CN117499140A - Method, device and machine-readable storage medium for automatically protecting network assets - Google Patents

Method, device and machine-readable storage medium for automatically protecting network assets Download PDF

Info

Publication number
CN117499140A
CN117499140A CN202311562140.3A CN202311562140A CN117499140A CN 117499140 A CN117499140 A CN 117499140A CN 202311562140 A CN202311562140 A CN 202311562140A CN 117499140 A CN117499140 A CN 117499140A
Authority
CN
China
Prior art keywords
asset
type
asset type
server
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311562140.3A
Other languages
Chinese (zh)
Inventor
张朝健
谌颐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202311562140.3A priority Critical patent/CN117499140A/en
Publication of CN117499140A publication Critical patent/CN117499140A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application discloses a method, a device and a machine-readable storage medium for automatically protecting network assets. The method comprises the following steps: constructing a preset network asset type library; under the condition that the flow data is detected to pass through the firewall, grabbing and matching the flow data to identify network asset information in the flow data; matching a preset network asset type library according to the packet header information of the flow data to determine the asset type of the network asset information; and generating a security access control policy corresponding to the asset type and starting a security protection engine corresponding to the asset type. According to the method and the system, the network asset types can be classified in detail through the preset network asset type library, and then the access control strategy is automatically generated and the corresponding safety protection engine is configured according to the asset types of the network assets, so that the operation and maintenance are simplified, and the safety of the omnibearing protection server is guaranteed.

