CN112398857A - Firewall testing method and device, computer equipment and storage medium - Google Patents
Firewall testing method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN112398857A CN112398857A CN202011285261.4A CN202011285261A CN112398857A CN 112398857 A CN112398857 A CN 112398857A CN 202011285261 A CN202011285261 A CN 202011285261A CN 112398857 A CN112398857 A CN 112398857A
- Authority
- CN
- China
- Prior art keywords
- access
- protection
- task
- target
- accessed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to a firewall testing method, a firewall testing device, computer equipment and a storage medium. The method comprises the following steps: selecting a target protection strategy for testing from more than one protection strategies of a target firewall; selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the accessed device from a simulation device set according to the target protection strategy; controlling the access device to access the accessed device via the target firewall; and determining a protection test result of the target firewall under the target protection strategy according to an access result of the access equipment to the accessed equipment. By adopting the method, the possibility of potential safety hazards can be reduced.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a firewall testing method and apparatus, a computer device, and a storage medium.
Background
With the development of computer technology, firewall technology has emerged, which is a technology that helps a computer network to construct a relatively isolated protection barrier between its internal and external networks by organically combining various software and hardware devices for security management and screening, so as to protect the security of user data and information. The firewall technology is widely applied to the fields of artificial intelligence, finance, security and the like.
When the firewall runs, the performance of the firewall needs to be tested, and the firewall vulnerability is discovered. However, in the traditional technology, the test of the firewall is not comprehensive enough, and potential safety hazards exist.
Disclosure of Invention
In view of the above, it is necessary to provide a firewall testing method, apparatus, computer device and storage medium capable of reducing the possibility of potential safety hazards.
A firewall testing method, comprising:
selecting a target protection strategy for testing from more than one protection strategies of a target firewall;
selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the accessed device from the simulation device set according to the target protection strategy;
controlling the access device to access the accessed device via the target firewall;
and determining a protection test result of the target firewall under the target protection strategy according to an access result of the access equipment to the accessed equipment.
A firewall testing apparatus, the apparatus comprising:
the selection module is used for selecting a target protection strategy for testing from more than one protection strategies of the target firewall;
the selecting module is further used for selecting at least one simulation device used for simulating the access device and at least one simulation device used for simulating the accessed device from the simulation device set according to the target protection strategy;
a control module for controlling the access device to access the accessed device via the target firewall;
and the determining module is used for determining a protection test result of the target firewall under the target protection strategy according to the access result of the access equipment to the accessed equipment.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
selecting a target protection strategy for testing from more than one protection strategies of a target firewall;
selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the accessed device from the simulation device set according to the target protection strategy;
controlling the access device to access the accessed device via the target firewall;
and determining a protection test result of the target firewall under the target protection strategy according to an access result of the access equipment to the accessed equipment.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
selecting a target protection strategy for testing from more than one protection strategies of a target firewall;
selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the accessed device from the simulation device set according to the target protection strategy;
controlling the access device to access the accessed device via the target firewall;
and determining a protection test result of the target firewall under the target protection strategy according to an access result of the access equipment to the accessed equipment.
The firewall testing method, the device, the computer equipment and the storage medium select a target protection strategy for testing from more than one protection strategies of a target firewall, select at least one simulation equipment for simulating the access equipment and at least one simulation equipment for simulating the accessed equipment from a simulation equipment set according to the target protection strategy, control the access equipment to access the accessed equipment through the target firewall, and determine a protection testing result of the target firewall under the target protection strategy according to an access result of the access equipment accessing the accessed equipment. Therefore, automatic testing can be performed on various protection strategies of the firewall, the comprehensiveness of the firewall testing is improved, and the possibility of potential safety hazards is greatly reduced.
Drawings
FIG. 1 is a flow diagram illustrating a firewall testing method according to an embodiment;
FIG. 2 is a block diagram of a firewall testing system in accordance with an embodiment;
FIG. 3 is a block diagram of a firewall testing system in accordance with another embodiment;
FIG. 4 is a block diagram of a firewall testing system in accordance with another embodiment;
FIG. 5 is a block diagram showing the structure of a firewall testing system in still another embodiment;
FIG. 6 is a schematic diagram of the communication between an accessing simulation device and an accessed simulation device in one embodiment;
FIG. 7 is a flowchart illustrating a firewall testing method according to another embodiment;
FIG. 8 is a block diagram showing the structure of a firewall testing apparatus according to an embodiment;
FIG. 9 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Cloud technology refers to a hosting technology for unifying serial resources such as hardware, software, network and the like in a wide area network or a local area network to realize calculation, storage, processing and sharing of data.
Cloud technology (Cloud technology) is based on a general term of network technology, information technology, integration technology, management platform technology, application technology and the like applied in a Cloud computing business model, can form a resource pool, is used as required, and is flexible and convenient. Cloud computing technology will become an important support. Background services of the technical network system require a large amount of computing and storage resources, such as video websites, picture-like websites and more web portals. With the high development and application of the internet industry, each article may have its own identification mark and needs to be transmitted to a background system for logic processing, data in different levels are processed separately, and various industrial data need strong system background support and can only be realized through cloud computing.
Cloud Security (Cloud Security) refers to a generic term for Security software, hardware, users, organizations, secure Cloud platforms for Cloud-based business model applications. The cloud security integrates emerging technologies and concepts such as parallel processing, grid computing and unknown virus behavior judgment, abnormal monitoring of software behaviors in the network is achieved through a large number of meshed clients, the latest information of trojans and malicious programs in the internet is obtained and sent to the server for automatic analysis and processing, and then the virus and trojan solution is distributed to each client.
The main research directions of cloud security include: 1. the cloud computing security mainly researches how to guarantee the security of the cloud and various applications on the cloud, including the security of a cloud computer system, the secure storage and isolation of user data, user access authentication, information transmission security, network attack protection, compliance audit and the like; 2. the cloud of the security infrastructure mainly researches how to adopt cloud computing to newly build and integrate security infrastructure resources and optimize a security protection mechanism, and comprises the steps of constructing a super-large-scale security event and an information acquisition and processing platform through a cloud computing technology, realizing the acquisition and correlation analysis of mass information, and improving the handling control capability and the risk control capability of the security event of the whole network; 3. the cloud security service mainly researches various security services, such as anti-virus services and the like, provided for users based on a cloud computing platform.
In one embodiment, as shown in fig. 1, a firewall testing method is provided, which is described by taking the method as an example applied to a computer device, and includes the following steps:
step 102, selecting a target protection strategy for testing from more than one protection strategies of the target firewall.
The target firewall is a firewall to be subjected to protection performance testing through the method provided by the embodiment of the application. The firewall can be implemented by computer hardware, computer software, or a combination of hardware and software.
The firewall is used for forming a protection barrier between the internal network and the external network, and the data flow between the internal network and the external network needs to pass through the firewall, and only the data flow which accords with the security policy can be released, so that the firewall can guarantee the data security of the internal network. The internal network may be a private network established based on an organization. An organization is a group or group of multiple objects combined in some manner, such as a school, class, business, department, or group. An intranet such as an enterprise intranet or a campus intranet, etc.
For convenience of description, in this embodiment, a device of the internal network is referred to as an accessed device, and a device of the external network is referred to as an accessed device. The accessed device may be a client or a server, and the access device may also be a client or a server. That is, the firewall may form a protection barrier between the server and the server to protect data security of the server of the internal network; the firewall may also form a protection barrier between the client and the server to protect data security of the client or the server of the internal network.
The protection policy is a protection function provided by the firewall, such as an access blocking function, an access allowing function, and the like. The access preventing function is used for blocking the access of the specified access device to the specified port of the specified access device, and the access allowing function is used for releasing the access of the specified access device to the specified port of the specified access device.
In an embodiment, the protection policy may specifically be an IP (Internet Protocol Address) policy, a domain name policy, a region policy, a blacklist policy, a whitelist policy, or the like.
Wherein the IP policy is used for preventing or allowing the access device with the specified IP address to access the specified port of the access device with the specified IP address. For example, the IP policy prevents a server with an IP address of 1.1.1.1 from accessing 80 ports of a server with an IP address of 2.2.2.2.
The domain name policy is used to prevent or allow an access device specifying a domain name to access a specified port of an accessed device specifying an IP address or an access device specifying an IP address to access a specified port of an accessed device specifying a domain name. For example, a server with an IP address of 1.1.1.1 is blocked from accessing the 80 port of the server with the domain name of www.xxx.com by the domain name policy.
The territorial policy is used for preventing or allowing the access equipment in a specified territory to access a specified port of the specified access equipment. For example, the IP address of Guangdong province is allowed to access 80 ports of the server with the IP address of 2.2.2.2 by a regional policy.
The blacklist policy is used to prevent a given access device from accessing a given port of a given accessed device. For example, a server with an IP address of 1.1.1.1 is blocked from accessing 80 ports of a server with an IP address of 2.2.2.2 by a blacklist policy. The white list policy is used for releasing the access of the specified access device to the specified port of the specified access device. For example, a server with an IP address of 1.1.1.1 is allowed to access 80 ports of a server with an IP address of 2.2.2.2 by the white list policy.
A firewall is required to have stable protection performance as a protection barrier for an internal network. The application provides a firewall testing method, which can be used for carrying out automatic testing on various protection strategies of a firewall, improves the comprehensiveness of firewall testing, and greatly reduces the possibility of potential safety hazards.
The testing system applied to the firewall testing method provided by the application comprises computer equipment with at least two roles. Specifically, the test system adopts a centralized master-slave scheduling framework, and computer equipment with two roles can be in master-slave relation. Where a "master" computer device (also referred to as a master node) is used to schedule "slave" computer devices (also referred to as slave nodes) that emulate either an access device or an accessed device, the set of slave nodes may be referred to as an emulated device set. For convenience of description, the present application refers to a simulation device simulating an access device as an access simulation device, and refers to a simulation device simulating an accessed device as an accessed simulation device.
In a particular embodiment, the master node may be an IDC (Internet Data Center) device that has access to the database of the internal network while communicating with the computer devices of the external network. The slave node may be a computer device of an external network, such as a server or a client of the external network.
For example, referring to fig. 2, fig. 2 is a block diagram of a firewall testing system in one embodiment. It can be seen that the master node may schedule the slave nodes such that the slave nodes emulate either the access device or the accessed device, testing the protection performance of the target firewall by controlling the access emulation device to access the accessed emulation device via the target firewall.
In one embodiment, a computer device, which may be a master node, selects a target protection policy for testing from more than one protection policy of a target firewall. The main node can select the protection strategies as the target protection strategies in turn according to a preset sequence from more than one protection strategies of the target firewall. For example, the protection policies of the target firewall include a first protection policy, a second protection policy, and a third protection policy, and the main node takes the first protection policy, the second protection policy, and the third protection policy as the target protection policies in turn.
And 104, selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the access device from the simulation device set according to the target protection strategy.
In one embodiment, the computer device selects at least one simulation device for simulating the access device and at least one simulation device for simulating the accessed device from the simulation device set according to the target protection policy, and the computer device may be a master node. The method specifically comprises the following conditions:
and (one) selecting one access simulation device and one accessed simulation device, so that the access simulation device accesses the accessed simulation device through the target firewall.
Selecting one access simulation device and at least two accessed simulation devices, so that the access simulation devices sequentially access the at least two accessed simulation devices through the target firewall; or selecting at least two access simulation devices and one accessed simulation device, so that the at least two access simulation devices access the accessed simulation devices through the target firewall.
And (III) selecting at least two access simulation devices and at least two access simulation devices, so that at least one of one-to-one access, one-to-many access or many-to-one access is realized between the at least two access simulation devices and the at least two access simulation devices. The "one-to-many access" is that the access simulation device accesses at least two accessed simulation devices via the target firewall in turn, and the "many-to-one access" is that the at least two access simulation devices access the accessed simulation devices via the target firewall.
In one embodiment, each simulated device may be an inherent device parameter, and the device parameter may specifically be an IP address, a domain name, or the like. For example, the target protection policy is a regional policy, the master node selects a simulation device of an IP address of guangdong province from the simulation device set as an access simulation device, and selects a simulation device of any IP address as an access simulation device.
In one embodiment, the device parameters of each simulated device may be configurable. The target protection policy may include a first device parameter and a second device parameter, and the first device parameter and the second device parameter may specifically be an IP address, a domain name, and the like. The master node configures the at least one simulated device to simulate the access device in accordance with the first device parameters and configures the at least one simulated device to simulate the access device in accordance with the second device parameters. For example, the target protection policy is a regional policy, the master node selects two pieces of simulation equipment from the simulation equipment set, configures an IP address of a designated region as an access simulation equipment for one piece of simulation equipment according to the first equipment parameter, and configures an IP address for the other piece of simulation equipment as an access simulation equipment according to the second equipment parameter.
In one embodiment, step 104 includes: generating a scheduling task according to a target protection strategy; selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the access device from the simulation device set based on the scheduling task; and creating a task record corresponding to the scheduling task to update the task state of the scheduling task.
The task record is used for recording the task state of the scheduling task. The task state may be an executing state, a completing state, an execution failing state, an ending state, etc.
Specifically, the master node generates a scheduling task according to a target protection strategy, and selects at least one access simulation device and at least one accessed simulation device from the simulation device set based on the scheduling task; and, the master node creates a task record corresponding to the scheduled task in the database to update and record the task status of the scheduled task through the task record.
For example, referring to fig. 3, fig. 3 is a block diagram of a firewall testing system in another embodiment. It can be seen that the master node creates a scheduling task, selects an access simulation device and an access simulation device based on the scheduling task, and creates a task record corresponding to the scheduling task in the database, where the task record can be updated according to an access result of the access simulation device to the access simulation device.
In one embodiment, the method further comprises: and when the task state of the scheduling task is a completion state, returning to the step of selecting a target protection strategy for testing from more than one protection strategies of the target firewall.
Specifically, the main node receives an access result of the access simulation device to the access simulation device, updates a task state of the scheduling task according to the access result, and when the task state of the scheduling task is a completion state, the main node continues to select a target protection policy from more than one protection policies of the target firewall for testing.
And step 106, controlling the access device to access the accessed device through the target firewall.
In one embodiment, a computer device, which may be a master node, controls access by an access device to an accessed device via a target firewall.
In one embodiment, step 106 includes: acquiring an access parameter of access equipment and an accessed parameter of the accessed equipment; generating a protection test rule according to the protection type, the access parameter and the accessed parameter, and sending the protection test rule to a target firewall so that the target firewall processes the access of the access equipment to the accessed equipment according to the protection test rule; and generating a protection test task according to the accessed parameters and sending the protection test task to the access equipment so that the access equipment accesses the accessed equipment through the target firewall according to the protection test task.
The access parameter of the access device may be an IP address, a domain name, and the like of the access device, and the accessed parameter of the access device may be an IP address, a domain name, an access port, and the like of the access device. The type of guard may be block access, allow access, etc.
Specifically, referring to fig. 4, fig. 4 is a block diagram of a firewall testing system in another embodiment. It can be seen that the master node issues the protection test rule to the target firewall, so that the target firewall processes the access of the access device to the accessed device according to the protection test rule.
For example, a protection test rule (prevent access, 1.1.1.1, 2.2.2.2, 80) is generated according to the protection type of block access, the access parameter of IP address 1.1.1.1, the access parameter of IP address 2.2.2.2 and port 80, and the target firewall takes blocking measures for the access request of the IP address 1.1.1.1 server to the port 80 of the IP address 2.2.2.2 server.
In particular, with continued reference to fig. 4, it can be seen that the master node issues a protection test task to the access device, so that the access device accesses the accessed device via the target firewall according to the protection test task.
In a specific embodiment, the computer device generates a protection test task according to the accessed parameters and the access times, and sends the protection test task to the access device.
For example, according to the fact that the accessed parameters are IP address 2.2.2.2 and port 80 and the number of accesses is 2, the protection test task (2.2.2, 80, 2) is issued to the access simulation device, the access simulation device initiates an access request to the port 80 of the accessed simulation device with IP address 2.2.2.2, and the number of access requests is 2.
And step 108, determining a protection test result of the target firewall under the target protection strategy according to the access result of the access equipment to the accessed equipment.
Wherein the access result may be a successful access or an unsuccessful access. The protection test result can be the protection success rate, and can also be the test is qualified or the test is unqualified.
In one embodiment, the computer device determines a protection test result of the target firewall under the target protection policy according to an access result of the access device accessing the accessed device. The computer device may be a master node or a slave node.
In one embodiment, step 108 includes: determining the protection success rate of a target firewall according to an access result of the access equipment for accessing the accessed equipment; and determining a protection test result of the target firewall under the target protection strategy according to the protection success rate.
Specifically, after the master node issues the protection test task to the access simulation equipment, the master node receives an access result returned by the access simulation equipment, and determines the protection success rate of the target firewall according to the access result.
In a specific embodiment, the protection success rate of the target firewall can be determined according to the total access times and the access success times included in the protection test task.
In one embodiment, generating a protection test task according to the accessed parameter and issuing the protection test task to the access device so that the access device accesses the accessed device through the target firewall according to the protection test task, includes: obtaining a protection test expected result of a target firewall under a target protection strategy; generating a protection test task according to the access times, the accessed parameters and the expected protection test result; the protection test task is issued to the access equipment, so that the access equipment determines the protection success rate of the target firewall according to the access result of the access equipment and the expected protection test result; the protection success rate is used for quantifying a protection test result of the target firewall under the target protection strategy.
For example, when the protection type is access blocking, the device that is not successfully accessed by the access device is the expected result of the protection test, and when the protection type is access allowing, the device that is successfully accessed by the access device is the expected result of the protection test.
Specifically, the main node generates a protection test task according to the access times, the accessed parameters and the expected protection test result, and sends the protection test task to the access simulation equipment, so that the access simulation equipment determines the protection success rate of the target firewall according to the access result, the expected protection test result and the access times of the accessed equipment, and returns the protection success rate to the main node. Therefore, the access simulation equipment executes the protection test task, the protection success rate is returned to the main node, the access simulation equipment is prevented from returning access results for multiple times, and computer resources are saved.
In one embodiment, the target safeguard policy includes a safeguard type; when the protection type is access prevention, the access device does not successfully access the accessed device to indicate that the protection is successful, and the access device successfully accesses the accessed device to indicate that the protection is failed; when the protection type is access permission, the access device successfully accesses the accessed device to indicate that the protection is successful, and the access device unsuccessfully accesses the accessed device to indicate that the protection is failed.
Specifically, the host node generates a protection test rule according to the protection type, the access parameter and the accessed parameter, and sends the protection test rule to the target firewall, and the target firewall processes the access of the access device to the accessed device according to the protection test rule. When the protection type is access prevention, if the access equipment does not successfully access the accessed equipment, the firewall protection is successful, and if the access equipment successfully accesses the accessed equipment, the firewall protection is failed; when the protection type is access permission, if the access device successfully accesses the accessed device, the firewall protection is successful, and if the access device does not successfully access the accessed device, the firewall protection is failed.
In practical application, the firewall testing method provided by the embodiment can sense the availability of each protection strategy of the firewall within ten minutes, and find hidden dangers in time, for example, the protection testing rules cannot be normally issued due to insufficient coverage of a machine room and the like.
In the firewall testing method, a target protection policy for testing is selected from more than one protection policies of a target firewall, at least one simulation device for simulating access equipment and at least one simulation device for simulating accessed equipment are selected from a simulation device set according to the target protection policy, the access equipment is controlled to access the accessed equipment through the target firewall, and a protection testing result of the target firewall under the target protection policy is determined according to an access result of the access equipment accessing the accessed equipment. Therefore, automatic testing can be performed on various protection strategies of the firewall, the comprehensiveness of the firewall testing is improved, and the possibility of potential safety hazards is greatly reduced.
In one embodiment, generating a protection test task according to the accessed parameter and issuing the protection test task to the access device so that the access device accesses the accessed device through the target firewall according to the protection test task, includes: generating a protection test task according to the accessed parameters; and issuing the protection test task to a first request response service process of the access equipment, so that after the first request response service process adds the protection test task to a task queue of the access equipment, a dial test process of the access equipment is triggered to sequentially read and execute the protection test task from the task queue, and the first request response service process is triggered to report an access result after the execution of the protection test task is completed.
The dial testing means that after the protection testing rule is configured on the firewall, the scheduling access simulation equipment accesses the accessed simulation equipment through the firewall so as to test whether the protection testing rule is effective or not. The dial testing process is used for the access simulation device to initiate an access request to the accessed simulation device through the firewall. And the task queue of the access device is used for storing the dial testing task of the access simulation device.
In particular, the slave node may include a first request response service process and a dial test process. The first request response service process is used for receiving a protection test task issued by the main node and adding the protection test task to a task queue of the access device; and after the execution of the protection test task is finished, reporting an access result to the main node. The dial testing process is used for reading the protection testing tasks from the task queue of the access device in sequence and executing the protection testing tasks, for one protection testing task, the dial testing process reads the protection testing task from the task queue, determines accessed parameters of the accessed simulation device according to the protection testing task, and accesses the accessed simulation device through the target firewall according to the accessed parameters.
For example, referring to fig. 5, fig. 5 is a block diagram of a firewall testing system in another embodiment. It can be seen that the access simulation device receives the protection test task issued by the master node through the first request response service process, and adds the protection test task to the task queue of the access device. And the access simulation equipment reads the protection test task from the task queue of the access equipment through the dial test process and executes the protection test task. After the execution of the protection test task is completed, the access simulation equipment reports an access result to the host node through the first request response service process.
In a specific embodiment, the first request-response service process may be a request-response Protocol, such as HTTP (HyperText Transfer Protocol), etc. The dial-up test process may be TCP (Transmission Control Protocol) or the like.
In a specific embodiment, the step of generating the protection test task according to the accessed parameters includes: and generating a protection test task according to the access times and the accessed parameters. The slave node receives a protection test task issued by the master node, acquires access times and accessed parameters according to the protection test task, and initiates access to the accessed simulation equipment according to the access times and the accessed parameters.
In a specific embodiment, the slave node further comprises a dial-up test process. The dialed test process is used for the accessed simulation equipment to receive the access request of the accessed simulation equipment. It is understood that each simulation device in the set of simulation devices may serve as both an access device and an accessed device. When the simulation device is used as an access device, an access request is sent to the accessed simulation device through the dial testing process, and when the simulation device is used as an accessed device, the access request for accessing the simulation device is received through the dial testing process.
By way of example, with continued reference to FIG. 5, it can be seen that the process under test receives an access request to access the emulated device.
In this embodiment, through the cooperation between the first request response service process and the dial test process, the accessed simulation device processes the access request initiated by the access simulation device through the target firewall, so as to test whether the protection test rule of the target firewall takes effect.
In one embodiment, the method further comprises: selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the accessed device from the simulation device set based on the scheduling task through a task scheduling process, and creating a task record corresponding to the scheduling task to update the task state of the scheduling task; after the protection test rule is issued to the target firewall and the protection test task is issued to the access device, the task scheduling process is set to be in a blocking state; receiving an access result through a second request response service process, and updating the task state of the scheduling task according to the access result; and when the task state of the scheduling task is a completion state, the blocking state of the task scheduling process is released, and the protection test rule issued to the target firewall is cleared through the task scheduling process.
In particular, the master node may include a task scheduling process and a second request response service process. The task scheduling process may be used to perform several functions:
and (one) selecting a target protection strategy for testing from more than one protection strategies of the target firewall.
Specifically, a target protection strategy for protection testing is loaded through a task scheduling process. The target safeguard policy may be at least one.
And (II) generating a scheduling task according to the target protection strategy, and selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the access device from the simulation device set based on the scheduling task.
Specifically, a scheduling task is generated according to a target protection strategy through a task scheduling process, and an access simulation device are selected based on the scheduling task.
And (III) creating a task record corresponding to the scheduling task to update the task state of the scheduling task.
Specifically, a task record corresponding to the scheduling task is created in the database through the task scheduling process, and the task record is used for recording the task state of the scheduling task.
And (IV) issuing the protection test rule to the target firewall.
Specifically, the protection test rule is issued to the target firewall through the task scheduling process.
And (V) issuing the protection test task to the access equipment.
Specifically, the protection test task is issued to the access device through a task scheduling process. The guard test task may be JSON (JavaScript Object Notation) data.
And (VI) when the task state of the scheduling task is the completion state, clearing the protection test rule issued to the target firewall.
Specifically, when the task state of the scheduling task is the completion state, the blocking state of the task scheduling process is released, and the protection test rule issued to the target firewall is cleared through the task scheduling process.
And (seventhly), updating the task state of the scheduling task to be the end state.
Specifically, the task state of the scheduling task in the database is updated to be the end state through the task scheduling process.
It will be appreciated that after the task scheduling process is unblocked, the task scheduling process may again perform the step of loading the target protection policy for the protection test.
For example, continuing to refer to fig. 5, it can be seen that the host node issues the protection test rule to the target firewall through the task scheduling process, issues the protection test task to the access device through the task scheduling process, clears the protection test rule issued to the target firewall through the task scheduling process, and updates the task state of the scheduling task in the database through the task scheduling process.
Specifically, after the master node issues the protection test rule to the target firewall through the task scheduling process and issues the protection test task to the access device, the task scheduling process may be set to be in a blocking state, and at this time, the second request response service process receives the access result uploaded by the slave node, and updates the task state of the scheduling task according to the access result.
For example, continuing to refer to fig. 5, it can be seen that the access result uploaded by the access simulation device is received by the second request response service process, and the task state of the scheduling task is updated according to the access result.
In a specific embodiment, the task scheduling process and the second request response service process may be a request-response Protocol, such as HTTP (HyperText Transfer Protocol), etc.
In this embodiment, through the cooperation between the task scheduling process and the second request response service process, the access simulation device initiates an access request to the accessed simulation device through the target firewall, so as to test whether the protection test rule of the target firewall takes effect.
In one embodiment, the method further comprises: transmitting the scheduling task to a task checking process through a task scheduling process; and searching an access log corresponding to the scheduling task through the task checking process, and determining a log record test result of the target firewall under the target protection strategy according to the search result.
Wherein the access log is used for recording the access record of the target firewall.
In a particular embodiment, the access log may be stored in a search server, such as an Elasticsearch or the like.
In a particular embodiment, the access log may include a traffic log, a hit log, and the like. The flow log is a record of requested accesses via the target firewall, and includes at least an access simulation device, an accessed simulation device, and a number of requested accesses. The hit log is a successful protection record of the target firewall, for example, when the protection type is access blocking, the access simulation device does not successfully access the accessed simulation device, and the access record is counted in the hit log.
In particular, the master node also includes a task checking process. The task checking process is used for determining a log record test result of the target firewall under the target protection strategy so as to check whether the access log has a condition of missing writing; and the task checking process writes the log record test result into the database.
For example, continuing to refer to fig. 5, it can be seen that the master node searches an access log corresponding to the scheduling task in the search server through the task inspection process, determines a log record test result of the target firewall under the target protection policy according to the search result, and writes the log record test result into the database through the task inspection process.
In a particular embodiment, the logging test result may be a log write success rate. And quantifying the log recording test result through the log writing success rate. The log writing success rate can be obtained by analyzing the task checking process based on the searching result and the access times.
In the embodiment, as the checking of the log consumes a lot of time, the task scheduling process and the task checking process respectively execute different tasks, wherein the task checking process is used for checking whether the access log has the condition of missed writing or not, so that the firewall performance testing efficiency is improved.
In one embodiment, controlling access to an accessed device via a target firewall includes: controlling the access equipment to send access information to the accessed equipment through the target firewall so that the accessed equipment feeds back response information to the access equipment; the access information and the application information are used to determine whether the access device successfully accesses the accessed device.
The access information may be a data packet composed of at least one element of numbers, letters, words, and the like.
Specifically, the dial testing process between the access simulation device and the accessed simulation device comprises establishing connection, transmitting and receiving data packets and closing connection. Referring to FIG. 6, FIG. 6 is a schematic diagram of communication between an accessing simulation device and an accessed simulation device in one embodiment. It can be seen that the connection between the access simulation device and the accessed simulation device is established first, then the access simulation device sends the access information to the accessed simulation device, and the accessed simulation device feeds back the response information to the access simulation device when receiving the access information. And when the access information and the response information are inconsistent, the access simulation device is judged to be failed to access the accessed simulation device.
In the embodiment, whether the access equipment successfully accesses the accessed equipment is detected through the access information and the response information, so that the accuracy of testing the target firewall is improved.
The application also provides an application scenario applying the firewall testing method. The application scenario may specifically be: the target firewall forms a protection barrier between the servers of the intranet and the servers of the extranet to protect the data security of the servers of the intranet.
Specifically, referring to fig. 7, the application of the firewall testing method in the application scenario is as follows:
step 702, selecting a target protection policy for testing from more than one protection policies of a target firewall.
Specifically, the master node selects a target protection policy for testing from more than one protection policy of the target firewall through a task scheduling process.
Step 704, generating a scheduling task according to the target protection policy, and selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the access device from the simulation device set based on the scheduling task.
Specifically, the master node generates a scheduling task according to a target protection strategy through a task scheduling process, and selects at least one access simulation device and at least one access simulation device from the simulation device set based on the scheduling task.
And the main node creates a task record corresponding to the scheduling task in the database through the task scheduling process so as to update the task state of the scheduling task.
Step 706, obtaining the access parameter of the access device and the accessed parameter of the access device, and generating a protection test rule according to the protection type, the access parameter and the accessed parameter, and sending the protection test rule to the target firewall, so that the target firewall processes the access of the access device to the accessed device according to the protection test rule.
And 708, generating a protection test task according to the accessed parameters and sending the protection test task to the access equipment so that the access equipment accesses the accessed equipment through the target firewall according to the protection test task.
Specifically, the main node generates a protection test task according to the accessed parameters, and issues the protection test task to the first request response service process of the access device, so that after the first request response service process adds the protection test task to the task queue of the access device, the dial test process of the access device is triggered to sequentially read and execute the protection test task from the task queue, and the first request response service process is triggered to report the access result after the execution of the protection test task is completed.
In a specific embodiment, the main node obtains a protection test expected result of the target firewall under the target protection policy, generates a protection test task according to the access times, the accessed parameters and the protection test expected result, and issues the protection test task to the access device, so that the access device determines the protection success rate of the target firewall according to the access result and the protection test expected result of the accessed device, and the protection success rate is used for quantifying the protection test result of the target firewall under the target protection policy. Therefore, after the execution of the protection test task is completed, the slave node can return the protection success rate to the master node, so that the access result is prevented from being returned for multiple times, and the computer resource is saved.
Step 710, determining a protection test result of the target firewall under the target protection policy according to an access result of the access device accessing the accessed device.
In a specific embodiment, the master node receives the access result uploaded by the slave node, determines the protection success rate of the target firewall according to the access result, and determines the protection test result of the target firewall under the target protection strategy according to the protection success rate.
In a specific embodiment, after the protection test rule is issued to the target firewall and the protection test task is issued to the access device, the task scheduling process is set to be in a blocking state; receiving an access result through a second request response service process, and updating the task state of the scheduling task according to the access result; and when the task state of the scheduling task is a completion state, removing the blocking state of the task scheduling process, clearing the protection test rules issued to the target firewall through the task scheduling process, and returning to the step of selecting the target protection strategy for testing from more than one protection strategies of the target firewall.
In a specific embodiment, the scheduling task is transmitted to the task checking process through the task scheduling process, the access log corresponding to the scheduling task is searched through the task checking process, and the log record test result of the target firewall under the target protection strategy is determined according to the search result.
The firewall testing method provided by the embodiment can be used for automatically testing various protection strategies of the firewall, improves the comprehensiveness of the firewall testing, and greatly reduces the possibility of potential safety hazards.
It should be understood that, although the steps in the flowcharts of fig. 2 and 7 are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 2 and 7 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of performing the steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least a portion of the steps or stages in other steps.
In one embodiment, as shown in fig. 8, there is provided a firewall testing apparatus, which may be a part of a computer device using a software module or a hardware module, or a combination of the two modules, and specifically includes: a selection module 802, a control module 804, and a determination module 806, wherein:
a selecting module 802, configured to select a target protection policy for testing from more than one protection policies of a target firewall;
a selecting module 802, further configured to select, according to the target protection policy, at least one simulation device for simulating the access device and at least one simulation device for simulating the accessed device from the simulation device set;
a control module 804 for controlling the access device to access the accessed device via the target firewall;
the determining module 806 is configured to determine, according to an access result of the access device accessing the accessed device, a protection test result of the target firewall under the target protection policy.
In one embodiment, the selecting module 802 is further configured to: generating a scheduling task according to a target protection strategy; selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the access device from the simulation device set based on the scheduling task; creating a task record corresponding to the scheduling task to update the task state of the scheduling task; the firewall testing device also comprises a return module, wherein the return module is used for: and when the task state of the scheduling task is a completion state, returning to the step of selecting a target protection strategy for testing from more than one protection strategies of the target firewall.
In one embodiment, the control module 804 is further configured to: acquiring an access parameter of access equipment and an accessed parameter of the accessed equipment; generating a protection test rule according to the protection type, the access parameter and the accessed parameter, and sending the protection test rule to a target firewall so that the target firewall processes the access of the access equipment to the accessed equipment according to the protection test rule; and generating a protection test task according to the accessed parameters and sending the protection test task to the access equipment so that the access equipment accesses the accessed equipment through the target firewall according to the protection test task.
In one embodiment, the control module 804 is further configured to: generating a protection test task according to the accessed parameters; and issuing the protection test task to a first request response service process of the access equipment, so that after the first request response service process adds the protection test task to a task queue of the access equipment, a dial test process of the access equipment is triggered to sequentially read and execute the protection test task from the task queue, and the first request response service process is triggered to report an access result after the execution of the protection test task is completed.
In one embodiment, the firewall testing apparatus further includes an execution module, a setting module, an updating module, and a releasing module, where the execution module is configured to: selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the accessed device from the simulation device set based on the scheduling task through a task scheduling process, and creating a task record corresponding to the scheduling task to update the task state of the scheduling task; a setup module to: after the protection test rule is issued to the target firewall and the protection test task is issued to the access device, the task scheduling process is set to be in a blocking state; an update module to: receiving an access result through a second request response service process, and updating the task state of the scheduling task according to the access result; a dismiss module to: and when the task state of the scheduling task is a completion state, the blocking state of the task scheduling process is released, and the protection test rule issued to the target firewall is cleared through the task scheduling process.
In one embodiment, the firewall testing apparatus further includes a transferring module and a searching module, the transferring module is configured to: transmitting the scheduling task to a task checking process through a task scheduling process; a lookup module to: and searching an access log corresponding to the scheduling task through the task checking process, and determining a log record test result of the target firewall under the target protection strategy according to the search result.
In one embodiment, the control module 804 is further configured to: obtaining a protection test expected result of a target firewall under a target protection strategy; generating a protection test task according to the access times, the accessed parameters and the expected protection test result; the protection test task is issued to the access equipment, so that the access equipment determines the protection success rate of the target firewall according to the access result of the access equipment and the expected protection test result; the protection success rate is used for quantifying a protection test result of the target firewall under the target protection strategy.
In one embodiment, the determining module 806 is further configured to: determining the protection success rate of a target firewall according to an access result of the access equipment for accessing the accessed equipment; and determining a protection test result of the target firewall under the target protection strategy according to the protection success rate.
In one embodiment, the target safeguard policy includes a safeguard type; when the protection type is access prevention, the access device does not successfully access the accessed device to indicate that the protection is successful, and the access device successfully accesses the accessed device to indicate that the protection is failed; when the protection type is access permission, the access device successfully accesses the accessed device to indicate that the protection is successful, and the access device unsuccessfully accesses the accessed device to indicate that the protection is failed.
In one embodiment, the control module 804 is further configured to: controlling the access equipment to send access information to the accessed equipment through the target firewall so that the accessed equipment feeds back response information to the access equipment; the access information and the application information are used to determine whether the access device successfully accesses the accessed device.
For the specific definition of the firewall testing apparatus, reference may be made to the above definition of the firewall testing method, and details are not described here. The modules in the firewall testing device can be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
The firewall testing device selects a target protection policy for testing from more than one protection policies of a target firewall, selects at least one simulation device for simulating access equipment and at least one simulation device for simulating accessed equipment from a simulation device set according to the target protection policy, controls the access equipment to access the accessed equipment through the target firewall, and determines a protection testing result of the target firewall under the target protection policy according to an access result of the access equipment accessing the accessed equipment. Therefore, automatic testing can be performed on various protection strategies of the firewall, the comprehensiveness of the firewall testing is improved, and the possibility of potential safety hazards is greatly reduced.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 9. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used to store firewall test data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a firewall testing method.
Those skilled in the art will appreciate that the architecture shown in fig. 9 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is further provided, which includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the above method embodiments when executing the computer program.
In an embodiment, a computer-readable storage medium is provided, in which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
In one embodiment, a computer program product or computer program is provided that includes computer instructions stored in a computer-readable storage medium. The computer instructions are read by a processor of a computer device from a computer-readable storage medium, and the computer instructions are executed by the processor to cause the computer device to perform the steps in the above-mentioned method embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (15)
1. A firewall testing method, characterized in that the method comprises:
selecting a target protection strategy for testing from more than one protection strategies of a target firewall;
selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the accessed device from a simulation device set according to the target protection strategy;
controlling the access device to access the accessed device via the target firewall;
and determining a protection test result of the target firewall under the target protection strategy according to an access result of the access equipment to the accessed equipment.
2. The method of claim 1, wherein selecting at least one emulated device from a set of emulated devices for emulating an access device and at least one emulated device for emulating an access device in accordance with the target protection policy comprises:
generating a scheduling task according to the target protection strategy;
selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the access device from the simulation device set based on the scheduling task;
creating a task record corresponding to the scheduling task to update the task state of the scheduling task;
the method further comprises the following steps:
and when the task state of the scheduling task is a completion state, returning to the more than one protection strategies of the target firewall and selecting the target protection strategy for testing.
3. The method of claim 2, wherein the controlling the access device to access the accessed device via the target firewall comprises:
acquiring an access parameter of the access equipment and an accessed parameter of the accessed equipment;
generating a protection test rule according to the protection type, the access parameter and the accessed parameter, and sending the protection test rule to the target firewall so that the target firewall processes the access of the access equipment to the accessed equipment according to the protection test rule;
and generating a protection test task according to the accessed parameters and sending the protection test task to the access equipment so that the access equipment accesses the accessed equipment through the target firewall according to the protection test task.
4. The method of claim 3, wherein the generating a protection test task according to the accessed parameter and sending the protection test task to the access device, so that the access device accesses the accessed device through the target firewall according to the protection test task comprises:
generating the protection test task according to the accessed parameters;
and issuing the protection test task to a first request response service process of the access equipment, so that after the first request response service process adds the protection test task to a task queue of the access equipment, a dial test process of the access equipment is triggered to sequentially read and execute the protection test task from the task queue, and the first request response service process is triggered to report an access result after the execution of the protection test task is completed.
5. The method of claim 4, further comprising:
executing, by a task scheduling process, the step of selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the accessed device from the simulation device set based on the scheduling task, and the step of creating a task record corresponding to the scheduling task to update a task state of the scheduling task;
after the protection test rule is issued to the target firewall and the protection test task is issued to the access device, setting the task scheduling process to be in a blocking state;
receiving the access result through a second request response service process, and updating the task state of the scheduling task according to the access result;
and when the task state of the scheduling task is a completion state, removing the blocking state of the task scheduling process, and clearing the protection test rule issued to the target firewall through the task scheduling process.
6. The method of claim 5, further comprising:
transmitting the scheduling task to a task checking process through the task scheduling process;
and searching an access log corresponding to the scheduling task through the task checking process, and determining a log record test result of the target firewall under the target protection strategy according to a search result.
7. The method of claim 3, wherein the generating a protection test task according to the accessed parameter and sending the protection test task to the access device, so that the access device accesses the accessed device through the target firewall according to the protection test task comprises:
obtaining the expected protection test result of the target firewall under the target protection strategy;
generating the protection test task according to the access times, the accessed parameters and the expected protection test result;
the protection test task is issued to the access equipment, so that the access equipment determines the protection success rate of the target firewall according to the access result of the access equipment and the expected protection test result; the protection success rate is used for quantifying a protection test result of the target firewall under the target protection strategy.
8. The method of claim 1, wherein the determining, according to the access result of the access device accessing the accessed device, the protection test result of the target firewall under the target protection policy comprises:
determining the protection success rate of the target firewall according to the access result of the access equipment to the accessed equipment;
and determining a protection test result of the target firewall under the target protection strategy according to the protection success rate.
9. The method of claim 8, wherein the target safeguard policy comprises a safeguard type; when the protection type is access prevention, the access device does not successfully access the accessed device to indicate that protection is successful, and the access device successfully accesses the accessed device to indicate that protection is failed; and when the protection type is access permission, the access device indicates that the protection is successful when successfully accessing the accessed device, and the access device fails to successfully access the accessed device and indicates that the protection fails.
10. The method of claim 9, wherein the controlling the access device to access the accessed device via the target firewall comprises:
controlling the access device to send access information to the accessed device through the target firewall so that the accessed device feeds back response information to the access device; the access information and the response information are used to determine whether the access device successfully accessed the accessed device.
11. A firewall testing apparatus, characterized in that the apparatus comprises:
the selection module is used for selecting a target protection strategy for testing from more than one protection strategies of the target firewall;
the selecting module is further configured to select at least one simulation device for simulating the access device and at least one simulation device for simulating the accessed device from a simulation device set according to the target protection policy;
a control module to control the access device to access the accessed device via the target firewall;
and the determining module is used for determining a protection test result of the target firewall under the target protection strategy according to an access result of the access equipment accessing the accessed equipment.
12. The apparatus of claim 11, wherein the selecting module is further configured to: generating a scheduling task according to the target protection strategy; selecting at least one simulation device for simulating the access device and at least one simulation device for simulating the access device from the simulation device set based on the scheduling task; creating a task record corresponding to the scheduling task to update the task state of the scheduling task; and the return module is used for returning to the step of selecting the target protection strategy for testing from more than one protection strategy of the target firewall when the task state of the scheduling task is the completion state.
13. The apparatus of claim 11, wherein the target safeguard policy comprises a safeguard type; the control module is further configured to: acquiring an access parameter of the access equipment and an accessed parameter of the accessed equipment; generating a protection test rule according to the protection type, the access parameter and the accessed parameter, and sending the protection test rule to the target firewall so that the target firewall processes the access of the access equipment to the accessed equipment according to the protection test rule; and generating a protection test task according to the accessed parameters and sending the protection test task to the access equipment so that the access equipment accesses the accessed equipment through the target firewall according to the protection test task.
14. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor realizes the steps of the method of any one of claims 1 to 10 when executing the computer program.
15. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011285261.4A CN112398857B (en) | 2020-11-17 | 2020-11-17 | Firewall testing method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011285261.4A CN112398857B (en) | 2020-11-17 | 2020-11-17 | Firewall testing method, device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112398857A true CN112398857A (en) | 2021-02-23 |
| CN112398857B CN112398857B (en) | 2023-07-25 |
Family
ID=74600518
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011285261.4A Active CN112398857B (en) | 2020-11-17 | 2020-11-17 | Firewall testing method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112398857B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113391967A (en) * | 2021-06-16 | 2021-09-14 | 杭州迪普科技股份有限公司 | Packet filtering test method and device for firewall |
| CN114448665A (en) * | 2021-12-22 | 2022-05-06 | 天翼云科技有限公司 | Method and device for detecting WEB application firewall rules and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101115057A (en) * | 2006-07-27 | 2008-01-30 | 中兴通讯股份有限公司 | Tactic management based firewall system and dispatching method |
| CN103746885A (en) * | 2014-01-28 | 2014-04-23 | 中国人民解放军信息安全测评认证中心 | Test system and test method oriented to next-generation firewall |
| US9553845B1 (en) * | 2013-09-30 | 2017-01-24 | F5 Networks, Inc. | Methods for validating and testing firewalls and devices thereof |
| CN109067779A (en) * | 2018-09-17 | 2018-12-21 | 平安科技(深圳)有限公司 | The method, apparatus and computer equipment of optimization firewall based on security protection |
| CN111641601A (en) * | 2020-05-12 | 2020-09-08 | 中信银行股份有限公司 | Firewall management method, device, equipment and storage medium |
-
2020
- 2020-11-17 CN CN202011285261.4A patent/CN112398857B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101115057A (en) * | 2006-07-27 | 2008-01-30 | 中兴通讯股份有限公司 | Tactic management based firewall system and dispatching method |
| US9553845B1 (en) * | 2013-09-30 | 2017-01-24 | F5 Networks, Inc. | Methods for validating and testing firewalls and devices thereof |
| CN103746885A (en) * | 2014-01-28 | 2014-04-23 | 中国人民解放军信息安全测评认证中心 | Test system and test method oriented to next-generation firewall |
| CN109067779A (en) * | 2018-09-17 | 2018-12-21 | 平安科技(深圳)有限公司 | The method, apparatus and computer equipment of optimization firewall based on security protection |
| CN111641601A (en) * | 2020-05-12 | 2020-09-08 | 中信银行股份有限公司 | Firewall management method, device, equipment and storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113391967A (en) * | 2021-06-16 | 2021-09-14 | 杭州迪普科技股份有限公司 | Packet filtering test method and device for firewall |
| CN114448665A (en) * | 2021-12-22 | 2022-05-06 | 天翼云科技有限公司 | Method and device for detecting WEB application firewall rules and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112398857B (en) | 2023-07-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11017107B2 (en) | Pre-deployment security analyzer service for virtual computing resources | |
| Tian et al. | Real-time lateral movement detection based on evidence reasoning network for edge computing environment | |
| US10904277B1 (en) | Threat intelligence system measuring network threat levels | |
| Zhang et al. | An IoT honeynet based on multiport honeypots for capturing IoT attacks | |
| CN112073411B (en) | Network security deduction method, device, equipment and storage medium | |
| Wang et al. | ThingPot: an interactive Internet-of-Things honeypot | |
| Scott-Hayward et al. | Operationcheckpoint: Sdn application control | |
| CN110880983A (en) | Penetration testing method and device based on scene, storage medium and electronic device | |
| Futoransky et al. | Simulating cyber-attacks for fun and profit | |
| CN112398857B (en) | Firewall testing method, device, computer equipment and storage medium | |
| CN112104514A (en) | Multi-view network attack and defense simulation system | |
| Pacheco et al. | Anomaly behavior analysis for IoT network nodes | |
| US11637861B2 (en) | Reachability graph-based safe remediations for security of on-premise and cloud computing environments | |
| CN111262875B (en) | Server safety monitoring method, device, system and storage medium | |
| Djap et al. | Xb-pot: Revealing honeypot-based attacker’s behaviors | |
| Adler et al. | Using machine learning for behavior-based access control: Scalable anomaly detection on tcp connections and http requests | |
| Baiardi et al. | Twin based continuous patching to minimize cyber risk | |
| CN116915516B (en) | Software cross-cloud delivery method, transfer server, target cloud and storage medium | |
| US20080072321A1 (en) | System and method for automating network intrusion training | |
| KR101458930B1 (en) | Apparatus and method for smart terminal fuzzing using multi node | |
| CN114189383A (en) | Blocking method, device, electronic equipment, medium and computer program product | |
| Mughal et al. | A centralized reputation management scheme for isolating malicious controller (s) in distributed software-defined networks | |
| Tiloca et al. | SEA++: A Framework for Evaluating the Impact of Security Attacks in OMNeT++/INET | |
| KR20210106896A (en) | System for managing security control and method thereof | |
| Mills | Enhancing Anomaly Detection Techniques for Emerging Threats |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40038347 Country of ref document: HK |
|
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |