CN110944023A - Network security management equipment and network security management method - Google Patents
Network security management equipment and network security management method Download PDFInfo
- Publication number
- CN110944023A CN110944023A CN201911422072.4A CN201911422072A CN110944023A CN 110944023 A CN110944023 A CN 110944023A CN 201911422072 A CN201911422072 A CN 201911422072A CN 110944023 A CN110944023 A CN 110944023A
- Authority
- CN
- China
- Prior art keywords
- message
- security management
- network
- preset
- network security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2441—Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network security management device. The network security management equipment comprises an NGFW application module and an FPGA accelerator card, wherein the NGFW application module is used for transmitting preset security conditions to the FPGA accelerator card, and the FPGA accelerator card carries out preprocessing on messages from an external network according to the preset security conditions. According to the network security management equipment provided by the invention, the FPGA accelerator card is adopted to pre-process the message from the external network according to the preset security condition, so that the performance and the throughput of the NGFW application layer firewall can be improved, and the burden of the central processing unit is greatly reduced.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to network security management equipment and a network security management method.
Background
At present, computer and network technology and all aspects of the society are deepened, and great convenience is brought to life and work of people. Meanwhile, the network security problem also becomes a trouble for people. Conventional network security solutions such as firewalls, intrusion detection systems and host-based anti-virus software are not sufficient to defend against new sophisticated attacks. In order to protect the network from the latest threats, more effective and faster network security management technologies need to be found.
Disclosure of Invention
The invention provides a network security management device. The network security management equipment comprises an NGFW application module and an FPGA accelerator card, wherein the NGFW application module is used for transmitting preset security conditions to the FPGA accelerator card, and the FPGA accelerator card carries out preprocessing on messages from an external network according to the preset security conditions.
Optionally, the FPGA accelerator card includes a regular expression firewall module, and the regular expression firewall module processes a packet from an external network.
Optionally, the network security management device includes a central processing unit, and the NGFW application module is installed in the central processing unit and manages the FPGA accelerator card.
Optionally, the FPGA accelerator card further includes a network layer firewall module, the network layer firewall module is configured to determine whether upper information of the message information meets the preset security condition, and the regular expression firewall module is configured to determine whether lower information of the message information meets the preset security condition.
The invention also provides a network security management method. The network communication method comprises the following steps: the FPGA accelerating card receives preset safety conditions from the NGFW application module; receiving a message of an external network; and preprocessing the message according to the preset safety condition.
Optionally, the preprocessing the packet according to the preset security condition in the step includes: and judging whether the lower information of the message meets the preset safety condition or not by using a regular expression firewall.
Optionally, before the step of judging whether the lower information of the packet conforms to the preset security condition by using a regular expression firewall, the step of preprocessing the packet according to the preset security condition further includes: judging whether the upper information of the message meets the preset safety condition or not by using a network layer firewall; and if the message meets the preset safety condition, entering the step of regular expression firewall to judge whether the message meets the preset safety condition.
Optionally, the step of preprocessing the packet according to the preset security condition further includes: if the message does not meet the preset safety condition, deleting the message; and sending reset information to the source address of the message.
Optionally, after the step of preprocessing the packet according to the preset security condition, the network security management method includes: maintaining the output quality of the message; and sending the message to the intranet.
Optionally, after receiving the packet of the external network in the step, the network security management method further includes: classifying the messages according to the protocol types of the messages; counting statistical information of the messages according to the message classification; transmitting statistical information to the NGFW application module.
According to the network security management equipment provided by the invention, the NGFW application module is used for transmitting the preset security condition to the FPGA accelerator card, and the FPGA accelerator card carries out preprocessing on the message from the external network according to the preset security condition, so that the performance and the throughput of the NGFW application layer firewall can be improved, and the burden of a central processing unit is greatly reduced.
Drawings
Fig. 1 is a schematic structural diagram of a network security management device according to an embodiment of the present invention.
Fig. 2 is a flowchart of a network security management method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic structural diagram of a network security management apparatus 800 according to an embodiment of the present invention. The network security management device 800 includes a central processing unit 100 and an FPGA accelerator card 200. The central processor 100 is configured to control the FPGA accelerator card 200 to perform a management operation of network security. The FPGA200 receives a message sent by an external device, and performs operations such as message analysis, flow table establishment, statistics, firewall processing, and the like on the received message. The central processor 100 includes an NGFW application module 110, a packet statistics module 120, and a firewall policy module 130. Wherein the NGFW application module 110 provides preset security conditions to the FPGA accelerator card 200 and receives message statistical information provided from the FPGA accelerator card 200.
