send the request packet to a purpose intranet development server located in the intranet to thereby enable the purpose intranet development server to respond the request packet, wherein the purpose intranet development server is an intranet development server in which the client requires to access. According to the present invention, the network isolation between the intranet and the extranet is realized while the situation that the client accesses the intranet development server is guaranteed. The method, device and system of the present invention are used to access the intranet development server.
Description
Technical field
The present invention relates to field of Internet communication, particularly a kind of Intranet exploitation server access method, Apparatus and system.
Background technology
At internet industry, safety is a very important problem, and client, due to secure context, is often rejected and directly accesses company Intranet.Client is generally that the direct-connected exploitation server being positioned at outer net carries out testing and debugging, like this for client positioning problems, repair comparatively inconvenience, if client can access the Intranet exploitation server being positioned at Intranet, undertaken testing and debugging by this Intranet exploitation server, then can improve the positioning problems of client, the efficiency of reparation.
In correlation technique, in order to reach the object of client-access Intranet exploitation server, outer net and Intranet do not have completely isolated usually, can access each other.
But because outer net and Intranet do not have completely isolated, lawless person is easy to penetrate in Intranet, thus Intranet exploitation server can be attacked, like this while the object reaching client-access Intranet exploitation server, the safety of Intranet cannot be ensured.
Summary of the invention
In order to solve while the object reaching client-access Intranet exploitation server, the problem of the safety of Intranet cannot be ensured, embodiments provide a kind of Intranet exploitation server access method, Apparatus and system.Described technical scheme is as follows:
First aspect, provide a kind of Intranet to develop server access method, described method comprises:
Quarantine Server between Intranet and outer net receives the request bag of the Access Layer server transmission being positioned at described outer net, and described request bag is that the client being positioned at described outer net sends to described Access Layer server;
Described Quarantine Server adopts technology of network isolation detection described request bag whether to meet access consideration;
If described request bag meets described access consideration, described request bag is sent to the object Intranet exploitation server being positioned at described Intranet by described Quarantine Server, develop server to make described object Intranet to respond described request bag, described object Intranet exploitation server is the Intranet exploitation server of described client-requested access.
Second aspect, provide a kind of Intranet to develop server access device, for Quarantine Server, described Quarantine Server is between Intranet and outer net, and described device comprises:
First receiver module, for receiving the request bag of the Access Layer server transmission being positioned at described outer net, described request bag is that the client being positioned at described outer net sends to described Access Layer server;
Isolation module, detects described request bag for adopting technology of network isolation and whether meets access consideration;
First sending module, for when described request bag meets described access consideration, described request bag is sent to the object Intranet exploitation server being positioned at described Intranet, develop server to make described object Intranet to respond described request bag, described object Intranet exploitation server is the Intranet exploitation server of described client-requested access.
The third aspect, provide a kind of Intranet to develop server access system, described system comprises:
Be positioned at the Intranet exploitation server of Intranet;
Be positioned at the network access server of outer net;
And, the Quarantine Server between Intranet and outer net, the Intranet exploitation server access device described in described Quarantine Server second aspect.
The beneficial effect that technical scheme provided by the invention is brought is:
Intranet exploitation server access method provided by the invention, Apparatus and system, owing to being provided with Quarantine Server between inner network and external network, this Quarantine Server adopts technology of network isolation to detect request and wraps whether meet access consideration, when asking bag to meet access consideration, just request bag is sent to the object Intranet exploitation server being positioned at Intranet, while guarantee client-access Intranet exploitation server, achieve the Network Isolation between Intranet and outer net.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the structural representation of a kind of Intranet exploitation server access system involved by Intranet exploitation server access method that the embodiment of the present invention provides;
Fig. 2 is the flow chart of a kind of Intranet exploitation server access method that the embodiment of the present invention provides;
Fig. 3 is the concrete structure schematic diagram of the exploitation of the net shown in Fig. 1 server access system that the embodiment of the present invention provides;
Fig. 4 is the flow chart of the another kind of Intranet exploitation server access method that the embodiment of the present invention provides;
Fig. 5 is the structural representation of the another kind of Intranet exploitation server access system involved by Intranet exploitation server access method that the embodiment of the present invention provides;
Fig. 6 is the structural representation of a kind of Intranet exploitation server access device that the embodiment of the present invention provides;
Fig. 7 is the structural representation of the another kind of Intranet exploitation server access device that the embodiment of the present invention provides;
Fig. 8 is the structural representation of another Intranet exploitation server access device that the embodiment of the present invention provides;
Fig. 9 is the structural representation of a kind of server that the embodiment of the present invention provides.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
Please refer to Fig. 1, it illustrates the structural representation of a kind of Intranet exploitation server access system involved by Intranet exploitation server access method that the embodiment of the present invention provides.This Intranet exploitation server access system comprises the Intranet exploitation server 00 being positioned at Intranet; Be positioned at the network access server 01 of outer net; And, Quarantine Server 02 between Intranet and outer net, in embodiments of the present invention, region between Intranet and outer net can be called isolated area, Quarantine Server 02 is positioned at isolated area, this isolated area and Inside and outside network all adopt out strategy, namely the device being arranged in Intranet can access the Quarantine Server 02 of isolated area, the device being arranged in outer net also can access the Quarantine Server 02 of isolated area, isolated area when client-access Intranet exploitation server, can realize the Network Isolation between Intranet and outer net.