Description

Method, device and machine-readable storage medium for automatically protecting network assets
Technical Field
The present application relates to the field of computer network security technologies, and in particular, to a method, an apparatus, and a machine-readable storage medium for automatically protecting a network asset.
Background
In the digital age today, a server is an indispensable part of a network asset, and carries various key services and sensitive data, once damaged or data is stolen, the production of the enterprise is greatly influenced, and even social public safety is influenced, so the safety protection and management of the server asset are very important. However, many enterprises have had a bit of negligence in web server asset management, including: part of servers which do not have problems in long-term normal operation, servers which are newly online, and the like. And server assets having the above problems are easily targets for hacking. If the user does not update and fix the vulnerabilities in time, a hacker can easily obtain access rights to the web server and steal sensitive data or destroy the business process. Therefore, protection of the server is particularly important for enterprises. Current security policies for servers on the firewall are typically manually added by an administrator, and there may be a security engine mismatch, thereby creating a security blind spot and then triggering a security event.
Therefore, the protection method for the network asset, especially for the server asset, adopted in the prior art has the problem that protection is not in place due to human errors.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method, an apparatus, and a machine-readable storage medium for automatically protecting a network asset, so as to solve the problem that the protection of the network asset, especially the protection of a server asset, adopted in the prior art is not in place due to human error.
To achieve the above object, a first aspect of the present application provides a method for automatically protecting a network asset, including:
constructing a preset network asset type library;
under the condition that the flow data is detected to pass through the firewall, grabbing and matching the flow data to identify network asset information in the flow data;
matching a preset network asset type library according to the packet header information of the flow data to determine the asset type of the network asset information;
and generating a security access control policy corresponding to the asset type and starting a security protection engine corresponding to the asset type.
In an embodiment of the present application, matching a preset network asset type library according to header information of traffic data to determine an asset type of the network asset information includes:
determining the asset type as the server type under the condition that the packet header information of the flow data is matched with the server type operating system;
under the condition that the packet header information of the flow data is matched with a terminal type operating system, determining the asset type as the terminal type;
under the condition that the packet header information of the flow data is matched with the network equipment operating system, determining the asset type as the network equipment type;
and determining the asset type as a preset type in the case that the packet header information of the flow data is matched with other operating systems or is not matched with the operating systems.
In an embodiment of the present application, the server type includes a plurality of sub-types, and in a case where the asset type is the server type, the method further includes:
acquiring application software information in a packet header field of flow data;
application software information is matched and identified to determine the subtype to which the asset type belongs.
In an embodiment of the present application, matching and identifying application software information to determine the subtype to which the asset type belongs includes:
judging that the asset type is a database server subtype under the condition that the application software information is matched with the database software or identified as a database protocol;
under the condition that the application software information is matched with middleware or identified as HTTP protocol, judging that the belonged asset type is a WEB server subtype;
and judging that the asset type is a preset server subtype under the condition that the application software information is matched with other application software or is not matched with the application software.
In an embodiment of the present application, generating a security access control policy corresponding to an asset type and starting a security guard engine corresponding to the asset type includes:
and under the condition that the asset type is a database server subtype, generating a preset security access control strategy and starting a security protection engine containing database protection.
In an embodiment of the present application, generating a security access control policy corresponding to an asset type and starting a security guard engine corresponding to the asset type includes:
and under the condition that the asset type is a WEB server subtype, generating a preset security access control strategy and starting a security protection engine containing website intrusion prevention.
In an embodiment of the present application, generating a security access control policy corresponding to an asset type and starting a security guard engine corresponding to the asset type includes:
and under the condition that the asset type is a preset server subtype, generating a preset security access control strategy and starting a security protection engine comprising intrusion prevention, virus protection and stiff wood vermicular protection.
In an embodiment of the present application, the method further includes:
and adjusting the security access control strategy according to the instruction sent by the client.
A second aspect of the present application provides an apparatus for automatically protecting a network asset, comprising:
a memory configured to store instructions; and
a processor configured to invoke the instructions from the memory and to enable the method of network asset auto-protection described above when the instructions are executed.
A third aspect of the present application provides a machine-readable storage medium having stored thereon instructions for causing a machine to perform the above-described method of automatically securing a network asset.
Through the technical scheme, a preset network asset type library is firstly constructed; under the condition that the flow data is detected to pass through the firewall, grabbing and matching the flow data to identify network asset information in the flow data; then matching a preset network asset type library according to the packet header information of the flow data to determine the asset type of the network asset information; and finally, generating a security access control strategy corresponding to the asset type and starting a security protection engine corresponding to the asset type. According to the method and the system, the network asset types can be classified in detail through the preset network asset type library, and then the access control strategy is automatically generated and the corresponding safety protection engine is configured according to the asset types of the network assets, so that the operation and maintenance are simplified, and the safety of the omnibearing protection server is guaranteed.
Additional features and advantages of embodiments of the present application will be set forth in the detailed description that follows.
Drawings
The accompanying drawings are included to provide a further understanding of embodiments of the present application and are incorporated in and constitute a part of this specification, illustrate embodiments of the present application and together with the description serve to explain, without limitation, the embodiments of the present application. In the drawings:
fig. 1 is a schematic flow chart of a method for automatically protecting a network asset according to an embodiment of the present application;
FIG. 2 is a flow chart of a method for automatically protecting server assets according to an embodiment of the present application;
fig. 3 is a block diagram of an apparatus for automatically protecting a network asset according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it should be understood that the specific implementations described herein are only for illustrating and explaining the embodiments of the present application, and are not intended to limit the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present application based on the embodiments herein.