The FPGA accelerator card 200 includes a message parsing module 210, a network protocol processing module 220, a network layer firewall module 230, a regular expression firewall module 240, an information quality maintenance module 250, a blocking module 260, and an interface module 270. The message parsing module 210 is configured to perform a parsing operation on the message. The network protocol processing module 220 is configured to classify the analyzed message information according to the protocol type of the message. The network layer firewall module 230 is configured to determine whether the upper information of the message information meets a preset security condition, and count the message statistical information according to the message classification. The upper information of the message information comprises information such as a website name and a mobile phone APP name in a set website blacklist. The message statistical information comprises message receiving time, message length, destination address, source port, destination port and protocol type. The regular expression firewall module 240 is configured to determine whether the lower information of the packet information meets a preset security condition. The regular expression firewall module 240 performs specific analysis and judgment on the message information according to the regular expression in the preset security condition. The lower level information of the message information comprises specific network information such as forum names in websites, post names in forums, specific speeches in posts, chat contents in WeChat and the like. The information quality maintenance module 250 is used to ensure the bandwidth in the link to maintain the output quality of the packet. The blocking module 260 is configured to block the message when the message does not meet a preset security condition, and send reset information to the source address of the message through the message parsing module 210. The interface module 270 is used to establish a communication channel with the central processor 100.
Fig. 2 is a flowchart of a network security management method according to an embodiment of the present invention. Wherein the network security management method comprises the following steps 302-322.
And step 302, the FPGA acceleration card receives preset safety conditions from the NGFW application module.
And 308, counting the statistical information of the messages according to the message classification.
According to the network security management equipment provided by the invention, the NGFW application module is used for transmitting the preset security condition to the FPGA accelerator card, and the FPGA accelerator card carries out preprocessing on the message from the external network according to the preset security condition, so that the performance and the throughput of the NGFW application layer firewall can be improved, and the burden of a central processing unit is greatly reduced.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (10)
1. The network security management equipment is characterized by comprising an NGFW application module and an FPGA accelerator card, wherein the NGFW application module is used for transmitting preset security conditions to the FPGA accelerator card, and the FPGA accelerator card is used for preprocessing messages from an external network according to the preset security conditions.
2. The network security management device of claim 1, wherein the FPGA accelerator card comprises a regular expression firewall module that processes messages from an extranet.
3. The device for network security management according to claim 2, wherein the device for network security management comprises a central processing unit, and the NGFW application module is installed in the central processing unit and manages the FPGA accelerator card.
4. The network security management device according to claim 3, wherein the FPGA accelerator card further comprises a network layer firewall module, the network layer firewall module is configured to determine whether the upper information of the packet information meets the preset security condition, and the regular expression firewall module is configured to determine whether the lower information of the packet information meets the preset security condition.
5. A network security management method, wherein the network communication method comprises:
the FPGA accelerating card receives preset safety conditions from the NGFW application module;
receiving a message of an external network;
and preprocessing the message according to the preset safety condition.
6. The network security management method according to claim 5, wherein the step of preprocessing the packet according to the preset security condition comprises:
and judging whether the lower information of the message meets the preset safety condition or not by using a regular expression firewall.
7. The network security management method for the FPGA accelerator card according to claim 6, wherein before the step of judging whether the lower information of the packet conforms to the preset security condition by using a regular expression firewall, the step of preprocessing the packet according to the preset security condition further comprises:
judging whether the upper information of the message meets the preset safety condition or not by using a network layer firewall;
and if the message meets the preset safety condition, entering the step of regular expression firewall to judge whether the message meets the preset safety condition.
8. The network security management method for the FPGA accelerator card according to claim 7, wherein the step of preprocessing the packet according to the preset security condition further comprises:
if the message does not meet the preset safety condition, deleting the message;
and sending reset information to the source address of the message.
9. The network security management method according to claim 8, wherein after the step of preprocessing the packet according to the preset security condition, the network security management method comprises:
maintaining the output quality of the message;
and sending the message to the intranet.
10. The network security management method according to claim 9, wherein after the step of receiving the packet of the external network, the network security management method further comprises:
classifying the messages according to the protocol types of the messages;
counting statistical information of the messages according to the message classification;
transmitting statistical information to the NGFW application module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911422072.4A CN110944023A (en) | 2019-12-31 | 2019-12-31 | Network security management equipment and network security management method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911422072.4A CN110944023A (en) | 2019-12-31 | 2019-12-31 | Network security management equipment and network security management method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110944023A true CN110944023A (en) | 2020-03-31 |
Family
ID=69913194
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911422072.4A Pending CN110944023A (en) | 2019-12-31 | 2019-12-31 | Network security management equipment and network security management method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110944023A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201936308U (en) * | 2011-01-14 | 2011-08-17 | 无锡市同威科技有限公司 | Web vulnerability scanner |
US20120210416A1 (en) * | 2011-02-16 | 2012-08-16 | Fortinet, Inc. A Delaware Corporation | Load balancing in a network with session information |
CN102739473A (en) * | 2012-07-09 | 2012-10-17 | 南京中兴特种软件有限责任公司 | Network detecting method using intelligent network card |
CN108200092A (en) * | 2018-02-08 | 2018-06-22 | 赛特斯信息科技股份有限公司 | Accelerate the method and system of message ACL matching treatments based on NFV technologies |
CN108521425A (en) * | 2018-04-11 | 2018-09-11 | 江苏亨通工控安全研究院有限公司 | A kind of industry control protocol filtering method and board |
-
2019
- 2019-12-31 CN CN201911422072.4A patent/CN110944023A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201936308U (en) * | 2011-01-14 | 2011-08-17 | 无锡市同威科技有限公司 | Web vulnerability scanner |
US20120210416A1 (en) * | 2011-02-16 | 2012-08-16 | Fortinet, Inc. A Delaware Corporation | Load balancing in a network with session information |
CN102739473A (en) * | 2012-07-09 | 2012-10-17 | 南京中兴特种软件有限责任公司 | Network detecting method using intelligent network card |
CN108200092A (en) * | 2018-02-08 | 2018-06-22 | 赛特斯信息科技股份有限公司 | Accelerate the method and system of message ACL matching treatments based on NFV technologies |
CN108521425A (en) * | 2018-04-11 | 2018-09-11 | 江苏亨通工控安全研究院有限公司 | A kind of industry control protocol filtering method and board |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2947849B1 (en) | Network anomaly detection | |
US8639752B2 (en) | Systems and methods for content type classification | |
US20070077931A1 (en) | Method and apparatus for wireless network protection against malicious transmissions | |
US20060010209A1 (en) | Server for sending electronics messages | |
US20160232349A1 (en) | Mobile malware detection and user notification | |
JP2006178995A (en) | Detection of unwanted message | |
CN1930860B (en) | System and method for client-server-based wireless intrusion detection | |
CN101009704A (en) | Computer system and method for processing advanced network content | |
CN100454895C (en) | Method for raising network security via message processing | |
EP4044546A1 (en) | Message processing method, device and apparatus as well as computer readable storage medium | |
CN112583850B (en) | Network attack protection method, device and system | |
US7269649B1 (en) | Protocol layer-level system and method for detecting virus activity | |
EP4293550A1 (en) | Traffic processing method and protection system | |
KR100773416B1 (en) | Method and system for controlling network traffic of p2p and instant messenger | |
CN101826991A (en) | Method and system for identifying illegal data packet | |
KR101473652B1 (en) | Method and appratus for detecting malicious message | |
CN112559595A (en) | Security event mining method and device, storage medium and electronic equipment | |
US7367055B2 (en) | Communication systems automated security detection based on protocol cause codes | |
CN110944023A (en) | Network security management equipment and network security management method | |
CN113037779B (en) | Intelligent self-learning white list method and system in active defense system | |
CN114268458A (en) | Protection method of safety protection module for terminal public network safety communication | |
US20230139435A1 (en) | System and method for progressive traffic inspection and treatment ina network | |
US20230141028A1 (en) | Traffic control server and method | |
US20100157806A1 (en) | Method for processing data packet load balancing and network equipment thereof | |
CN111683057B (en) | Threat information transmission and sharing method based on dynamic attack surface |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200331 |
|
RJ01 | Rejection of invention patent application after publication |