It should be noted that, outer net, Intranet are that division obtains according to the access way of the Internet is different, and wherein, outer net also claims wide area network (English: Wide Area Network; Be called for short: WAN), telenet is (English: long haul network) or public network, the physical extent that the usual cross-over connection of outer net is very large, the scope covered is from tens kilometers to several thousand kilometers, it can connect multiple city or country, or also can provide telecommunication across several continent, form international telecommunication network.The access way of outer net is: the Internet protocol that the device of being surfed the Net by outer net is obtained is (English: Internet Protocol; Be called for short: IP) address is the non-reserved address on the Internet, other devices be arranged on the device of outer net and the Internet can arbitrarily be accessed mutually; Intranet refers generally to local area network (LAN), and local area network (LAN) is (English: Local Area Network; Be called for short: LAN) refer to the calculating unit by the interconnected one-tenth of multiple stage computer in a certain region.The access way of Intranet is: the IP address that the device of being surfed the Net by Intranet is obtained is the reserved address on the Internet, and such as, reserved address can have following 3 kinds of forms: 1) 10.x.x.x; 2) 172.16.x.x to 172.31.x.x; 3) 192.168.x.x.The device of usual Intranet is (English: Network Address Translation with network address translation; Be called for short: NAT) agreement, by a public gateway access the Internet.The device of Intranet can send connection request to other devices on the Internet, but on the Internet, other device cannot send connection request to the device of Intranet.Exploitation server can carry out the exploitation of the function of client and detection etc., exploitation server can be arranged in Intranet or outer net, the exploitation server being positioned at Intranet in the embodiment of the present invention is called Intranet exploitation server, the exploitation server being positioned at outer net is called outer net exploitation server, the authority of Intranet exploitation server is higher than the authority of outer net exploitation server, can carry out multiple test and debugging to client.Wherein, debugging, refer to carry out exception or data by instrument check tracking, be mainly used for the program of checking in the data performing crucial portion, or check the abnormal notice in breakpoint place, to deal with problems.Test refers to serial of methods, or program circuit, is mainly reflected in test case, and test is mainly in order to pinpoint the problems, and the solution of problem is mainly carried out in debugging after pinpointing the problems.Network access server is (English: Network Attached Server; Abbreviation: NAS) be remote access access device, it can complete long-range access, realize dialing VPN (English: Virtual PrivateDial-up Networks; Be called for short: VPDN), build the network applications such as Intranet.
The embodiment of the present invention provides a kind of Intranet to develop server access method, and as shown in Figure 2, method comprises:
Step 101, Quarantine Server between Intranet and outer net receive the request bag that the Access Layer server that is positioned at outer net sends, and this request bag sends to Access Layer server for the client being positioned at outer net.
Step 102, Quarantine Server adopt technology of network isolation to detect request and wrap whether meet access consideration.
If step 103 asks bag to meet access consideration, request bag is sent to the object Intranet exploitation server being positioned at Intranet by Quarantine Server, develop server to make object Intranet to respond request bag, object Intranet exploitation server is the Intranet exploitation server of client-requested access.
In sum, owing to being provided with Quarantine Server between inner network and external network, this Quarantine Server adopts technology of network isolation to detect request and wraps whether meet access consideration, when asking bag to meet access consideration, just request bag is sent to the object Intranet exploitation server being positioned at Intranet, while guarantee client-access Intranet exploitation server, achieve the Network Isolation between Intranet and outer net.
Optionally, Quarantine Server is provided with at least one TCP transponder, at least one TCP transponder develops server one_to_one corresponding with the Intranet being arranged in Intranet,
Quarantine Server between Intranet and outer net receives the request bag of the Access Layer server transmission being positioned at outer net, comprising:
Quarantine Server receives the request bag of Access Layer server transmission by object TCP transponder, and object TCP transponder is the TCP transponder that Access Layer server is determined according to the destination address that request bag carries;
Request bag is sent to the object Intranet exploitation server being positioned at Intranet by Quarantine Server, comprising:
Request bag is sent to object Intranet exploitation server by object TCP transponder by Quarantine Server.
Optionally, method also comprises:
Whether Quarantine Server detects exists scanning machine and carries out TCP to Quarantine Server;
There is scanning machine if detect and carry out TCP to Quarantine Server, Quarantine Server generates and is used to indicate the warning information that there is Cyberthreat.
Optionally, whether Quarantine Server detects exists scanning machine and carries out TCP to Quarantine Server, comprising:
Quarantine Server detects the port of server to the predetermined number of Quarantine Server that whether there is same IP address in preset time period and accesses successively;
If the port of server to the predetermined number of Quarantine Server that there is same IP address in preset time period is accessed successively, Quarantine Server is determined to exist scanning machine and is carried out TCP to Quarantine Server;
If the port of server to the predetermined number of Quarantine Server that there is not same IP address in preset time period is accessed successively, Quarantine Server is determined not exist scanning machine and is carried out TCP to Quarantine Server.
Optionally, Quarantine Server by request bag be sent to be positioned at Intranet object Intranet exploitation server after, method also comprises:
Quarantine Server receives the respond packet of object Intranet exploitation server transmission by object TCP transponder, and respond packet is that object Intranet exploitation server generates according to request bag;
Respond packet is sent to Access Layer server by object TCP transponder by Quarantine Server, to make Access Layer server, respond packet is sent to client.
In sum, owing to being provided with Quarantine Server between inner network and external network, this Quarantine Server adopts technology of network isolation to detect request and wraps whether meet access consideration, when asking bag to meet access consideration, just request bag is sent to the object Intranet exploitation server being positioned at Intranet, while guarantee client-access Intranet exploitation server, achieve the Network Isolation between Intranet and outer net.
Please refer to Fig. 3, it illustrates the concrete structure schematic diagram of the net exploitation server access system shown in Fig. 1.This Intranet exploitation server access system comprises: at least one is positioned at the Intranet exploitation server 00 of Intranet; Be positioned at network access server 01 and at least one client 04 of outer net; Quarantine Server 02 between Intranet and outer net, Quarantine Server 02 is provided with at least one transmission control protocol (English: TransmissionControl Protocol; Be called for short: TCP) transponder (proxy) 021, the TCP transponder on Quarantine Server 02 develops server one_to_one corresponding with the Intranet being arranged in Intranet.Example, in Fig. 3, in this Intranet exploitation server access system, be deployed with 3 Intranet exploitation servers 00, be respectively Intranet exploitation server 001, Intranet exploitation server 002 and Intranet exploitation server 003, the corresponding TCP transponder of each Intranet exploitation server, then TCP transponder 021 totally 3, be respectively TCP transponder 0211, TCP transponder 0212 and TCP transponder 0213, wherein, Intranet exploitation server 001 is corresponding with TCP transponder 0211, Intranet exploitation server 002 is corresponding with TCP transponder 0212, Intranet exploitation server 003 is corresponding with TCP transponder 0213.
The embodiment of the present invention provides another kind of Intranet to develop server access method, and can be applied to Intranet exploitation server access system as shown in Figure 3, as shown in Figure 4, the method comprises:
Step 201, client send request bag to Access Layer server.
Client to be tested or in debug process at Intranet exploitation server, need client by Access Layer server to the request bag of Intranet exploitation server transmission for testing or debugging, Intranet exploitation server finds client Problems existing by carrying out test to this request bag, or solves client Problems existing by carrying out debugging to this request bag.