It should be noted that, in the embodiment of the present application, directional indications (such as up, down, left, right, front, and rear … …) are referred to, and the directional indications are merely used to explain the relative positional relationship, movement conditions, and the like between the components in a specific posture (as shown in the drawings), and if the specific posture is changed, the directional indications are correspondingly changed.
In addition, if there is a description of "first", "second", etc. in the embodiments of the present application, the description of "first", "second", etc. is for descriptive purposes only and is not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be regarded as not exist and not within the protection scope of the present application.
Fig. 1 is a flow chart of a method for automatically protecting a network asset according to an embodiment of the present application. As shown in fig. 1, an embodiment of the present application provides a method for automatically protecting a network asset, which may include the following steps:
step 101, constructing a preset network asset type library;
102, under the condition that the flow data is detected to pass through the firewall, grabbing and matching the flow data to identify network asset information in the flow data;
step 103, matching a preset network asset type library according to the header information of the flow data to determine the asset type of the network asset information;
step 104, generating a security access control strategy corresponding to the asset type and starting a security protection engine corresponding to the asset type.
In the embodiment of the present application, the preset network asset type library refers to a database containing multiple network asset types obtained by classifying network assets in detail. In one example, the network asset types in the preset network asset type library may include a server type, a terminal type, a network device type, and a preset type, where the preset type refers to other types that are not explicitly categorized. Because the above network asset types are mainly classified according to the operating systems, each network asset type corresponds to a plurality of specific operating systems. Thus, the security protection can be more accurate by carefully classifying the network asset types.
Specifically, when the traffic passes through the firewall, the firewall data analysis module performs grabbing and matching on the traffic data, and identifies traffic characteristics in the traffic, so as to accurately identify network asset information existing in the traffic data. The network asset information corresponding to the flow data may include operating system information, application software information, and application layer protocol information.
It may be appreciated that, the header information of the flow data includes corresponding operating system information, and in order to determine the asset type of the network asset information, a preset network asset type library may be matched according to the header information of the flow data, so as to determine the asset type of the network asset information. For example, when the header information matches an operating system of a server class, it may be determined that the asset type of the network asset information is a server type; when the packet header information is matched with a terminal class operating system, determining that the asset type of the network asset information is a terminal type; when the header information matches a network device class operating system, the asset type of the network asset information may be determined to be a network device type.
It can be understood that, in order to realize the deep protection of the network asset security, after the network asset is classified in detail, the security access control policy and the security protection engine corresponding to each asset type can be set for different classified asset types, so as to realize the targeted protection. Specifically, in the case that the asset type of the network asset information is determined, the security access policy corresponding to the asset type may be directly and automatically generated, and the security protection engine corresponding to the asset type may be started. In this way, security of the network asset can be ensured in all directions.
Through the technical scheme, a preset network asset type library is firstly constructed; under the condition that the flow data is detected to pass through the firewall, grabbing and matching the flow data to identify network asset information in the flow data; then matching a preset network asset type library according to the packet header information of the flow data to determine the asset type of the network asset information; and finally, generating a security access control strategy corresponding to the asset type and starting a security protection engine corresponding to the asset type. According to the method and the system, the network asset types can be classified in detail through the preset network asset type library, and then the access control strategy is automatically generated and the corresponding safety protection engine is configured according to the asset types of the network assets, so that the operation and maintenance are simplified, and the safety of the omnibearing protection server is guaranteed.
In this embodiment, step 103, matching a preset network asset type library according to header information of the traffic data to determine an asset type of the network asset information may include:
determining the asset type as the server type under the condition that the packet header information of the flow data is matched with the server type operating system;
under the condition that the packet header information of the flow data is matched with a terminal type operating system, determining the asset type as the terminal type;
under the condition that the packet header information of the flow data is matched with the network equipment operating system, determining the asset type as the network equipment type;
and determining the asset type as a preset type in the case that the packet header information of the flow data is matched with other operating systems or is not matched with the operating systems.
Specifically, the server class operating system may include windows server, linux, and the like; the terminal class operating system can comprise windows7/8/10/11 and the like; the network appliance class operating system may include an IOS or COS system (cisco switch), a VRP system (wau switch), a Comware system (wau switch), and the like.
It can be appreciated that when the operating system for matching the header information of the traffic data is a windows server or a linux, the asset type of the corresponding network asset information can be classified as a server type. When the operating system matched with the packet header information of the traffic data is any one of windows7/8/10/11, the asset type of the corresponding network asset information can be classified as a terminal type. When the operating system for packet header information matching of the traffic data is any one of an IOS or COS system, a VRP system, and a Comware system, the asset type of its corresponding network asset information may be classified as a network device type. When the header information of the flow data cannot be matched with the operating system or other operating systems, the asset type of the corresponding network asset information can be classified as a preset type. The preset type is other types which are not divided. As a second time, the asset type of the corresponding network asset information can be quickly determined through the packet header information of the flow data so as to facilitate the subsequent targeted protection.
In an embodiment of the present application, the server type includes a plurality of sub-types, and in a case where the asset type is the server type, the method may further include:
acquiring application software information in a packet header field of flow data;
application software information is matched and identified to determine the subtype to which the asset type belongs.
It will be appreciated that since a server asset, which is one of the network assets, is most important for the enterprise users, enterprise critical data is stored on the server, and once it is attacked, it causes interruption of the service or leakage of data, with the consequences being not considered. Thus, to protect server asset security deeply, server types may be further subdivided into multiple sub-types to facilitate more precise security protection of the server. In one example, the plurality of sub-types of server types may include a database server sub-type, a WEB server sub-type, and a preset server sub-type. Wherein the preset server subtype is also called other server subtype.
Specifically, when a database service is deployed in the server, and when other users access the database server, the flow packet header contains information such as a database protocol, a database category and the like. When the middleware is deployed in the server, when other users access the middleware server, the traffic packet headers also contain middleware types and HTTP protocol information, and the firewall can identify and identify the information of the traffic packet headers and then classify according to the information. Accordingly, in the case where it has been determined that the asset type of the network asset information is the server type, the subtype of the server type to which the network asset information belongs may be further determined from the application software information in the header field of the traffic data. Thus, the server asset is convenient to accurately protect later.
In embodiments of the present application, matching and identifying application software information to determine the subtype to which the asset type belongs may include:
judging that the asset type is a database server subtype under the condition that the application software information is matched with the database software or identified as a database protocol;
under the condition that the application software information is matched with middleware or identified as HTTP protocol, judging that the belonged asset type is a WEB server subtype;
and judging that the asset type is a preset server subtype under the condition that the application software information is matched with other application software or is not matched with the application software.
Specifically, the database software includes Mysql, oracle, SQL Server, etc., and the database protocol includes Mysql protocol, oracle protocol, SQLServer protocol, etc. Middleware includes tomcat, weblogic, apache and IIS, etc.
It will be appreciated that in the event that the application software information in the header fields of the traffic data matches database software (e.g., mysql, oracle, SQL Server, etc.) or identifies a database protocol (e.g., mySQL protocol, oracle protocol, SQLServer protocol, etc.), then the database Server sub-types are automatically categorized as Server types. In the event that the application software information in the header field of the traffic data matches middleware software (e.g., tomcat, weblogic, apache, IIS, etc.) or is identified as HTTP protocol, then the WEB server subtype is automatically categorized as a server type. In case the application information in the header field of the traffic data is other application or no application is detected, the preset server sub-type is automatically classified as a server type. Wherein the preset server subtype is also called other server subtype.
Therefore, through the method, the user network asset information is automatically identified and classified in detail by means of passive traffic, the server assets can be further subdivided into database server types, WEB server types and preset types, and operation and maintenance personnel are not required to manually add the asset and the server classifications, so that operation and maintenance can be simplified.
In the embodiment of the application, after the firewall finishes identifying the asset type of the network asset information, in order to more effectively protect the server asset, for the server asset, a security access control policy is automatically generated for the subtypes of different server types respectively, and a corresponding security protection engine is started.
In one example, the security protection engine of the server may include Intrusion Prevention (IPS), virus protection (AV), stiff wood vermicular protection (TVD), database protection (SQP), and website intrusion prevention (WAF). The intrusion protection can monitor network attacks in real time, detect intrusions, and perform operations such as alarming and interception on the network attacks according to configuration. The virus protection can actively filter and intercept the malicious software or codes such as viruses, malicious codes, malicious software and the like. The stiff wood vermicular protection can detect, prevent and intercept activities such as Trojan horse, worm, botnet and the like. The database protection can realize the protection of database risk sentences, database baseline learning, database object name feature definition and the like, and realize the effective protection of a database server. The website intrusion prevention can realize detection and prevention of attack behaviors aiming at the Web server. It will be appreciated that the security engines corresponding to the sub-types of each server may include one or more of the above, and that the security engines corresponding to the sub-types of different servers may not be identical. Thus, different security protection engine strategies can be automatically started aiming at the subtypes of different server types, so that the server can be effectively protected.
In an embodiment of the present application, generating the security access control policy corresponding to the asset type and starting the security guard engine corresponding to the asset type may include:
and under the condition that the asset type is a database server subtype, generating a preset security access control strategy and starting a security protection engine containing database protection.
Specifically, the preset security access policy is "source: any "-" purpose: server IP "-" action: an allowed policy. It will be appreciated that in the case where the asset type corresponding to the asset information is a database server subtype, a "source" is automatically generated: any "-" purpose: server IP "-" action: and (3) allowing a strategy, and automatically starting safety protection engines such as intrusion prevention, virus protection, stiff wood vermicular protection, database protection and the like. The database protection can effectively protect the database server.
In an embodiment of the present application, generating the security access control policy corresponding to the asset type and starting the security guard engine corresponding to the asset type may include:
and under the condition that the asset type is a WEB server subtype, generating a preset security access control strategy and starting a security protection engine containing website intrusion prevention.
Specifically, the preset security access policy is "source: any "-" purpose: server IP "-" action: an allowed policy. It can be appreciated that when the asset type corresponding to the asset information is a sub type of the WEB server, a "source" is automatically generated: any "-" purpose: server IP "-" action: and (3) allowing a strategy, and automatically starting security protection engines such as intrusion prevention, virus protection, stiff wood vermicular protection, website intrusion prevention and the like. The Web server can be effectively protected by the intrusion prevention of the website.
In an embodiment of the present application, generating the security access control policy corresponding to the asset type and starting the security guard engine corresponding to the asset type may include:
and under the condition that the asset type is a preset server subtype, generating a preset security access control strategy and starting a security protection engine comprising intrusion prevention, virus protection and stiff wood vermicular protection.
Specifically, the preset server subtype is also called other server subtype, and the preset security access policy is "source: any "-" purpose: server IP "-" action: an allowed policy. It will be appreciated that when the asset type corresponding to the asset information is a preset server subtype, a "source" is automatically generated: any "-" purpose: server IP "-" action: and (3) allowing a strategy, and automatically starting a safety rule base such as intrusion prevention, virus protection, stiff wood vermicular protection and the like.
Therefore, the firewall automatically generates a strategy according to the identified server asset and starts up the IPS, WAF, AV, SQP, TVD security protection engine, the effect of automatically protecting the server at the key point of the user network boundary can be achieved, manual participation is not needed, and the operation and maintenance workload is reduced.
It will be appreciated that in the case of asset types being terminal type, network device type and preset type, the security protection policy is not opened by default.
In an embodiment of the present application, the method may further include:
and adjusting the security access control strategy according to the instruction sent by the client.
Specifically, to ensure flexibility of the security access control policy, the user may adjust the automatically generated security policy according to the actual situation. When receiving an instruction for adjusting the security access control policy sent by the client, adjusting the current security access control policy according to the instruction.
Fig. 2 is a flowchart of a method for automatically protecting server assets according to an embodiment of the present application. As shown in fig. 2, an embodiment of the present application provides a method for automatically protecting a server asset, which may include:
s1, starting asset identification;
s2, judging a server sub-type to which the asset type belongs under the condition that the asset type is identified as the server type; if the server sub-type is the database server sub-type, the method enters S3, if the server sub-type is the preset server sub-type, the method enters S4, and if the server sub-type is the WEB server sub-type, the method enters S5;
s3, automatically generating a strategy, and starting IPS, AV, TVD and SQP; s6, entering a step S;
s4, automatically generating a strategy, and starting IPS, AV and TVD; s6, entering a step S;
s5, automatically generating a strategy, and starting IPS, AV, TVD and WAF; s6, entering a step S;
s6, ending.
Wherein the other servers are preset server sub-types in the application. The automatically generated policy is "source: any "-" purpose: server IP "-" action: an allowed policy.
In a specific embodiment of the present application, an application of the method for automatically protecting a server asset is illustrated, where the application is as follows:
the access address of the user A through the firewall is as follows: 192.168.10.1, the firewall grabs the corresponding data traffic.
The firewall data analysis module analyzes the flow flowing through the firewall, identifies the access destination address as 192.168.10.1, and further captures asset information as follows: asset information IP address 192.168.10.1, operating system redhat7.1, application version weblog 10.3.6.0.
And comparing the firewall asset resource pool information with the firewall asset resource pool information, judging the new asset, classifying the new asset into a server-WEB server type, and adding the new asset into the firewall asset information.
Automatically generating a security policy on the firewall for the newly added asset: source address (any), destination address (192.168.10.1), action (allow), security engine (intrusion prevention (IPS), virus protection (AV), stiff wood vermicular protection (TVD), website intrusion prevention (WAF)), etc. The security protection engine opened for the server can be seen in the final policy list.
Therefore, the user network assets are automatically identified and classified in detail by means of passive traffic, the server assets can be further subdivided into database server types and WEB server types, and operation and maintenance personnel are not required to manually add the assets and the server classifications, so that operation and maintenance are simplified. Different security protection engine strategies can be automatically started aiming at different types of servers, so that the servers can be effectively protected. The automatic generation of the access control strategy is beneficial to avoiding errors caused by manual strategy addition and mismatch of a security protection engine, and reduces the operation and maintenance management difficulty.
Fig. 3 is a block diagram of an apparatus for automatically protecting a network asset according to an embodiment of the present application. As shown in fig. 3, an apparatus for automatically protecting a network asset according to an embodiment of the present application may include:
a memory 310 configured to store instructions; and
processor 320 is configured to invoke instructions from memory 310 and to implement the method of network asset auto-protection described above when the instructions are executed.
Specifically, in embodiments of the present application, processor 320 may be configured to:
constructing a preset network asset type library;
under the condition that the flow data is detected to pass through the firewall, grabbing and matching the flow data to identify network asset information in the flow data;
matching a preset network asset type library according to the packet header information of the flow data to determine the asset type of the network asset information;
and generating a security access control policy corresponding to the asset type and starting a security protection engine corresponding to the asset type.
Further, the processor 320 may be further configured to:
determining the asset type as the server type under the condition that the packet header information of the flow data is matched with the server type operating system;
under the condition that the packet header information of the flow data is matched with a terminal type operating system, determining the asset type as the terminal type;
under the condition that the packet header information of the flow data is matched with the network equipment operating system, determining the asset type as the network equipment type;
and determining the asset type as a preset type in the case that the packet header information of the flow data is matched with other operating systems or is not matched with the operating systems.
In an embodiment of the present application, the server type includes a plurality of sub-types, and in the case where the asset type is a server type, the processor 320 may be further configured to:
acquiring application software information in a packet header field of flow data;
application software information is matched and identified to determine the subtype to which the asset type belongs.
Further, the processor 320 may be further configured to:
judging that the asset type is a database server subtype under the condition that the application software information is matched with the database software or identified as a database protocol;
under the condition that the application software information is matched with middleware or identified as HTTP protocol, judging that the belonged asset type is a WEB server subtype;
and judging that the asset type is a preset server subtype under the condition that the application software information is matched with other application software or is not matched with the application software.
Further, the processor 320 may be further configured to:
and under the condition that the asset type is a database server subtype, generating a preset security access control strategy and starting a security protection engine containing database protection.
Further, the processor 320 may be further configured to:
and under the condition that the asset type is a WEB server subtype, generating a preset security access control strategy and starting a security protection engine containing website intrusion prevention.
Further, the processor 320 may be further configured to:
and under the condition that the asset type is a preset server subtype, generating a preset security access control strategy and starting a security protection engine comprising intrusion prevention, virus protection and stiff wood vermicular protection.
Further, the processor 320 may be further configured to:
and adjusting the security access control strategy according to the instruction sent by the client.
Through the technical scheme, a preset network asset type library is firstly constructed; under the condition that the flow data is detected to pass through the firewall, grabbing and matching the flow data to identify network asset information in the flow data; then matching a preset network asset type library according to the packet header information of the flow data to determine the asset type of the network asset information; and finally, generating a security access control strategy corresponding to the asset type and starting a security protection engine corresponding to the asset type. According to the method and the system, the network asset types can be classified in detail through the preset network asset type library, and then the access control strategy is automatically generated and the corresponding safety protection engine is configured according to the asset types of the network assets, so that the operation and maintenance are simplified, and the safety of the omnibearing protection server is guaranteed.
Embodiments of the present application also provide a machine-readable storage medium having stored thereon instructions for causing a machine to perform the above-described method of network asset auto-protection.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.

Claims (10)

1. A method for automatically protecting a network asset, comprising:
constructing a preset network asset type library;
under the condition that the flow data is detected to pass through a firewall, grabbing and matching are carried out on the flow data so as to identify network asset information in the flow data;
matching the preset network asset type library according to the packet header information of the flow data to determine the asset type of the network asset information;
and generating a security access control strategy corresponding to the asset type and starting a security protection engine corresponding to the asset type.
2. The method of claim 1, wherein said matching the library of preset network asset types based on header information of the traffic data to determine asset types of the network asset information comprises:
determining the asset type as a server type under the condition that the packet header information of the flow data is matched with a server type operating system;
under the condition that the packet header information of the flow data is matched with a terminal type operating system, determining the asset type as a terminal type;
determining the asset type as a network equipment type under the condition that the packet header information of the flow data is matched with a network equipment operating system;
and determining the asset type as a preset type under the condition that the packet header information of the flow data is matched with other operating systems or is not matched with the operating systems.
3. The method of claim 2, wherein the server type includes a plurality of sub-types, and wherein in the event the asset type is a server type, the method further comprises:
acquiring application software information in a packet header field of the flow data;
and matching and identifying the application software information to determine the subtype to which the asset type belongs.
4. The method of claim 3, wherein said matching and identifying the application software information to determine the subtype to which the asset type belongs comprises:
judging that the asset type is a database server subtype under the condition that the application software information is matched with database software or identified as a database protocol;
judging that the belonged asset type is a WEB server subtype under the condition that the application software information is matched with middleware or identified as HTTP protocol;
and judging that the asset type is a preset server subtype under the condition that the application software information is matched with other application software or is not matched with the application software.
5. The method of claim 4, wherein generating a security access control policy corresponding to the asset type and turning on a security guard engine corresponding to the asset type comprises:
and under the condition that the asset type is a database server subtype, generating a preset security access control strategy and starting a security protection engine containing database protection.
6. The method of claim 4, wherein generating a security access control policy corresponding to the asset type and turning on a security guard engine corresponding to the asset type comprises:
and under the condition that the asset type is a WEB server subtype, generating a preset security access control strategy and starting a security protection engine containing website intrusion prevention.
7. The method of claim 4, wherein generating a security access control policy corresponding to the asset type and turning on a security guard engine corresponding to the asset type comprises:
and under the condition that the asset type is a preset server subtype, generating a preset security access control strategy and starting a security protection engine comprising intrusion prevention, virus protection and stiff wood vermicular protection.
8. The method according to claim 1, wherein the method further comprises:
and adjusting the security access control strategy according to the instruction sent by the client.
9. An apparatus for automatically protecting a network asset, comprising:
a memory configured to store instructions; and
a processor configured to invoke the instructions from the memory and to enable, when executing the instructions, the method of network asset auto-protection according to any of claims 1 to 8.
10. A machine-readable storage medium having stored thereon instructions for causing a machine to perform the method of network asset autoprotection according to any one of claims 1 to 8.
CN202311562140.3A 2023-11-21 2023-11-21 Method, device and machine-readable storage medium for automatically protecting network assets Pending CN117499140A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311562140.3A CN117499140A (en) 2023-11-21 2023-11-21 Method, device and machine-readable storage medium for automatically protecting network assets

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311562140.3A CN117499140A (en) 2023-11-21 2023-11-21 Method, device and machine-readable storage medium for automatically protecting network assets

Publications (1)

Publication Number Publication Date
CN117499140A true CN117499140A (en) 2024-02-02

Family

ID=89668981

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311562140.3A Pending CN117499140A (en) 2023-11-21 2023-11-21 Method, device and machine-readable storage medium for automatically protecting network assets

Country Status (1)

Country Link
CN (1) CN117499140A (en)

Similar Documents

Publication Publication Date Title
US10264104B2 (en) Systems and methods for malicious code detection accuracy assurance
US10887330B2 (en) Data surveillance for privileged assets based on threat streams
EP3588898B1 (en) Defense against apt attack
US20160127417A1 (en) Systems, methods, and devices for improved cybersecurity
Singh et al. Analysis of host-based and network-based intrusion detection system
CN113660224A (en) Situation awareness defense method, device and system based on network vulnerability scanning
US20220070185A1 (en) Method for responding to threat transmitted through communication network
RU2661533C1 (en) System and method of detecting the signs of computer attacks
US20170155683A1 (en) Remedial action for release of threat data
KR101768079B1 (en) System and method for improvement invasion detection
CN113411297A (en) Situation awareness defense method and system based on attribute access control
Feng et al. Defense-in-depth security strategy in LOG4J vulnerability analysis
KR101767591B1 (en) System and method for improvement invasion detection
CN110086812B (en) Safe and controllable internal network safety patrol system and method
CN117499140A (en) Method, device and machine-readable storage medium for automatically protecting network assets
Hatada et al. Finding new varieties of malware with the classification of network behavior
Nilsson et al. Vulnerability scanners
KR20100067383A (en) Server security system and server security method
Stawowski Dilemmas of a Security Architect: How to Protect Critical Systems without Disrupting Continuity of Their Services.
Penwell Security Is Not Built in a Day
US11968218B2 (en) Systems and methods for contextually securing remote function calls
US20230164170A1 (en) Automatic Vulnerability Mitigation in Cloud Environments
Haakila Implementing Security Monitoring at Small and Medium sized Businesses
Haddon Attack Vectors and the Challenge of Preventing Data Theft
WO2023128976A1 (en) A network protection system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination