CN110944023A - Network security management equipment and network security management method - Google Patents

Network security management equipment and network security management method Download PDF

Info

Publication number
CN110944023A
CN110944023A CN201911422072.4A CN201911422072A CN110944023A CN 110944023 A CN110944023 A CN 110944023A CN 201911422072 A CN201911422072 A CN 201911422072A CN 110944023 A CN110944023 A CN 110944023A
Authority
CN
China
Prior art keywords
message
security management
network
preset
network security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911422072.4A
Other languages
Chinese (zh)
Inventor
陆建强
李瞳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201911422072.4A priority Critical patent/CN110944023A/en
Publication of CN110944023A publication Critical patent/CN110944023A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network security management device. The network security management equipment comprises an NGFW application module and an FPGA accelerator card, wherein the NGFW application module is used for transmitting preset security conditions to the FPGA accelerator card, and the FPGA accelerator card carries out preprocessing on messages from an external network according to the preset security conditions. According to the network security management equipment provided by the invention, the FPGA accelerator card is adopted to pre-process the message from the external network according to the preset security condition, so that the performance and the throughput of the NGFW application layer firewall can be improved, and the burden of the central processing unit is greatly reduced.

Description

Network security management equipment and network security management method
Technical Field
The invention belongs to the technical field of network security, and particularly relates to network security management equipment and a network security management method.
Background
At present, computer and network technology and all aspects of the society are deepened, and great convenience is brought to life and work of people. Meanwhile, the network security problem also becomes a trouble for people. Conventional network security solutions such as firewalls, intrusion detection systems and host-based anti-virus software are not sufficient to defend against new sophisticated attacks. In order to protect the network from the latest threats, more effective and faster network security management technologies need to be found.
Disclosure of Invention
The invention provides a network security management device. The network security management equipment comprises an NGFW application module and an FPGA accelerator card, wherein the NGFW application module is used for transmitting preset security conditions to the FPGA accelerator card, and the FPGA accelerator card carries out preprocessing on messages from an external network according to the preset security conditions.
Optionally, the FPGA accelerator card includes a regular expression firewall module, and the regular expression firewall module processes a packet from an external network.
Optionally, the network security management device includes a central processing unit, and the NGFW application module is installed in the central processing unit and manages the FPGA accelerator card.
Optionally, the FPGA accelerator card further includes a network layer firewall module, the network layer firewall module is configured to determine whether upper information of the message information meets the preset security condition, and the regular expression firewall module is configured to determine whether lower information of the message information meets the preset security condition.
The invention also provides a network security management method. The network communication method comprises the following steps: the FPGA accelerating card receives preset safety conditions from the NGFW application module; receiving a message of an external network; and preprocessing the message according to the preset safety condition.
Optionally, the preprocessing the packet according to the preset security condition in the step includes: and judging whether the lower information of the message meets the preset safety condition or not by using a regular expression firewall.
Optionally, before the step of judging whether the lower information of the packet conforms to the preset security condition by using a regular expression firewall, the step of preprocessing the packet according to the preset security condition further includes: judging whether the upper information of the message meets the preset safety condition or not by using a network layer firewall; and if the message meets the preset safety condition, entering the step of regular expression firewall to judge whether the message meets the preset safety condition.
Optionally, the step of preprocessing the packet according to the preset security condition further includes: if the message does not meet the preset safety condition, deleting the message; and sending reset information to the source address of the message.
Optionally, after the step of preprocessing the packet according to the preset security condition, the network security management method includes: maintaining the output quality of the message; and sending the message to the intranet.
Optionally, after receiving the packet of the external network in the step, the network security management method further includes: classifying the messages according to the protocol types of the messages; counting statistical information of the messages according to the message classification; transmitting statistical information to the NGFW application module.
According to the network security management equipment provided by the invention, the NGFW application module is used for transmitting the preset security condition to the FPGA accelerator card, and the FPGA accelerator card carries out preprocessing on the message from the external network according to the preset security condition, so that the performance and the throughput of the NGFW application layer firewall can be improved, and the burden of a central processing unit is greatly reduced.
Drawings
Fig. 1 is a schematic structural diagram of a network security management device according to an embodiment of the present invention.
Fig. 2 is a flowchart of a network security management method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic structural diagram of a network security management apparatus 800 according to an embodiment of the present invention. The network security management device 800 includes a central processing unit 100 and an FPGA accelerator card 200. The central processor 100 is configured to control the FPGA accelerator card 200 to perform a management operation of network security. The FPGA200 receives a message sent by an external device, and performs operations such as message analysis, flow table establishment, statistics, firewall processing, and the like on the received message. The central processor 100 includes an NGFW application module 110, a packet statistics module 120, and a firewall policy module 130. Wherein the NGFW application module 110 provides preset security conditions to the FPGA accelerator card 200 and receives message statistical information provided from the FPGA accelerator card 200.
The FPGA accelerator card 200 includes a message parsing module 210, a network protocol processing module 220, a network layer firewall module 230, a regular expression firewall module 240, an information quality maintenance module 250, a blocking module 260, and an interface module 270. The message parsing module 210 is configured to perform a parsing operation on the message. The network protocol processing module 220 is configured to classify the analyzed message information according to the protocol type of the message. The network layer firewall module 230 is configured to determine whether the upper information of the message information meets a preset security condition, and count the message statistical information according to the message classification. The upper information of the message information comprises information such as a website name and a mobile phone APP name in a set website blacklist. The message statistical information comprises message receiving time, message length, destination address, source port, destination port and protocol type. The regular expression firewall module 240 is configured to determine whether the lower information of the packet information meets a preset security condition. The regular expression firewall module 240 performs specific analysis and judgment on the message information according to the regular expression in the preset security condition. The lower level information of the message information comprises specific network information such as forum names in websites, post names in forums, specific speeches in posts, chat contents in WeChat and the like. The information quality maintenance module 250 is used to ensure the bandwidth in the link to maintain the output quality of the packet. The blocking module 260 is configured to block the message when the message does not meet a preset security condition, and send reset information to the source address of the message through the message parsing module 210. The interface module 270 is used to establish a communication channel with the central processor 100.
Fig. 2 is a flowchart of a network security management method according to an embodiment of the present invention. Wherein the network security management method comprises the following steps 302-322.
And step 302, the FPGA acceleration card receives preset safety conditions from the NGFW application module.
Step 304, receiving the message of the external network.
Step 306, classifying the message according to the protocol type of the message.
And 308, counting the statistical information of the messages according to the message classification.
Step 310, transmitting the statistical information to the NGFW application module.
Step 312, judging whether the upper information of the message meets the preset safety condition by using a network layer firewall; if the preset safety condition is met, go to step 314; if the preset safety condition is not met, go to step 320.
Step 314, judging whether the lower information of the message meets the preset safety condition by using a regular expression firewall; if the preset safety condition is met, go to step 316; if the preset safety condition is not met, go to step 320.
Step 316, maintaining the output quality of the message.
Step 318, sending the message to the intranet.
Step 320, deleting the message.
Step 322, sending reset information to the source address of the message.
According to the network security management equipment provided by the invention, the NGFW application module is used for transmitting the preset security condition to the FPGA accelerator card, and the FPGA accelerator card carries out preprocessing on the message from the external network according to the preset security condition, so that the performance and the throughput of the NGFW application layer firewall can be improved, and the burden of a central processing unit is greatly reduced.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. The network security management equipment is characterized by comprising an NGFW application module and an FPGA accelerator card, wherein the NGFW application module is used for transmitting preset security conditions to the FPGA accelerator card, and the FPGA accelerator card is used for preprocessing messages from an external network according to the preset security conditions.
2. The network security management device of claim 1, wherein the FPGA accelerator card comprises a regular expression firewall module that processes messages from an extranet.
3. The device for network security management according to claim 2, wherein the device for network security management comprises a central processing unit, and the NGFW application module is installed in the central processing unit and manages the FPGA accelerator card.
4. The network security management device according to claim 3, wherein the FPGA accelerator card further comprises a network layer firewall module, the network layer firewall module is configured to determine whether the upper information of the packet information meets the preset security condition, and the regular expression firewall module is configured to determine whether the lower information of the packet information meets the preset security condition.
5. A network security management method, wherein the network communication method comprises:
the FPGA accelerating card receives preset safety conditions from the NGFW application module;
receiving a message of an external network;
and preprocessing the message according to the preset safety condition.
6. The network security management method according to claim 5, wherein the step of preprocessing the packet according to the preset security condition comprises:
and judging whether the lower information of the message meets the preset safety condition or not by using a regular expression firewall.
7. The network security management method for the FPGA accelerator card according to claim 6, wherein before the step of judging whether the lower information of the packet conforms to the preset security condition by using a regular expression firewall, the step of preprocessing the packet according to the preset security condition further comprises:
judging whether the upper information of the message meets the preset safety condition or not by using a network layer firewall;
and if the message meets the preset safety condition, entering the step of regular expression firewall to judge whether the message meets the preset safety condition.
8. The network security management method for the FPGA accelerator card according to claim 7, wherein the step of preprocessing the packet according to the preset security condition further comprises:
if the message does not meet the preset safety condition, deleting the message;
and sending reset information to the source address of the message.
9. The network security management method according to claim 8, wherein after the step of preprocessing the packet according to the preset security condition, the network security management method comprises:
maintaining the output quality of the message;
and sending the message to the intranet.
10. The network security management method according to claim 9, wherein after the step of receiving the packet of the external network, the network security management method further comprises:
classifying the messages according to the protocol types of the messages;
counting statistical information of the messages according to the message classification;
transmitting statistical information to the NGFW application module.
CN201911422072.4A 2019-12-31 2019-12-31 Network security management equipment and network security management method Pending CN110944023A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911422072.4A CN110944023A (en) 2019-12-31 2019-12-31 Network security management equipment and network security management method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911422072.4A CN110944023A (en) 2019-12-31 2019-12-31 Network security management equipment and network security management method

Publications (1)

Publication Number Publication Date
CN110944023A true CN110944023A (en) 2020-03-31

Family

ID=69913194

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911422072.4A Pending CN110944023A (en) 2019-12-31 2019-12-31 Network security management equipment and network security management method

Country Status (1)

Country Link
CN (1) CN110944023A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201936308U (en) * 2011-01-14 2011-08-17 无锡市同威科技有限公司 Web vulnerability scanner
US20120210416A1 (en) * 2011-02-16 2012-08-16 Fortinet, Inc. A Delaware Corporation Load balancing in a network with session information
CN102739473A (en) * 2012-07-09 2012-10-17 南京中兴特种软件有限责任公司 Network detecting method using intelligent network card
CN108200092A (en) * 2018-02-08 2018-06-22 赛特斯信息科技股份有限公司 Accelerate the method and system of message ACL matching treatments based on NFV technologies
CN108521425A (en) * 2018-04-11 2018-09-11 江苏亨通工控安全研究院有限公司 A kind of industry control protocol filtering method and board

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201936308U (en) * 2011-01-14 2011-08-17 无锡市同威科技有限公司 Web vulnerability scanner
US20120210416A1 (en) * 2011-02-16 2012-08-16 Fortinet, Inc. A Delaware Corporation Load balancing in a network with session information
CN102739473A (en) * 2012-07-09 2012-10-17 南京中兴特种软件有限责任公司 Network detecting method using intelligent network card
CN108200092A (en) * 2018-02-08 2018-06-22 赛特斯信息科技股份有限公司 Accelerate the method and system of message ACL matching treatments based on NFV technologies
CN108521425A (en) * 2018-04-11 2018-09-11 江苏亨通工控安全研究院有限公司 A kind of industry control protocol filtering method and board

Similar Documents

Publication Publication Date Title
EP2947849B1 (en) Network anomaly detection
US8639752B2 (en) Systems and methods for content type classification
US20070077931A1 (en) Method and apparatus for wireless network protection against malicious transmissions
US20060010209A1 (en) Server for sending electronics messages
US20160232349A1 (en) Mobile malware detection and user notification
JP2006178995A (en) Detection of unwanted message
CN1930860B (en) System and method for client-server-based wireless intrusion detection
CN101009704A (en) Computer system and method for processing advanced network content
CN100454895C (en) Method for raising network security via message processing
EP4044546A1 (en) Message processing method, device and apparatus as well as computer readable storage medium
CN112583850B (en) Network attack protection method, device and system
US7269649B1 (en) Protocol layer-level system and method for detecting virus activity
EP4293550A1 (en) Traffic processing method and protection system
KR100773416B1 (en) Method and system for controlling network traffic of p2p and instant messenger
CN101826991A (en) Method and system for identifying illegal data packet
KR101473652B1 (en) Method and appratus for detecting malicious message
CN112559595A (en) Security event mining method and device, storage medium and electronic equipment
US7367055B2 (en) Communication systems automated security detection based on protocol cause codes
CN110944023A (en) Network security management equipment and network security management method
CN113037779B (en) Intelligent self-learning white list method and system in active defense system
CN114268458A (en) Protection method of safety protection module for terminal public network safety communication
US20230139435A1 (en) System and method for progressive traffic inspection and treatment ina network
US20230141028A1 (en) Traffic control server and method
US20100157806A1 (en) Method for processing data packet load balancing and network equipment thereof
CN111683057B (en) Threat information transmission and sharing method based on dynamic attack surface

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200331

RJ01 Rejection of invention patent application after publication