Example, suppose that client is QQ client, the QQ message of this QQ client is shown as mess code (wherein in opposite end client, the client that the chatting object that this opposite end client is the user of this QQ client of use uses), then need to test this QQ client, determine client Problems existing, after determining client Problems existing, can by debugging this QQ client, problem is constantly revised, finally deal with problems, the QQ message of QQ client is sent.This request bag can carry above-mentioned QQ message, and Intranet exploitation server determines client Problems existing by this request bag of detection and response.
Request bag is sent to the object TCP transponder of Quarantine Server by step 202, Access Layer server.
Access Layer server is positioned at the Access Layer of outer net, Access Layer is often referred to the part that in network, direct user oriented connects or accesses, Access Layer server can by this request Packet forwarding to router (Router), the next hop address needing to arrive is obtained by this router, router has the function judging the network address and select IP path, belong to a kind of interconnect device, example, the operation principle of router is as follows: the destination address of object TCP transponder is sent to router together with data message to ask the form of wrapping by Access Layer server; After router receives the request bag of Access Layer server transmission, first from packet header, take out destination address, and the optimal path of the object TCP transponder mailing to Quarantine Server is calculated according to the routing table be stored in this router, and according to this optimal path, request bag is mail to the object TCP transponder of this Quarantine Server, this request bag arrives from Access Layer server can through one or more router the process of the object TCP transponder of Quarantine Server, real process can with reference to prior art, and the embodiment of the present invention no longer describes in detail this.
Optionally, destination address is used for the destination device that unique identification request bag will send, in the embodiment of the present invention, because TCP transponder and Intranet develop server one_to_one corresponding, the address of TCP transponder only can be carried in request bag, as long as this request bag arrives the TCP transponder indicated by address of this TCP transponder, just by this TCP transponder, this request Packet forwarding can be developed server to corresponding Intranet, therefore destination address can recognition purpose TCP transponder, this destination address comprises IP address and object tcp port number, Internet protocol IP address is used to indicate the IP address of Quarantine Server, object tcp port number is used to indicate the port numbers of object TCP transponder, example, the object TCP transponder of embodiment of the present invention hypothesis goal address instruction is the TCP transponder 0211 in Fig. 3.
Step 203, Quarantine Server adopt technology of network isolation to detect request and wrap whether meet access consideration.
Technology of network isolation refers to that two or more computer or network are on the basis disconnected, realize information exchange and resource-sharing, that is, both can make two real-time performance isolation physically by technology of network isolation, and exchanges data can have been carried out under the network environment of safety again.In embodiments of the present invention, Quarantine Server can play Secure isolation leader by framework between Inside and outside network by special physical hardware and security protocol, the while of making two networks spatially physically-isolated, again can the information such as virus, malicious code in filtering data exchange process, to ensure that data message carries out exchanging, sharing in believable network environment, also to be guaranteed that by strict ID authentication mechanism user obtains desired data information simultaneously.
Example, in the embodiment of the present invention, Quarantine Server can realize Network Isolation by least one in the security mechanisms such as access control, authentication, encryption and digital signature.Such as, the user identity corresponding to wrapping according to request and a certain definitions section belonged to thereof carry out the access of limited subscriber to some item of information, or the use of restriction to some controlling functions.Different security mechanisms, corresponding different access considerations, when meeting the access consideration set by the security mechanism in Quarantine Server at request bag, just allows this request Packet forwarding to develop server to Intranet.
Wherein, access control is generally used for system manager and controls the access of client to Internet resources such as server, catalogue, files, and access control can be divided into self contained navigation and the large class of forced symmetric centralization two usually.Self contained navigation, refers to that the access object (file, tables of data etc.) being had the right to create self by user conducts interviews, and can will authorize other users to the access right of these objects and regain its access rights from the user of granted rights; Forced symmetric centralization, refer to the mandatory control of the object that user creates being unified by system (the system safety person by arranging specially), determine which user can carry out the access of what OS Type to which object according to the rule of regulation, even founder user, after establishment object, also may have no right to access this object.In embodiments of the present invention, Quarantine Server adopts forced symmetric centralization to carry out Network Isolation usually.
Authentication is also referred to as authentication or identity verify, refer to the process confirming operator's identity in computer and computer network system, thus determine whether this user has access to certain resource and rights of using, and then the access strategy of cyber-net system reliably, is effectively performed, prevent assailant from palming off the access rights of validated user acquisition resource, the safety of guarantee system and data, and the legitimate interests of granted access person.The mode of authentication can by multiple, as static password certification, dynamic password authentication or short message password certification.Example, suppose that the QQ message of QQ client continues to send, user contacts customer service, show that QQ client goes wrong, customer service provides specific dynamic password to user, then the request bag carrying this dynamic password by the authentication of Quarantine Server, can enter Intranet.
Encryption refers to and changes original information data with certain special algorithm, even if make undelegated user obtain the information of having encrypted, but because not knowing the method for deciphering, still cannot understand the content of information.Its concrete grammar can with reference to correlation technique, and embodiment of the present invention contrast is not described in detail.
Digital signature, also known as public key digital signature or Electronic Signature, be a kind of similar common physics signature write on paper, but the technology being the use of public key encryption field realizes, for the method for discriminating digit information.A set of digital signature defines two kinds of complementary computings usually, one for signature, another for checking.Its concrete grammar can with reference to correlation technique, and embodiment of the present invention contrast is not described in detail.
In practical application, technology of network isolation can comprise network admittance and control (English: Network AccessControl; Be called for short: NAC) technology, adopt NAC to terminate, Network Isolation server only can allow legal, credible end-point devices, and such as personal computer is (English: personal computer; Be called for short: PC), server, palmtop PC be (English: Personal Digital Assistant; Be called for short: PDA), wait access Intranet, and do not allow other device to access Intranet.
Optionally, in the embodiment of the present invention, the port numbers being arranged on the TCP transponder on Quarantine Server can be dynamic port (Dynamic Ports) or privately owned port (Private Ports), as port numbers 49152 to 65535, its utilization rate is lower, in these port numbers, select some not have leaky port numbers as the port numbers of TCP transponder, the probability that the port numbers that can reduce TCP transponder is found by lawless person, realize certain Network Isolation effect.
Request bag, when asking bag to meet access consideration, is sent to the object Intranet exploitation server being positioned at Intranet by step 204, Quarantine Server by object TCP transponder.
