CN109120599A - A kind of external connection managing and control system - Google Patents
A kind of external connection managing and control system Download PDFInfo
- Publication number
- CN109120599A CN109120599A CN201810809479.1A CN201810809479A CN109120599A CN 109120599 A CN109120599 A CN 109120599A CN 201810809479 A CN201810809479 A CN 201810809479A CN 109120599 A CN109120599 A CN 109120599A
- Authority
- CN
- China
- Prior art keywords
- terminal
- client
- external connection
- software client
- illegal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention provides a kind of external connection managing and control system based on (SuSE) Linux OS, including server admin end and software client, wherein server admin end can scan all terminals in Intranet, and the illegal terminal pushing software client into Intranet;The software client can come into force in kernel-driven, real time monitoring network connection and USB port connection status, the access behavior of terminal, access information feature are supervised, and generate detailed terminal external connection log, terminal network is established to be closely connected with what software client protected, take the thinking of " real-time monitoring; block in time ", block " illegal external connection " terminal to internal network to threat, intercept the generation of illegal external connection, to avoid external connection event from occurring, information-leakage is caused, the security assurance information demand of concerning security matters network is met.
Description
Technical field
The invention belongs to field of computer technology, and in particular to it is a kind of based on (SuSE) Linux OS can be in driving
The external connection managing and control system of generation movement and blocking equipment connection.
Background technique
With the continuous development of Chinese government's project of surfing the net, computer techno-stress case of divulging a secret just increases year by year, information peace
Full status is very severe.All the time, Prevention-Security theory is limited to conventional gateway rank (firewall etc.), network boundary
The defence of (vulnerability scanning, security audit, anti-virus, IDS) etc., important safety devices largely concentrate on computer room, network
Inlet.For the safe operation for guaranteeing concerning security matters network, implements physical isolation between concerning security matters network and public information network, be to work as
The main security secrecy provision that preceding concerning security matters network is taken, physical isolation can provide between concerning security matters network and public information network
One security boundary, to establish a credible controllable internal security network, to reduce the security threat from network-external;
However network internal equally exists serious security threat, this threat is increasingly becoming most of network management personnels and currently leads
It faces and urgent problem.
Summary of the invention
The managing and control system that the present invention provides a kind of on kernel-driven carries out network communication blocking, is intercepted outside in violation of rules and regulations
Join the new way occurred, so that Intranet terminal device external connection event be avoided to occur, prevents from causing information-leakage, meet concerning security matters
The security assurance information demand of network.
The technical solution adopted by the present invention are as follows: a kind of external connection managing and control system is based on (SuSE) Linux OS, and this system includes
Server admin end and software client.
The server admin end possesses strict Admission control, and communicates with Intranet all clients, service
Device management end can scan all terminal machines of local area network and server communication, scan all online terminals in local area network and
Non- online terminal;Server admin end can check whether terminal installs software client, for installing the terminal of client
Think to meet server Admission control, it being capable of normal use;Terminal for not installing client thinks not meeting service
Device Admission control cannot communicate in local area network;Server admin end can issue the terminal of installation software client
Strategy, and collect and check the log information of terminal;Push client installation is forced to the terminal for being fitted without software client
Program, until detecting terminal, there are client service processes, meet the Admission control at server admin end.
The software client needs to be mounted in local area network on every terminal machine;Software client uses two process
Protected mode, user can not directly unload or terminate process, and administrator can be used dedicated tool of unloading and carry out client unloading;
The network connection state and USB port connection status of client real-time monitoring terminal;To being inserted directly into outer cable, double netcard, hot spot
WIFI, smart machine shared internet connection are monitored and block, and USB access illegal to terminal is monitored and blocks, and generates detailed
Thin terminal external connection log, log recording terminal user name, the address Mac, IP address and illegal external connection event type and time.
Software client monitoring mechanism judges illegal external connection thing by " three-way handshake " before detection TCP data connection
Part.When terminal has illegal external connection intention, software client can act on kernel-driven and carry out network interface card disabling or USB driving taboo
With blocking data transmission guarantees terminal security.
