CN109120599A - A kind of external connection managing and control system - Google Patents

A kind of external connection managing and control system Download PDF

Info

Publication number
CN109120599A
CN109120599A CN201810809479.1A CN201810809479A CN109120599A CN 109120599 A CN109120599 A CN 109120599A CN 201810809479 A CN201810809479 A CN 201810809479A CN 109120599 A CN109120599 A CN 109120599A
Authority
CN
China
Prior art keywords
terminal
client
external connection
software client
illegal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810809479.1A
Other languages
Chinese (zh)
Inventor
徐光亮
马锋
王健
刘松林
张涛
徐静
李悦
吴建辉
曹海军
刘伟
匡琮
孔祥晨
姬晓明
刘亚
刘会强
李旭辉
冯河玮
韩源
周世昂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Huisen Information Co Ltd
Shangqiu Power Supply Co of State Grid Henan Electric Power Co Ltd
Original Assignee
Zhengzhou Huisen Information Co Ltd
Shangqiu Power Supply Co of State Grid Henan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Huisen Information Co Ltd, Shangqiu Power Supply Co of State Grid Henan Electric Power Co Ltd filed Critical Zhengzhou Huisen Information Co Ltd
Priority to CN201810809479.1A priority Critical patent/CN109120599A/en
Publication of CN109120599A publication Critical patent/CN109120599A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention provides a kind of external connection managing and control system based on (SuSE) Linux OS, including server admin end and software client, wherein server admin end can scan all terminals in Intranet, and the illegal terminal pushing software client into Intranet;The software client can come into force in kernel-driven, real time monitoring network connection and USB port connection status, the access behavior of terminal, access information feature are supervised, and generate detailed terminal external connection log, terminal network is established to be closely connected with what software client protected, take the thinking of " real-time monitoring; block in time ", block " illegal external connection " terminal to internal network to threat, intercept the generation of illegal external connection, to avoid external connection event from occurring, information-leakage is caused, the security assurance information demand of concerning security matters network is met.

Description

A kind of external connection managing and control system
Technical field
The invention belongs to field of computer technology, and in particular to it is a kind of based on (SuSE) Linux OS can be in driving The external connection managing and control system of generation movement and blocking equipment connection.
Background technique
With the continuous development of Chinese government's project of surfing the net, computer techno-stress case of divulging a secret just increases year by year, information peace Full status is very severe.All the time, Prevention-Security theory is limited to conventional gateway rank (firewall etc.), network boundary The defence of (vulnerability scanning, security audit, anti-virus, IDS) etc., important safety devices largely concentrate on computer room, network Inlet.For the safe operation for guaranteeing concerning security matters network, implements physical isolation between concerning security matters network and public information network, be to work as The main security secrecy provision that preceding concerning security matters network is taken, physical isolation can provide between concerning security matters network and public information network One security boundary, to establish a credible controllable internal security network, to reduce the security threat from network-external; However network internal equally exists serious security threat, this threat is increasingly becoming most of network management personnels and currently leads It faces and urgent problem.
Summary of the invention
The managing and control system that the present invention provides a kind of on kernel-driven carries out network communication blocking, is intercepted outside in violation of rules and regulations Join the new way occurred, so that Intranet terminal device external connection event be avoided to occur, prevents from causing information-leakage, meet concerning security matters The security assurance information demand of network.
The technical solution adopted by the present invention are as follows: a kind of external connection managing and control system is based on (SuSE) Linux OS, and this system includes Server admin end and software client.
The server admin end possesses strict Admission control, and communicates with Intranet all clients, service Device management end can scan all terminal machines of local area network and server communication, scan all online terminals in local area network and Non- online terminal;Server admin end can check whether terminal installs software client, for installing the terminal of client Think to meet server Admission control, it being capable of normal use;Terminal for not installing client thinks not meeting service Device Admission control cannot communicate in local area network;Server admin end can issue the terminal of installation software client Strategy, and collect and check the log information of terminal;Push client installation is forced to the terminal for being fitted without software client Program, until detecting terminal, there are client service processes, meet the Admission control at server admin end.
The software client needs to be mounted in local area network on every terminal machine;Software client uses two process Protected mode, user can not directly unload or terminate process, and administrator can be used dedicated tool of unloading and carry out client unloading; The network connection state and USB port connection status of client real-time monitoring terminal;To being inserted directly into outer cable, double netcard, hot spot WIFI, smart machine shared internet connection are monitored and block, and USB access illegal to terminal is monitored and blocks, and generates detailed Thin terminal external connection log, log recording terminal user name, the address Mac, IP address and illegal external connection event type and time.
Software client monitoring mechanism judges illegal external connection thing by " three-way handshake " before detection TCP data connection Part.When terminal has illegal external connection intention, software client can act on kernel-driven and carry out network interface card disabling or USB driving taboo With blocking data transmission guarantees terminal security.
The beneficial effect comprise that: software client can come into force in kernel-driven, to the access behavior of terminal, Access information feature is supervised, and is established terminal network and is closely connected with what client was protected, and " real-time monitoring, in time resistance are taken It is disconnected " thinking, block " illegal external connection " terminal, to threat, the generation of illegal external connection to be intercepted, to avoid external connection to internal network Event occurs, and causes information-leakage, meets the security assurance information demand of concerning security matters network.
Detailed description of the invention
Fig. 1 is the whole composition schematic diagram of system;
Fig. 2 is software client monitoring function schematic diagram;
Fig. 3 is server admin end functional schematic.
Specific embodiment
The present invention will be further described below with reference to the drawings.
The present invention is a kind of external connection managing and control system, is novel C/S architecture technology suitable for (SuSE) Linux OS, to meter Calculation machine connects outer net and USB device carries out security management and control, using the multimachine tubulation control technology on kernel-driven, realizes illegal outer The blocking and alarm of blocking and alarm, the illegal USB access of connection;Server admin end and software client are affixed one's name in interior wet end, Middle software client needs to be deployed on every interior network termination." region 1 " and " region 2 " expression of the terminal of different segment, such as Shown in Fig. 1, " region 1 " be install client terminal machine, be legal terminal, can in Intranet normal communication and receive plan Slightly;" region 2 " is the terminal machine for not installing client, is illegal terminal, cannot be at Intranet normal communication, server admin end Installation program of client can be pushed to illegal terminal, until it becomes legal terminal.
Software client can monitor the access behavior of legal terminal in real time, and supervise to access information feature, establish Terminal network is closely connected with what client was protected.Terminal can take two process protected mode after installing software at once, prevent Improper means hinders software work.Server admin end can establish connection with all terminals of Intranet, form legal Intranet, energy Enough uploads, distributing policy, and security status can be grasped.
As shown in Fig. 2, software client can be judged outside illegal by " three-way handshake " before detection TCP data connection Connection event, the network connection state and USB port connection status of real-time monitoring terminal ensure that legal terminal can normally lead in Intranet Letter prevents legal terminal from connecting outer net.Client can prevent other portable equipments, intelligent USB device etc. from accessing interior Network Communication.It is right The end host for being inserted into the illegal connections outer nets such as outer cable, wireless network or hot spot sharing carries out network interface card disabling, to smart phone Etc. shared internet connections carry out Microsoft Loopback Adapter disabling, USB driving disabling is carried out to unauthorized USB device access terminal, and generates correspondence The illegal external connection log of type.
As shown in figure 3, server admin end, which can scan Intranet, can obtain all terminals of communication, and list comes out, List information includes the IP address of terminal, MAC Address, user name, network link state, software client monitor state and soft The machine code and version number that part client generates, and can identify whether interior network termination installed software client, to being fitted without The terminal of client pushes installation program of client, the machine code until that can scan client generation.Server admin end The illegal external connection log of network termination in collecting, and manage log concentratedly, show record information: terminal user in detail in log Name, the address Mac, IP address and illegal external connection event type and time of origin.Server end inwardly can issue peace by network termination Full strategy can carry out remote-control to the terminal of installation client, including restart and shut down, and can carry out to client long-range Unloading and upgrading.
The present invention is using the multimachine tubulation control technology on kernel-driven: Liunx kernel is provided at the interruption of device drives bottom Function is managed, each hardware device has corresponding device driver, and device drives journey is made of many levels, respectively It is that the top layer communicated with upper level applications a driving, one or more intermediate drivers and the bottom are set with specific physics The bottom layer driving of standby communication.
Kernel-driven Interception Technology of the invention is then to be intercepted by analyzing data information in bottom layer driving.It is logical All illegal operations in monitoring driving program are crossed, in monitoring process, the access control information that kernel-driven is issued first, By the access control information of sending, transmission data packet is positioned, is tracked, specific data information is analyzed, such as discovery is intended to Illegal act is generated, can be blocked in bottom layer driving, prevents from driving to top layer and continues to transmit.Therefore the present invention is based on kernel Driving intercepts and monitoring technology, blocks from bottom layer driving, safeguards system information security.

Claims (2)

1. a kind of external connection managing and control system is based on (SuSE) Linux OS, including server admin end and software client, feature It is:
The server admin end can be communicated with Intranet all clients, and server admin end can scan local area network and clothes All terminal machines of business device communication, scan all online terminals and non-online terminal in local area network;Server admin end energy Enough check whether terminal installs software client, the terminal for installing client thinks to meet server admission control plan It slightly, being capable of normal use;Terminal for not installing client thinks not being inconsistent hop server Admission control, cannot be in local Communication in net;Server admin end can be to the terminal distributing policy of installation software client, and collects and check the day of terminal Will information;To be fitted without software client terminal force push installation program of client, until detect terminal there are Client service process meets the Admission control at server admin end;
The software client needs to be mounted in local area network on every terminal machine;Software client is protected using two process Mode, user can not directly unload or terminate process, and administrator can be used dedicated tool of unloading and carry out client unloading;Client Hold the network connection state and USB port connection status of real-time monitoring terminal;To be inserted directly into outer cable, double netcard, hot spot WIFI, Smart machine shared internet connection is monitored and blocks, and USB access illegal to terminal is monitored and blocks, and generates detailed end Hold external connection log, log recording terminal user name, the address Mac, IP address and illegal external connection event type and time.
2. a kind of external connection managing and control system according to claim 1, it is characterised in that: the software client monitoring mechanism Illegal external connection event is judged by " three-way handshake " before detection TCP data connection, it is soft when terminal has illegal external connection intention The access control information that part client first issues kernel-driven, by the access control information of sending to transmission data packet into Row positioning, tracking, analyze specific data information, and such as discovery is intended to generate illegal act, can be blocked, be prevented in bottom layer driving Continue to transmit to top layer driving.
CN201810809479.1A 2018-07-23 2018-07-23 A kind of external connection managing and control system Pending CN109120599A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810809479.1A CN109120599A (en) 2018-07-23 2018-07-23 A kind of external connection managing and control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810809479.1A CN109120599A (en) 2018-07-23 2018-07-23 A kind of external connection managing and control system

Publications (1)

Publication Number Publication Date
CN109120599A true CN109120599A (en) 2019-01-01

Family

ID=64863334

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810809479.1A Pending CN109120599A (en) 2018-07-23 2018-07-23 A kind of external connection managing and control system

Country Status (1)

Country Link
CN (1) CN109120599A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109587175A (en) * 2019-01-11 2019-04-05 杭州迪普科技股份有限公司 A kind of illegal external connection processing method and system
CN111385285A (en) * 2019-12-30 2020-07-07 杭州迪普科技股份有限公司 Method and device for preventing illegal external connection
CN111510431A (en) * 2020-03-16 2020-08-07 国网辽宁省电力有限公司信息通信分公司 Universal terminal access control platform, client and control method
CN111857778A (en) * 2020-07-17 2020-10-30 北京北信源软件股份有限公司 Automatic installation method and system for Windows7 expansion security update
CN113285929A (en) * 2021-05-10 2021-08-20 新华三技术有限公司 Terminal validity detection method and device
CN114499924A (en) * 2021-12-02 2022-05-13 厦门市美亚柏科信息股份有限公司 Data leakage prevention method based on network interface controller and storage medium
US11477195B2 (en) * 2020-06-01 2022-10-18 Upas Corporation Network connection managing system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090241188A1 (en) * 2008-03-21 2009-09-24 Fujitsu Limited Communication monitoring apparatus and communication monitoring method
US20100269175A1 (en) * 2008-12-02 2010-10-21 Stolfo Salvatore J Methods, systems, and media for masquerade attack detection by monitoring computer user behavior
CN102664890A (en) * 2012-04-23 2012-09-12 沈阳通用软件有限公司 Method for recognizing legality of terminal computer by network security control server
CN103166960A (en) * 2013-03-01 2013-06-19 北京神州绿盟信息安全科技股份有限公司 Access control method and access control device
CN103391216A (en) * 2013-07-15 2013-11-13 中国科学院信息工程研究所 Alarm and blocking method for illegal external connections
CN103400073A (en) * 2013-07-09 2013-11-20 东莞天意电子有限公司 Method for monitoring and identifying USB input equipment of video lottery terminal

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090241188A1 (en) * 2008-03-21 2009-09-24 Fujitsu Limited Communication monitoring apparatus and communication monitoring method
US20100269175A1 (en) * 2008-12-02 2010-10-21 Stolfo Salvatore J Methods, systems, and media for masquerade attack detection by monitoring computer user behavior
CN102664890A (en) * 2012-04-23 2012-09-12 沈阳通用软件有限公司 Method for recognizing legality of terminal computer by network security control server
CN103166960A (en) * 2013-03-01 2013-06-19 北京神州绿盟信息安全科技股份有限公司 Access control method and access control device
CN103400073A (en) * 2013-07-09 2013-11-20 东莞天意电子有限公司 Method for monitoring and identifying USB input equipment of video lottery terminal
CN103391216A (en) * 2013-07-15 2013-11-13 中国科学院信息工程研究所 Alarm and blocking method for illegal external connections

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109587175A (en) * 2019-01-11 2019-04-05 杭州迪普科技股份有限公司 A kind of illegal external connection processing method and system
CN111385285A (en) * 2019-12-30 2020-07-07 杭州迪普科技股份有限公司 Method and device for preventing illegal external connection
CN111385285B (en) * 2019-12-30 2022-11-01 杭州迪普科技股份有限公司 Method and device for preventing illegal external connection
CN111510431A (en) * 2020-03-16 2020-08-07 国网辽宁省电力有限公司信息通信分公司 Universal terminal access control platform, client and control method
CN111510431B (en) * 2020-03-16 2022-04-15 国网辽宁省电力有限公司信息通信分公司 Universal terminal access control platform, client and control method
US11477195B2 (en) * 2020-06-01 2022-10-18 Upas Corporation Network connection managing system
CN111857778A (en) * 2020-07-17 2020-10-30 北京北信源软件股份有限公司 Automatic installation method and system for Windows7 expansion security update
CN113285929A (en) * 2021-05-10 2021-08-20 新华三技术有限公司 Terminal validity detection method and device
CN114499924A (en) * 2021-12-02 2022-05-13 厦门市美亚柏科信息股份有限公司 Data leakage prevention method based on network interface controller and storage medium

Similar Documents

Publication Publication Date Title
CN109120599A (en) A kind of external connection managing and control system
US7788366B2 (en) Centralized network control
US10686823B2 (en) Systems and methods for detecting computer vulnerabilities that are triggered by events
US20240054234A1 (en) Methods and systems for hardware and firmware security monitoring
US11240260B2 (en) System and method for detecting computer network intrusions
CN103391216A (en) Alarm and blocking method for illegal external connections
US11847212B2 (en) Method to prevent root level access attack and measurable SLA security and compliance platform
US20120254947A1 (en) Distributed Real-Time Network Protection for Authentication Systems
CN113660224A (en) Situation awareness defense method, device and system based on network vulnerability scanning
EP3035636B1 (en) Computer defenses and counterattacks
KR102433928B1 (en) System for Managing Cyber Security of Autonomous Ship
US11637842B2 (en) Detection of security intrusion in a computing system
CN111212077B (en) Host access system and method
KR20130033161A (en) Intrusion detection system for cloud computing service
CN107516039B (en) Safety protection method and device for virtualization system
Ghaleb et al. A framework architecture for agentless cloud endpoint security monitoring
EP4042306B1 (en) Secure installation of baseboard management controller firmware via a physical interface
RU2444057C1 (en) System for preventing unauthorised access to confidential information and information containing personal details
KR20200098181A (en) Network security system by integrated security network card
CN107124390B (en) Security defense and implementation method, device and system of computing equipment
CN111988333B (en) Proxy software work abnormality detection method, device and medium
CN117041760B (en) Communication network switching device, system and method
US20210266240A1 (en) Embedded intrusion detection system on a chipset or device for use in connected hardware
KR20110136170A (en) Method, server and device for detecting hacking tools
WO2013081521A1 (en) Monitoring traffic in a communication network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190101