TCP transponder is used for forwarding complete for TCP bag to set another address, and TCP bag can be request bag or respond packet.Developing server due to TCP transponder in the embodiment of the present invention and Intranet is one to one, therefore, for any one TCP transponder, the Intranet exploitation server of another address set corresponding to this TCP transponder, therefore, when object TCP transponder obtains request bag, this request bag can be sent to the Intranet exploitation server that this object TCP transponder is corresponding, i.e. object Intranet exploitation server, this object Intranet exploitation server is the Intranet exploitation server of client-requested access, can respond request bag.
Example, the object TCP transponder of embodiment of the present invention hypothesis goal address instruction is the TCP transponder 0211 in Fig. 3, because Intranet exploitation server 001 is corresponding with TCP transponder 0211, then request bag is sent to Intranet exploitation server 001 by TCP transponder 0211.
Step 205, object Intranet exploitation server generates respond packet according to request bag.
Example, this respond packet can comprise wraps according to request the test or tune-up data that generate.
Respond packet is sent to the object TCP transponder of Quarantine Server by step 206, object Intranet exploitation server.
Due to Intranet exploitation server and TCP transponder one_to_one corresponding, therefore respond packet can be back to object TCP transponder corresponding to object Intranet exploitation server according to the original route of request bag.
Respond packet is sent to Access Layer server by object TCP transponder by step 207, Quarantine Server.
Because the access rights of Intranet exploitation server are higher, usual Quarantine Server is without the need to processing this respond packet again, only need carry out simple respond packet by object TCP transponder to forward, but, in order to ensure the safety of respond packet, can also be encrypted respond packet or the process such as digital signature, specifically can refer step 203, the present invention does not repeat this.
Step 208, enter stratum server respond packet is sent to client.
What deserves to be explained is, in the embodiment of the present invention, TCP transponder on Quarantine Server 02 develops server one_to_one corresponding with the Intranet being arranged in Intranet, so not only can increase the difficulty that lawless person inquires about port numbers, also can realize the accurate forwarding of asking bag or respond packet.
Further, Quarantine Server, in the process performing step 203, can also detect and whether there is scanning machine and carry out TCP to Quarantine Server; There is scanning machine if detect and carry out TCP to Quarantine Server, Quarantine Server generates and is used to indicate the warning information that there is Cyberthreat, and this warning information can send to system safety person's (also claiming network manager) usually.Optionally, whether Quarantine Server detects exists scanning machine and carries out TCP to Quarantine Server, comprising: Quarantine Server detects the port of server to the predetermined number of Quarantine Server that whether there is same IP address in preset time period and accesses successively (also claiming poll); If the port of server to the predetermined number of Quarantine Server that there is same IP address in preset time period is accessed successively, Quarantine Server is determined to exist scanning machine and is carried out TCP to Quarantine Server; If the port of server to the predetermined number of Quarantine Server that there is not same IP address in preset time period is accessed successively, Quarantine Server is determined not exist scanning machine and is carried out TCP to Quarantine Server.Example, this preset time period is 15 minutes, and predetermined number is at least 10.Whether detection exists the carry out TCP of scanning machine to Quarantine Server is a kind of effective alarming mechanism, can preventing lawless person from trying out correct port numbers by accessing each port successively, even if prompt system security official, preventing the attack of lawless person.
In actual applications, the outer net exploitation server 03 being positioned at outer net can also be comprised in Intranet exploitation server access system, please refer to Fig. 5, it illustrates the structural representation of the another kind of Intranet exploitation server access system involved by Intranet exploitation server access method that the embodiment of the present invention provides.This Intranet exploitation server access system comprises at least one Intranet exploitation server 00 being positioned at Intranet; Be positioned at the network access server 01 of outer net, at least one outer net exploitation server 03 and at least client 04; Quarantine Server 02 between Intranet and outer net, example, in Fig. 5, in this Intranet exploitation server access system, be deployed with 3 Intranet exploitation servers 00, be respectively Intranet exploitation server 001, Intranet exploitation server 002 and Intranet exploitation server 003,2 outer net exploitation servers 03, be respectively outer net exploitation server 031, outer net exploitation server 032.In the Intranet exploitation server access system shown in Fig. 5, network access server first can judge the position of the exploitation server that client will be accessed, if client-access is Intranet exploitation server, its detailed process can refer step 201 to 208, if client-access is outer net exploitation server, then destination address wants the outer net exploitation server of access for identifying client, after above-mentioned steps 201, request bag is sent to the outer net exploitation server that client is wanted to access by Access Layer server, the respond packet that server generates response is developed by this outer net, and return to client according to former road.Further, can also be provided with in outer net and develop server TCP transponder one to one with outer net, to carry out the forwarding of asking bag or respond packet, the then method to set up of destination address and identical in step 202, the retransmission method of TCP transponder is identical with step 204, and the embodiment of the present invention repeats no more this.
It should be noted that; the sequencing of the Intranet exploitation server access method step that the embodiment of the present invention provides can suitably adjust; step also according to circumstances can carry out corresponding increase and decrease; anyly be familiar with those skilled in the art in the technical scope that the present invention discloses; the method changed can be expected easily; all should be encompassed within protection scope of the present invention, therefore repeat no more.
In sum, owing to being provided with Quarantine Server between inner network and external network, this Quarantine Server adopts technology of network isolation to detect request and wraps whether meet access consideration, when asking bag to meet access consideration, just request bag is sent to the object Intranet exploitation server being positioned at Intranet, while guarantee client-access Intranet exploitation server, achieve the Network Isolation between Intranet and outer net.Further, because the authority of Intranet exploitation server is higher than outer net exploitation server, better test and debugging can be carried out to client.
The embodiment of the present invention provides a kind of Intranet to develop the structural representation of server access device 30, and as shown in Figure 6, for Quarantine Server, Quarantine Server is between Intranet and outer net, and this device 30 comprises:
First receiver module 301, for receiving the request bag that the Access Layer server that is positioned at outer net sends, request bag sends to Access Layer server for the client being positioned at outer net.
Isolation module 302, detects request bag for adopting technology of network isolation and whether meets access consideration.
First sending module 303, for when asking bag to meet access consideration, request bag is sent to the object Intranet exploitation server being positioned at Intranet, develops server respond request bag to make object Intranet, object Intranet exploitation server is the Intranet exploitation server of client-requested access.