The beneficial effect comprise that: software client can come into force in kernel-driven, to the access behavior of terminal,
Access information feature is supervised, and is established terminal network and is closely connected with what client was protected, and " real-time monitoring, in time resistance are taken
It is disconnected " thinking, block " illegal external connection " terminal, to threat, the generation of illegal external connection to be intercepted, to avoid external connection to internal network
Event occurs, and causes information-leakage, meets the security assurance information demand of concerning security matters network.
Detailed description of the invention
Fig. 1 is the whole composition schematic diagram of system;
Fig. 2 is software client monitoring function schematic diagram;
Fig. 3 is server admin end functional schematic.
Specific embodiment
The present invention will be further described below with reference to the drawings.
The present invention is a kind of external connection managing and control system, is novel C/S architecture technology suitable for (SuSE) Linux OS, to meter
Calculation machine connects outer net and USB device carries out security management and control, using the multimachine tubulation control technology on kernel-driven, realizes illegal outer
The blocking and alarm of blocking and alarm, the illegal USB access of connection;Server admin end and software client are affixed one's name in interior wet end,
Middle software client needs to be deployed on every interior network termination." region 1 " and " region 2 " expression of the terminal of different segment, such as
Shown in Fig. 1, " region 1 " be install client terminal machine, be legal terminal, can in Intranet normal communication and receive plan
Slightly;" region 2 " is the terminal machine for not installing client, is illegal terminal, cannot be at Intranet normal communication, server admin end
Installation program of client can be pushed to illegal terminal, until it becomes legal terminal.
Software client can monitor the access behavior of legal terminal in real time, and supervise to access information feature, establish
Terminal network is closely connected with what client was protected.Terminal can take two process protected mode after installing software at once, prevent
Improper means hinders software work.Server admin end can establish connection with all terminals of Intranet, form legal Intranet, energy
Enough uploads, distributing policy, and security status can be grasped.
As shown in Fig. 2, software client can be judged outside illegal by " three-way handshake " before detection TCP data connection
Connection event, the network connection state and USB port connection status of real-time monitoring terminal ensure that legal terminal can normally lead in Intranet
Letter prevents legal terminal from connecting outer net.Client can prevent other portable equipments, intelligent USB device etc. from accessing interior Network Communication.It is right
The end host for being inserted into the illegal connections outer nets such as outer cable, wireless network or hot spot sharing carries out network interface card disabling, to smart phone
Etc. shared internet connections carry out Microsoft Loopback Adapter disabling, USB driving disabling is carried out to unauthorized USB device access terminal, and generates correspondence
The illegal external connection log of type.
As shown in figure 3, server admin end, which can scan Intranet, can obtain all terminals of communication, and list comes out,
List information includes the IP address of terminal, MAC Address, user name, network link state, software client monitor state and soft
The machine code and version number that part client generates, and can identify whether interior network termination installed software client, to being fitted without
The terminal of client pushes installation program of client, the machine code until that can scan client generation.Server admin end
The illegal external connection log of network termination in collecting, and manage log concentratedly, show record information: terminal user in detail in log
Name, the address Mac, IP address and illegal external connection event type and time of origin.Server end inwardly can issue peace by network termination
Full strategy can carry out remote-control to the terminal of installation client, including restart and shut down, and can carry out to client long-range
Unloading and upgrading.
The present invention is using the multimachine tubulation control technology on kernel-driven: Liunx kernel is provided at the interruption of device drives bottom
Function is managed, each hardware device has corresponding device driver, and device drives journey is made of many levels, respectively
It is that the top layer communicated with upper level applications a driving, one or more intermediate drivers and the bottom are set with specific physics
The bottom layer driving of standby communication.
Kernel-driven Interception Technology of the invention is then to be intercepted by analyzing data information in bottom layer driving.It is logical
All illegal operations in monitoring driving program are crossed, in monitoring process, the access control information that kernel-driven is issued first,
By the access control information of sending, transmission data packet is positioned, is tracked, specific data information is analyzed, such as discovery is intended to
Illegal act is generated, can be blocked in bottom layer driving, prevents from driving to top layer and continues to transmit.Therefore the present invention is based on kernel
Driving intercepts and monitoring technology, blocks from bottom layer driving, safeguards system information security.
Claims (2)
1. a kind of external connection managing and control system is based on (SuSE) Linux OS, including server admin end and software client, feature
It is:
The server admin end can be communicated with Intranet all clients, and server admin end can scan local area network and clothes
All terminal machines of business device communication, scan all online terminals and non-online terminal in local area network;Server admin end energy
Enough check whether terminal installs software client, the terminal for installing client thinks to meet server admission control plan
It slightly, being capable of normal use;Terminal for not installing client thinks not being inconsistent hop server Admission control, cannot be in local
Communication in net;Server admin end can be to the terminal distributing policy of installation software client, and collects and check the day of terminal
Will information;To be fitted without software client terminal force push installation program of client, until detect terminal there are
Client service process meets the Admission control at server admin end;
The software client needs to be mounted in local area network on every terminal machine;Software client is protected using two process
Mode, user can not directly unload or terminate process, and administrator can be used dedicated tool of unloading and carry out client unloading;Client
Hold the network connection state and USB port connection status of real-time monitoring terminal;To be inserted directly into outer cable, double netcard, hot spot WIFI,
Smart machine shared internet connection is monitored and blocks, and USB access illegal to terminal is monitored and blocks, and generates detailed end
Hold external connection log, log recording terminal user name, the address Mac, IP address and illegal external connection event type and time.
2. a kind of external connection managing and control system according to claim 1, it is characterised in that: the software client monitoring mechanism
Illegal external connection event is judged by " three-way handshake " before detection TCP data connection, it is soft when terminal has illegal external connection intention
The access control information that part client first issues kernel-driven, by the access control information of sending to transmission data packet into
Row positioning, tracking, analyze specific data information, and such as discovery is intended to generate illegal act, can be blocked, be prevented in bottom layer driving
Continue to transmit to top layer driving.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810809479.1A CN109120599A (en) | 2018-07-23 | 2018-07-23 | A kind of external connection managing and control system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810809479.1A CN109120599A (en) | 2018-07-23 | 2018-07-23 | A kind of external connection managing and control system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109120599A true CN109120599A (en) | 2019-01-01 |
Family
ID=64863334
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810809479.1A Pending CN109120599A (en) | 2018-07-23 | 2018-07-23 | A kind of external connection managing and control system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109120599A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109587175A (en) * | 2019-01-11 | 2019-04-05 | 杭州迪普科技股份有限公司 | A kind of illegal external connection processing method and system |
CN111385285A (en) * | 2019-12-30 | 2020-07-07 | 杭州迪普科技股份有限公司 | Method and device for preventing illegal external connection |
CN111510431A (en) * | 2020-03-16 | 2020-08-07 | 国网辽宁省电力有限公司信息通信分公司 | Universal terminal access control platform, client and control method |
CN111857778A (en) * | 2020-07-17 | 2020-10-30 | 北京北信源软件股份有限公司 | Automatic installation method and system for Windows7 expansion security update |
CN113285929A (en) * | 2021-05-10 | 2021-08-20 | 新华三技术有限公司 | Terminal validity detection method and device |
CN114499924A (en) * | 2021-12-02 | 2022-05-13 | 厦门市美亚柏科信息股份有限公司 | Data leakage prevention method based on network interface controller and storage medium |
US11477195B2 (en) * | 2020-06-01 | 2022-10-18 | Upas Corporation | Network connection managing system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090241188A1 (en) * | 2008-03-21 | 2009-09-24 | Fujitsu Limited | Communication monitoring apparatus and communication monitoring method |
US20100269175A1 (en) * | 2008-12-02 | 2010-10-21 | Stolfo Salvatore J | Methods, systems, and media for masquerade attack detection by monitoring computer user behavior |
CN102664890A (en) * | 2012-04-23 | 2012-09-12 | 沈阳通用软件有限公司 | Method for recognizing legality of terminal computer by network security control server |
CN103166960A (en) * | 2013-03-01 | 2013-06-19 | 北京神州绿盟信息安全科技股份有限公司 | Access control method and access control device |
CN103391216A (en) * | 2013-07-15 | 2013-11-13 | 中国科学院信息工程研究所 | Alarm and blocking method for illegal external connections |
CN103400073A (en) * | 2013-07-09 | 2013-11-20 | 东莞天意电子有限公司 | Method for monitoring and identifying USB input equipment of video lottery terminal |
-
2018
- 2018-07-23 CN CN201810809479.1A patent/CN109120599A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090241188A1 (en) * | 2008-03-21 | 2009-09-24 | Fujitsu Limited | Communication monitoring apparatus and communication monitoring method |
US20100269175A1 (en) * | 2008-12-02 | 2010-10-21 | Stolfo Salvatore J | Methods, systems, and media for masquerade attack detection by monitoring computer user behavior |
CN102664890A (en) * | 2012-04-23 | 2012-09-12 | 沈阳通用软件有限公司 | Method for recognizing legality of terminal computer by network security control server |
CN103166960A (en) * | 2013-03-01 | 2013-06-19 | 北京神州绿盟信息安全科技股份有限公司 | Access control method and access control device |
CN103400073A (en) * | 2013-07-09 | 2013-11-20 | 东莞天意电子有限公司 | Method for monitoring and identifying USB input equipment of video lottery terminal |
CN103391216A (en) * | 2013-07-15 | 2013-11-13 | 中国科学院信息工程研究所 | Alarm and blocking method for illegal external connections |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109587175A (en) * | 2019-01-11 | 2019-04-05 | 杭州迪普科技股份有限公司 | A kind of illegal external connection processing method and system |
CN111385285A (en) * | 2019-12-30 | 2020-07-07 | 杭州迪普科技股份有限公司 | Method and device for preventing illegal external connection |
CN111385285B (en) * | 2019-12-30 | 2022-11-01 | 杭州迪普科技股份有限公司 | Method and device for preventing illegal external connection |
CN111510431A (en) * | 2020-03-16 | 2020-08-07 | 国网辽宁省电力有限公司信息通信分公司 | Universal terminal access control platform, client and control method |
CN111510431B (en) * | 2020-03-16 | 2022-04-15 | 国网辽宁省电力有限公司信息通信分公司 | Universal terminal access control platform, client and control method |
US11477195B2 (en) * | 2020-06-01 | 2022-10-18 | Upas Corporation | Network connection managing system |
CN111857778A (en) * | 2020-07-17 | 2020-10-30 | 北京北信源软件股份有限公司 | Automatic installation method and system for Windows7 expansion security update |
CN113285929A (en) * | 2021-05-10 | 2021-08-20 | 新华三技术有限公司 | Terminal validity detection method and device |
CN114499924A (en) * | 2021-12-02 | 2022-05-13 | 厦门市美亚柏科信息股份有限公司 | Data leakage prevention method based on network interface controller and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109120599A (en) | A kind of external connection managing and control system | |
US7788366B2 (en) | Centralized network control | |
US10686823B2 (en) | Systems and methods for detecting computer vulnerabilities that are triggered by events | |
US20240054234A1 (en) | Methods and systems for hardware and firmware security monitoring | |
US11240260B2 (en) | System and method for detecting computer network intrusions | |
CN103391216A (en) | Alarm and blocking method for illegal external connections | |
US11847212B2 (en) | Method to prevent root level access attack and measurable SLA security and compliance platform | |
US20120254947A1 (en) | Distributed Real-Time Network Protection for Authentication Systems | |
CN113660224A (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
EP3035636B1 (en) | Computer defenses and counterattacks | |
KR102433928B1 (en) | System for Managing Cyber Security of Autonomous Ship | |
US11637842B2 (en) | Detection of security intrusion in a computing system | |
CN111212077B (en) | Host access system and method | |
KR20130033161A (en) | Intrusion detection system for cloud computing service | |
CN107516039B (en) | Safety protection method and device for virtualization system | |
Ghaleb et al. | A framework architecture for agentless cloud endpoint security monitoring | |
EP4042306B1 (en) | Secure installation of baseboard management controller firmware via a physical interface | |
RU2444057C1 (en) | System for preventing unauthorised access to confidential information and information containing personal details | |
KR20200098181A (en) | Network security system by integrated security network card | |
CN107124390B (en) | Security defense and implementation method, device and system of computing equipment | |
CN111988333B (en) | Proxy software work abnormality detection method, device and medium | |
CN117041760B (en) | Communication network switching device, system and method | |
US20210266240A1 (en) | Embedded intrusion detection system on a chipset or device for use in connected hardware | |
KR20110136170A (en) | Method, server and device for detecting hacking tools | |
WO2013081521A1 (en) | Monitoring traffic in a communication network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190101 |