In sum, owing to being provided with Intranet exploitation server access device between inner network and external network, isolation module in this Intranet exploitation server access device adopts technology of network isolation to detect request and wraps whether meet access consideration, when asking bag to meet access consideration, request bag is just sent to the object Intranet exploitation server being positioned at Intranet by the first sending module, while guarantee client-access Intranet exploitation server, achieve the Network Isolation between Intranet and outer net.
Further, Quarantine Server is provided with at least one TCP transponder, at least one TCP transponder develops server one_to_one corresponding with the Intranet being arranged in Intranet, first receiver module 301, for: the request bag being received the transmission of Access Layer server by object TCP transponder, object TCP transponder is the TCP transponder that Access Layer server is determined according to the destination address that request bag carries.First sending module 302, for: by object TCP transponder, request bag is sent to object Intranet exploitation server.
The embodiment of the present invention provides another kind of Intranet to develop the structural representation of server access device 30, and as shown in Figure 7, for Quarantine Server, Quarantine Server is between Intranet and outer net, and device 30 comprises:
First receiver module 301, for receiving the request bag that the Access Layer server that is positioned at outer net sends, request bag sends to Access Layer server for the client being positioned at outer net.
Isolation module 302, detects request bag for adopting technology of network isolation and whether meets access consideration.
First sending module 303, for when asking bag to meet access consideration, request bag is sent to the object Intranet exploitation server being positioned at Intranet, develops server respond request bag to make object Intranet, object Intranet exploitation server is the Intranet exploitation server of client-requested access.
Whether detection module 304, exist scanning machine and carry out TCP for detecting to Quarantine Server.
Alarm module 305, for when detecting that there is scanning machine carries out TCP to Quarantine Server, generating and being used to indicate the warning information that there is Cyberthreat.
Wherein, detection module 304, for: survey the port of server to the predetermined number of Quarantine Server that whether there is same IP address in preset time period and access successively; When the port of server to the predetermined number of Quarantine Server that there is same IP address in preset time period is accessed successively, determine to exist scanning machine and TCP is carried out to Quarantine Server; When the port of server to the predetermined number of Quarantine Server that there is not same IP address in preset time period is accessed successively, determine not exist scanning machine and TCP is carried out to Quarantine Server.
The embodiment of the present invention provides another Intranet to develop the structural representation of server access device 30, and as shown in Figure 8, for Quarantine Server, Quarantine Server is between Intranet and outer net, and device 30 comprises:
First receiver module 301, for receiving the request bag that the Access Layer server that is positioned at outer net sends, request bag sends to Access Layer server for the client being positioned at outer net.
Isolation module 302, detects request bag for adopting technology of network isolation and whether meets access consideration.
First sending module 303, for when asking bag to meet access consideration, request bag is sent to the object Intranet exploitation server being positioned at Intranet, develops server respond request bag to make object Intranet, object Intranet exploitation server is the Intranet exploitation server of client-requested access.
Second receiver module 306, for being received the respond packet that object Intranet exploitation server sends by object TCP transponder, respond packet is that object Intranet exploitation server generates according to request bag;
Second sending module 307, for respond packet being sent to Access Layer server by object TCP transponder, is sent to client to make Access Layer server by respond packet.
In sum, owing to being provided with Intranet exploitation server access device between inner network and external network, isolation module in this Intranet exploitation server access device adopts technology of network isolation to detect request and wraps whether meet access consideration, when asking bag to meet access consideration, request bag is just sent to the object Intranet exploitation server being positioned at Intranet by the first sending module, while guarantee client-access Intranet exploitation server, achieve the Network Isolation between Intranet and outer net.
The embodiment of the present invention provides a kind of Intranet to develop server access system, and described system can comprise: the Intranet exploitation server being positioned at Intranet; Be positioned at the network access server of outer net; And the Quarantine Server between Intranet and outer net, described Quarantine Server can be the Quarantine Server in above-mentioned any embodiment.This Intranet exploitation server access system can be arbitrary described Intranet exploitation server access system in Fig. 1, Fig. 3 and Fig. 5.
Fig. 9 shows the structural representation of a kind of server that the embodiment of the present invention provides, and the Intranet exploitation server access device in the embodiment of the present invention can be the part or all of of this server.This server can be the server in background server cluster 140.Specifically:
Server 400 comprises CPU (CPU) 401, comprises the system storage 404 of random access memory (RAM) 402 and read-only memory (ROM) 403, and the system bus 405 of connected system memory 404 and CPU 401.Server 400 also comprises the basic input/output (I/O system) 406 of transmission information between each device of helping in computer, and for the mass-memory unit 407 of storage operation system 413, application program 414 and other program modules 415.
Basic input/output 406 includes the input equipment 409 of the display 408 for showing information and the such as mouse, keyboard and so on for user's input information.Wherein display 408 and input equipment 409 are all connected to CPU 401 by the IOC 410 being connected to system bus 405.Basic input/output 406 can also comprise IOC 410 for receiving and processing the input from other equipment multiple such as keyboard, mouse or electronic touch pens.Similarly, IOC 410 also provides the output equipment outputting to display screen, printer or other types.
Mass-memory unit 407 is connected to CPU 401 by the bulk memory controller (not shown) being connected to system bus 405.Mass-memory unit 407 and the computer-readable medium that is associated thereof provide non-volatile memories for server 400.That is, mass-memory unit 407 can comprise the computer-readable medium (not shown) of such as hard disk or CD-ROM drive and so on.
Without loss of generality, computer-readable medium can comprise computer-readable storage medium and communication media.Computer-readable storage medium comprises the volatibility and non-volatile, removable and irremovable medium that realize for any method or technology that store the information such as such as computer-readable instruction, data structure, program module or other data.Computer-readable storage medium comprises RAM, ROM, EPROM, EEPROM, flash memory or its technology of other solid-state storage, CD-ROM, DVD or other optical storage, cassette, tape, disk storage or other magnetic storage apparatus.Certainly, the known computer-readable storage medium of those skilled in the art is not limited to above-mentioned several.Above-mentioned system storage 404 and mass-memory unit 407 can be referred to as memory.
According to various embodiments of the present invention, the remote computer that server 400 can also be connected on network by networks such as such as internets runs.Also namely server 400 can be connected to network 412 by the network interface unit 411 be connected on system bus 405, in other words, network interface unit 411 also can be used to be connected to network or the remote computer system (not shown) of other types.
Above-mentioned memory also comprises one or more than one program, more than one or one program is stored in memory, be configured to be performed by CPU, this or more than one program comprise the Intranet exploitation server access method that above-mentioned any embodiment provides.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the system of foregoing description, the specific works process of device and module, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can have been come by hardware, the hardware that also can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (11)
1. an Intranet exploitation server access method, it is characterized in that, described method comprises:
Quarantine Server between Intranet and outer net receives the request bag of the Access Layer server transmission being positioned at described outer net, and described request bag is that the client being positioned at described outer net sends to described Access Layer server;
Described Quarantine Server adopts technology of network isolation detection described request bag whether to meet access consideration;
If described request bag meets described access consideration, described request bag is sent to the object Intranet exploitation server being positioned at described Intranet by described Quarantine Server, develop server to make described object Intranet to respond described request bag, described object Intranet exploitation server is the Intranet exploitation server of described client-requested access.
2. method according to claim 1, is characterized in that, described Quarantine Server is provided with at least one TCP transponder, and at least one TCP transponder described develops server one_to_one corresponding with the Intranet being arranged in described Intranet,
Described Quarantine Server between Intranet and outer net receives the request bag of the Access Layer server transmission being positioned at described outer net, comprising:
Described Quarantine Server receives the request bag of described Access Layer server transmission by object TCP transponder, and described object TCP transponder is the TCP transponder that described Access Layer server is determined according to the destination address that described request bag carries;
Described request bag is sent to the object Intranet exploitation server being positioned at described Intranet by described Quarantine Server, comprising:
Described request bag is sent to object Intranet exploitation server by described object TCP transponder by described Quarantine Server.
3. method according to claim 1 and 2, is characterized in that, described method also comprises:
Whether described Quarantine Server detects exists scanning machine and carries out TCP to described Quarantine Server;
There is scanning machine if detect and carry out TCP to described Quarantine Server, described Quarantine Server generates and is used to indicate the warning information that there is Cyberthreat.
4. method according to claim 3, is characterized in that, whether described Quarantine Server detects exists scanning machine and carry out TCP to described Quarantine Server, comprising:
Described Quarantine Server detects the port of server to the predetermined number of described Quarantine Server that whether there is same IP address in preset time period and accesses successively;
If the port of server to the predetermined number of described Quarantine Server that there is same IP address in described preset time period is accessed successively, described Quarantine Server is determined to exist scanning machine and is carried out TCP to described Quarantine Server;
If the port of server to the predetermined number of described Quarantine Server that there is not same IP address in described preset time period is accessed successively, described Quarantine Server is determined not exist scanning machine and is carried out TCP to described Quarantine Server.
5. according to the arbitrary described method of Claims 1-4, it is characterized in that, after described request bag to be sent to the object Intranet exploitation server being positioned at described Intranet by described Quarantine Server, described method also comprises:
Described Quarantine Server receives the respond packet of described object Intranet exploitation server transmission by described object TCP transponder, and described respond packet is that described object Intranet exploitation server generates according to described request bag;
Described respond packet is sent to described Access Layer server by described object TCP transponder by described Quarantine Server, to make described Access Layer server, described respond packet is sent to described client.
6. an Intranet exploitation server access device, it is characterized in that, for Quarantine Server, described Quarantine Server is between Intranet and outer net, and described device comprises:
First receiver module, for receiving the request bag of the Access Layer server transmission being positioned at described outer net, described request bag is that the client being positioned at described outer net sends to described Access Layer server;
Isolation module, detects described request bag for adopting technology of network isolation and whether meets access consideration;
First sending module, for when described request bag meets described access consideration, described request bag is sent to the object Intranet exploitation server being positioned at described Intranet, develop server to make described object Intranet to respond described request bag, described object Intranet exploitation server is the Intranet exploitation server of described client-requested access.
7. device according to claim 6, is characterized in that, described Quarantine Server is provided with at least one TCP transponder, and at least one TCP transponder described develops server one_to_one corresponding with the Intranet being arranged in described Intranet,
Described first receiver module, for:
Received the request bag of described Access Layer server transmission by object TCP transponder, described object TCP transponder is the TCP transponder that described Access Layer server is determined according to the destination address that described request bag carries;
Described first sending module, for:
By described object TCP transponder, described request bag is sent to object Intranet exploitation server.
8. the device according to claim 6 or 7, is characterized in that, described device also comprises:
Whether detection module, exist scanning machine and carry out TCP for detecting to described Quarantine Server;
Alarm module, for when detecting that there is scanning machine carries out TCP to described Quarantine Server, generating and being used to indicate the warning information that there is Cyberthreat.
9. device according to claim 8, is characterized in that, described detection module, for:
Survey the port of server to the predetermined number of described Quarantine Server that whether there is same IP address in preset time period to access successively;
When the port of server to the predetermined number of described Quarantine Server that there is same IP address in described preset time period is accessed successively, determine to exist scanning machine and TCP is carried out to described Quarantine Server;
When the port of server to the predetermined number of described Quarantine Server that there is not same IP address in described preset time period is accessed successively, determine not exist scanning machine and TCP is carried out to described Quarantine Server.
10., according to the arbitrary described device of claim 6 to 9, it is characterized in that, described device also comprises:
Second receiver module, for being received the respond packet that described object Intranet exploitation server sends by described object TCP transponder, described respond packet is that described object Intranet exploitation server generates according to described request bag;
Second sending module, for described respond packet being sent to described Access Layer server by described object TCP transponder, is sent to described client to make described Access Layer server by described respond packet.
11. 1 kinds of Intranet exploitation server access systems, it is characterized in that, described system comprises:
Be positioned at the Intranet exploitation server of Intranet;
Be positioned at the network access server of outer net;
And the Quarantine Server between Intranet and outer net, described Quarantine Server comprises claim 6 to 10 arbitrary described Intranet exploitation server access device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510209834.8A CN104967609B (en) | 2015-04-28 | 2015-04-28 | Intranet exploitation server access method, apparatus and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510209834.8A CN104967609B (en) | 2015-04-28 | 2015-04-28 | Intranet exploitation server access method, apparatus and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104967609A true CN104967609A (en) | 2015-10-07 |
| CN104967609B CN104967609B (en) | 2018-11-06 |
Family
ID=54221552
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510209834.8A Active CN104967609B (en) | 2015-04-28 | 2015-04-28 | Intranet exploitation server access method, apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104967609B (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107026850A (en) * | 2017-03-17 | 2017-08-08 | 江苏曙光信息技术有限公司 | A kind of intranet and extranet document exchange method |
| CN107147637A (en) * | 2017-05-05 | 2017-09-08 | 腾讯科技(深圳)有限公司 | A kind of tasks carrying request processing method, device and computer-readable storage medium |
| CN107172011A (en) * | 2017-04-18 | 2017-09-15 | 东莞信大融合创新研究院 | The method and device of data transfer |
| CN107566533A (en) * | 2017-10-26 | 2018-01-09 | 南威软件股份有限公司 | A kind of intranet and extranet shared file system realized based on NAS |
| CN109246078A (en) * | 2018-08-02 | 2019-01-18 | 平安科技(深圳)有限公司 | A kind of data interactive method and server |
| CN109906586A (en) * | 2016-12-30 | 2019-06-18 | 谷歌有限责任公司 | The system and method for configuration verification across secure network boundary |
| CN110011955A (en) * | 2018-12-06 | 2019-07-12 | 阿里巴巴集团控股有限公司 | A kind of SSRF loophole or attack determination, processing method, device, equipment and medium |
| CN110363025A (en) * | 2019-06-28 | 2019-10-22 | 北京淇瑀信息科技有限公司 | A kind of user data privacy management method, apparatus and electronic equipment |
| CN110727490A (en) * | 2019-09-19 | 2020-01-24 | 平安科技(深圳)有限公司 | Windows account remote management method, device and storage medium |
| CN110971715A (en) * | 2018-09-28 | 2020-04-07 | 贵州白山云科技股份有限公司 | Headquarter access request method, device and system |
| CN111371741A (en) * | 2020-02-19 | 2020-07-03 | 中国平安人寿保险股份有限公司 | Method and device for transmitting data of external network to internal network, computer equipment and storage medium |
| CN111985906A (en) * | 2020-09-02 | 2020-11-24 | 中国银行股份有限公司 | Remote office system, method, device and storage medium |
| CN112291279A (en) * | 2020-12-31 | 2021-01-29 | 南京敏宇数行信息技术有限公司 | Router intranet access method, system and equipment and readable storage medium |
| CN112637176A (en) * | 2020-12-17 | 2021-04-09 | 山东云天安全技术有限公司 | Industrial network data isolation method, device and storage medium |
| CN113268406A (en) * | 2020-02-14 | 2021-08-17 | 北京沃东天骏信息技术有限公司 | Method, device, equipment and computer readable medium for testing software |
| CN113472760A (en) * | 2021-06-22 | 2021-10-01 | 上海外高桥造船有限公司 | Enterprise internal cooperation management method, system, equipment and medium |
| CN114443594A (en) * | 2021-12-18 | 2022-05-06 | 中国大唐集团科学技术研究院有限公司中南电力试验研究院 | Network security data interaction method, system, device and storage medium |
| CN115150813A (en) * | 2022-09-05 | 2022-10-04 | 北京智芯半导体科技有限公司 | eSIM card number writing method, writing device, communication system and server |
| CN116708580A (en) * | 2023-08-08 | 2023-09-05 | 武汉华瑞测智能技术有限公司 | Power plant intranet access method, equipment and medium based on network isolation device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1281189A (en) * | 2000-08-23 | 2001-01-24 | 深圳市宏网实业有限公司 | Network security server and its intelligent protection method |
| CN1421772A (en) * | 2001-11-27 | 2003-06-04 | 四川安盟科技有限责任公司 | New system safety guarding method of observing invading scan behavior |
| CN1421771A (en) * | 2001-11-27 | 2003-06-04 | 四川安盟科技有限责任公司 | Guard system to defend network invansion of unkown attack trick effectively |
| CN1917426A (en) * | 2005-08-17 | 2007-02-21 | 国际商业机器公司 | Port scanning method and device, port scanning detection method and device, port scanning system |
| CN102271132A (en) * | 2011-07-26 | 2011-12-07 | 北京星网锐捷网络技术有限公司 | Control method and system for network access authority and client |
| CN104023024A (en) * | 2014-06-13 | 2014-09-03 | 中国民航信息网络股份有限公司 | Network defense method and device |
| CN104363165A (en) * | 2014-11-14 | 2015-02-18 | 华东电网有限公司 | Information interactive system under internal and external network isolation environment and data integrating method |
-
2015
- 2015-04-28 CN CN201510209834.8A patent/CN104967609B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1281189A (en) * | 2000-08-23 | 2001-01-24 | 深圳市宏网实业有限公司 | Network security server and its intelligent protection method |
| CN1421772A (en) * | 2001-11-27 | 2003-06-04 | 四川安盟科技有限责任公司 | New system safety guarding method of observing invading scan behavior |
| CN1421771A (en) * | 2001-11-27 | 2003-06-04 | 四川安盟科技有限责任公司 | Guard system to defend network invansion of unkown attack trick effectively |
| CN1917426A (en) * | 2005-08-17 | 2007-02-21 | 国际商业机器公司 | Port scanning method and device, port scanning detection method and device, port scanning system |
| CN102271132A (en) * | 2011-07-26 | 2011-12-07 | 北京星网锐捷网络技术有限公司 | Control method and system for network access authority and client |
| CN104023024A (en) * | 2014-06-13 | 2014-09-03 | 中国民航信息网络股份有限公司 | Network defense method and device |
| CN104363165A (en) * | 2014-11-14 | 2015-02-18 | 华东电网有限公司 | Information interactive system under internal and external network isolation environment and data integrating method |
Non-Patent Citations (1)
| Title |
|---|
| 陈征等: "《网络隔离环境下多节点接入控制技术研究》", 《小型微型计算机系统》 * |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109906586A (en) * | 2016-12-30 | 2019-06-18 | 谷歌有限责任公司 | The system and method for configuration verification across secure network boundary |
| US11929877B2 (en) | 2016-12-30 | 2024-03-12 | Google Llc | Systems and methods for configuration verification across secured network boundaries |
| US11601333B2 (en) | 2016-12-30 | 2023-03-07 | Google Llc | Systems and methods for configuration verification across secured network boundaries |
| CN109906586B (en) * | 2016-12-30 | 2022-08-02 | 谷歌有限责任公司 | System and method for configuration verification across secure network boundaries |
| CN107026850B (en) * | 2017-03-17 | 2018-07-31 | 中科曙光南京研究院有限公司 | A kind of intranet and extranet document exchange method |
| CN107026850A (en) * | 2017-03-17 | 2017-08-08 | 江苏曙光信息技术有限公司 | A kind of intranet and extranet document exchange method |
| CN107172011A (en) * | 2017-04-18 | 2017-09-15 | 东莞信大融合创新研究院 | The method and device of data transfer |
| CN107147637A (en) * | 2017-05-05 | 2017-09-08 | 腾讯科技(深圳)有限公司 | A kind of tasks carrying request processing method, device and computer-readable storage medium |
| CN107566533B (en) * | 2017-10-26 | 2020-08-04 | 南威软件股份有限公司 | Internal and external network file sharing system based on NAS (network attached storage) |
| CN107566533A (en) * | 2017-10-26 | 2018-01-09 | 南威软件股份有限公司 | A kind of intranet and extranet shared file system realized based on NAS |
| CN109246078A (en) * | 2018-08-02 | 2019-01-18 | 平安科技(深圳)有限公司 | A kind of data interactive method and server |
| CN110971715A (en) * | 2018-09-28 | 2020-04-07 | 贵州白山云科技股份有限公司 | Headquarter access request method, device and system |
| CN110011955A (en) * | 2018-12-06 | 2019-07-12 | 阿里巴巴集团控股有限公司 | A kind of SSRF loophole or attack determination, processing method, device, equipment and medium |
| CN110011955B (en) * | 2018-12-06 | 2022-03-04 | 蚂蚁蓉信(成都)网络科技有限公司 | SSRF vulnerability or attack determination and processing method, device, equipment and medium |
| CN110363025A (en) * | 2019-06-28 | 2019-10-22 | 北京淇瑀信息科技有限公司 | A kind of user data privacy management method, apparatus and electronic equipment |
| CN110727490A (en) * | 2019-09-19 | 2020-01-24 | 平安科技(深圳)有限公司 | Windows account remote management method, device and storage medium |
| CN113268406A (en) * | 2020-02-14 | 2021-08-17 | 北京沃东天骏信息技术有限公司 | Method, device, equipment and computer readable medium for testing software |
| CN111371741A (en) * | 2020-02-19 | 2020-07-03 | 中国平安人寿保险股份有限公司 | Method and device for transmitting data of external network to internal network, computer equipment and storage medium |
| CN111371741B (en) * | 2020-02-19 | 2024-04-26 | 中国平安人寿保险股份有限公司 | Method, device, computer equipment and storage medium for transmitting external network data to internal network |
| CN111985906A (en) * | 2020-09-02 | 2020-11-24 | 中国银行股份有限公司 | Remote office system, method, device and storage medium |
| CN112637176B (en) * | 2020-12-17 | 2021-08-20 | 山东云天安全技术有限公司 | Industrial network data isolation method, device and storage medium |
| CN112637176A (en) * | 2020-12-17 | 2021-04-09 | 山东云天安全技术有限公司 | Industrial network data isolation method, device and storage medium |
| CN112291279A (en) * | 2020-12-31 | 2021-01-29 | 南京敏宇数行信息技术有限公司 | Router intranet access method, system and equipment and readable storage medium |
| CN113472760A (en) * | 2021-06-22 | 2021-10-01 | 上海外高桥造船有限公司 | Enterprise internal cooperation management method, system, equipment and medium |
| CN114443594A (en) * | 2021-12-18 | 2022-05-06 | 中国大唐集团科学技术研究院有限公司中南电力试验研究院 | Network security data interaction method, system, device and storage medium |
| CN115150813A (en) * | 2022-09-05 | 2022-10-04 | 北京智芯半导体科技有限公司 | eSIM card number writing method, writing device, communication system and server |
| CN115150813B (en) * | 2022-09-05 | 2023-01-20 | 北京智芯半导体科技有限公司 | eSIM card code number writing method, writing device, communication system and server |
| CN116708580A (en) * | 2023-08-08 | 2023-09-05 | 武汉华瑞测智能技术有限公司 | Power plant intranet access method, equipment and medium based on network isolation device |
| CN116708580B (en) * | 2023-08-08 | 2023-10-13 | 武汉华瑞测智能技术有限公司 | Power plant intranet access method, equipment and medium based on network isolation device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104967609B (en) | 2018-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104967609A (en) | Intranet development server access method, intranet development server access device and intranet development server access system | |
| US10084825B1 (en) | Reducing redundant operations performed by members of a cooperative security fabric | |
| US11349862B2 (en) | Systems and methods for testing known bad destinations in a production network | |
| US20140020067A1 (en) | Apparatus and method for controlling traffic based on captcha | |
| CN104426740B (en) | System and method for management tunnel endpoint | |
| US20120255022A1 (en) | Systems and methods for determining vulnerability to session stealing | |
| US7463593B2 (en) | Network host isolation tool | |
| US11252183B1 (en) | System and method for ransomware lateral movement protection in on-prem and cloud data center environments | |
| US20090119745A1 (en) | System and method for preventing private information from leaking out through access context analysis in personal mobile terminal | |
| KR102460691B1 (en) | System for controlling network access based on controller and method of the same | |
| KR102460696B1 (en) | System for controlling network access based on controller and method of the same | |
| Krit et al. | Overview of firewalls: Types and policies: Managing windows embedded firewall programmatically | |
| CN102045310B (en) | Industrial Internet intrusion detection as well as defense method and device | |
| JP2023162313A (en) | System for authenticating and controlling network connection of terminal and method related thereto | |
| CN102045309A (en) | Method and device for preventing computer from being attacked by virus | |
| US10158610B2 (en) | Secure application communication system | |
| KR101522139B1 (en) | Method for blocking selectively in dns server and change the dns address using proxy | |
| US8583913B1 (en) | Securely determining internet connectivity between networks | |
| CN102694667A (en) | Method supporting user autonomous deployment of network and system thereof | |
| CN111726328A (en) | Method, system and related device for remotely accessing a first device | |
| KR102460692B1 (en) | System for controlling network access based on controller and method of the same | |
| KR20160115132A (en) | Method for providing security service in cloud system and the cloud system thereof | |
| US11784993B2 (en) | Cross site request forgery (CSRF) protection for web browsers | |
| CN113890864A (en) | Data packet processing method and device, electronic equipment and storage medium | |
| Amin et al. | Edge-computing with graph computation: A novel mechanism to handle network intrusion and address spoofing in SDN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |