CN1794718A - Linkage protocol of network safety equipment - Google Patents
Linkage protocol of network safety equipment Download PDFInfo
- Publication number
- CN1794718A CN1794718A CNA2005100227872A CN200510022787A CN1794718A CN 1794718 A CN1794718 A CN 1794718A CN A2005100227872 A CNA2005100227872 A CN A2005100227872A CN 200510022787 A CN200510022787 A CN 200510022787A CN 1794718 A CN1794718 A CN 1794718A
- Authority
- CN
- China
- Prior art keywords
- message
- client
- server
- protocol
- network safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
This invention relates to a linkage protocol for a network security device realized by the following steps: 1, taking a fire wall of a serial device as a server to operate on the linkage protection program of the device and monitor security requests sent from the customer end, 2, taking a parallel device as the customer emd and arranging the communication software of the customer end, 3, after the serial device receives the linkage message, it analyzes it to get a process method and executes related actions or related modification.
Description
Technical field:
The present invention relates to the network security technology field, be specifically related to a kind of linkage protocol of network safety equipment.
Background technology:
Usually as main series connection safety means, fire compartment wall is with a kind of safety of passive relatively mode protecting network, promptly can only filter according to the packet of system manager's preset rule to process.Along with the continuous development of network security technology and the further refinement of safety product classification, safety means such as special Network Intrusion Detection System (IDS), information content audit system and viral detection system arise at the historic moment.Intruding detection system (IDS) can be found the unsafe acts in the network at any time, but because their access networks in parallel, therefore, can only find invasion and reports to the police, but can not in time make blocking reaction to the unsafe acts of discovery; The virus detection system can detect the existence of the virus in the network, and killing virus, but it can not will effectively be isolated by virus infections subnet and not infected subnet, and then the propagation of containment virus.
Summary of the invention:
The present invention will provide a kind of linkage protocol of network safety equipment, can not in time make blocking reaction with what overcome that prior art exists to the unsafe acts of finding, and the shortcoming that will effectively be isolated by virus infections subnet and not infected subnet when can not the virus in detecting network existing.
For overcoming the problem that prior art exists, technical scheme of the present invention is:
A kind of linkage protocol of network safety equipment, realize by following step:
Step 1: with the series devices fire compartment wall as server, safety of operation interlock finger daemon, the security request that real-time listening is sent here from client's hold-carrying;
Step 2: with equipment in parallel as client, and deploying client communication software; Client is done preliminary treatment with the security incident of finding, does the interlock processing or needs server to do the corresponding configuration request as need, and then the message format according to the linkage protocol regulation sends the interlock message to server; Before message sends, need at first carry out verification process, to confirm the legitimacy of client, simultaneously, the communication between service end and the client is encrypted;
Step 3: series devices is resolved it after receiving the interlock message, obtains the processing method of incident, and carries out corresponding action or make corresponding configuration modification.
Equipment in parallel described in the above-mentioned steps two is intruding detection system, information audit system or viral detection system etc.They all are the safety means that are deployed in network internal, and these equipment only possess the functions such as monitoring, warning and audit of network.
Message format definition described in the above-mentioned steps two is: be divided into header and message text two parts, what header was described is the relevant information of Message Protocol, and it comprises agreement, version, length, sign and the checksum field of message; Message text is divided into message commands head and command parameter tabulation or echo message two parts again, what it was described is that target connects the relevant information that specific instructions is carried out, and has comprised the concrete operations of request fire compartment wall execution and the echo message of parameter list or server.
Message format described in the above-mentioned steps two is:
Use Transmission Control Protocol to communicate in the above-mentioned steps one between the client and server, the open particular port (5050) of server end, the security request that real-time listening sends from client.
Employed data message adopts authentication and the encryption mechanism based on SSL in the above-mentioned steps one; After client and server connected in the described step 2, client can send message information to server, and a connection can send many message informations continuously, was closed until this connection; If client (defaults to 30 seconds) and no longer sends message information after sending the last item message information in time-out time, then the client automatic disconnection should connect; When having message to send thereafter again, rebulid connection.Can effectively guarantee the confidentiality and integrity of data like this.
Compared with prior art, advantage of the present invention is:
The present invention adopts a kind of interaction protocol between in parallel and series connection safety means; attack link information that equipment handle in parallel is found or the target link information that comprises virus report to series devices such as fire compartment wall or security gateway; series devices just can in time connect this target takes measures areput; it is blocked or abandons; realize the interlock of a plurality of safety means, make network can access more powerful dynamic protection.
The present invention can provide interlock blocking-up/interlock authentication/load balancing/two-node cluster hot backup/services such as system core state data acquisition.Make fire compartment wall, various safety products such as network security management system make up solid, distributed security protection network fast, fully guarantee network security.Adopt simple and reliable authentication and encryption method, can guarantee the reliability and the fail safe of intersystem communications.
Interlock of the present invention is the mechanism of a kind of information mutual communication between the safety product in essence, and it gives relevant safety system with security incident announcement in time, helps from the threat of global scope assessment security incident, and takes action in position.According to the product of this protocol development, can realize mutual interlock.These safety means not only are confined between fire compartment wall and the intrusion detection; can also be applied to much other safety components; as auditing system, the host computer system that needs safeguard protection, operation system; and the network equipment of other types or the like; as long as at certain node security incident has taken place; just can present event be passed to relevant system, and take action in position by this agreement.
Another characteristics of the present invention are the virus in detecting network when existing, not only can killing viruses, and can effectively be isolated by virus infections subnet and not infected subnet, and then the propagation of containment virus.
Description of drawings:
Accompanying drawing is a typical applied environment schematic diagram.
Embodiment:
To specific implementation of the present invention be described by a typical applied environment below.
Referring to accompanying drawing, fire compartment wall is connected on the network, and antivirus server, intruding detection system then are connected in parallel on the network.
Step of the present invention is:
(1) the series devices fire compartment wall is as server, safety of operation interlock client finger daemon; Server end open port (5050), and operation SSL service end software, the security request that real-time listening sends from client;
(2) antivirus server, these equipment in parallel of intruding detection system are monitored the operation conditions of internal network in real time, and adopt the unusual incident of various mode " judgement ", when finding the network unusual condition, antivirus server, intruding detection system send the interlock message to gateway, firewall system when giving the alarm.In message, comprise the method and the action of various execution, before transmission, will do the affirmation of corresponding identity; Message format wherein is as follows,
(3) gateway, firewall system be after receiving the interlock message, judges after its legitimacy its parsing is extracted execution information, and made corresponding actions, realizes interlock.
It should be noted last that: above execution mode is the unrestricted technical scheme of the present invention in order to explanation only, although the present invention is had been described in detail with reference to above-mentioned execution mode, those of ordinary skill in the art is to be understood that: still can make amendment or be equal to replacement the present invention, and any modification that does not break away from the spirit and scope of the present invention is replaced with local, and it all should be encompassed in the claim scope of the present invention.
Claims (6)
1, a kind of linkage protocol of network safety equipment is realized by following step,
Step 1: with series devices as server, safety of operation interlock finger daemon, the security request that real-time listening sends from client;
Step 2: with equipment in parallel as client, and deploying client communication software; Client is done preliminary treatment with the security incident of finding, does the interlock processing or needs server to do the corresponding configuration request as need, and then the message format according to the linkage protocol regulation sends the interlock message to server; Before message sends, need at first carry out verification process, to confirm the legitimacy of client, simultaneously, the communication between service end and the client is encrypted;
Step 3: series devices is resolved it after receiving the interlock message, obtains the processing method of incident, and carries out corresponding action or make corresponding configuration modification.
2, a kind of linkage protocol of network safety equipment as claimed in claim 1 is characterized in that: the equipment in parallel described in the described step 2 is intruding detection system, information audit system or viral detection system.
3, a kind of linkage protocol of network safety equipment as claimed in claim 1 or 2, it is characterized in that: the message format definition described in the described step 2 is, be divided into header and message text two parts, what header was described is the relevant information of Message Protocol, and it comprises agreement, version, length, sign and the checksum field of message; Message text is divided into message commands head and command parameter tabulation or echo message two parts again, what it was described is that target connects the relevant information that specific instructions is carried out, and has comprised the concrete operations of request fire compartment wall execution and the echo message of parameter list or server.
4, a kind of linkage protocol of network safety equipment as claimed in claim 3 is characterized in that:
Message format described in the described step 2 is,
5, a kind of linkage protocol of network safety equipment as claimed in claim 4, it is characterized in that: use Transmission Control Protocol to communicate in the described step 1 between the client and server, the open particular port (5050) of server end, the security request that real-time listening sends from client.
6, a kind of linkage protocol of network safety equipment as claimed in claim 5 is characterized in that: employed data message adopts authentication and the encryption mechanism based on SSL in the described step 1; After client and server connected in the described step 2, client can send message information to server, and a connection can send many message informations continuously, was closed until this connection; If client (defaults to 30 seconds) and no longer sends message information after sending the last item message information in time-out time, then the client automatic disconnection should connect; When having message to send thereafter again, rebulid connection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2005100227872A CN1794718A (en) | 2005-12-31 | 2005-12-31 | Linkage protocol of network safety equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2005100227872A CN1794718A (en) | 2005-12-31 | 2005-12-31 | Linkage protocol of network safety equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1794718A true CN1794718A (en) | 2006-06-28 |
Family
ID=36805985
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2005100227872A Pending CN1794718A (en) | 2005-12-31 | 2005-12-31 | Linkage protocol of network safety equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1794718A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101252487B (en) * | 2008-04-11 | 2010-12-22 | 杭州华三通信技术有限公司 | Method for processing safety warning and safety policy equipment |
| CN105491009A (en) * | 2015-11-20 | 2016-04-13 | 西安交大捷普网络科技有限公司 | Vulnerability scanning cooperation method based on new communication protocol |
| CN106330483A (en) * | 2015-06-18 | 2017-01-11 | 中兴通讯股份有限公司 | Information acquiring method, client device and server device |
-
2005
- 2005-12-31 CN CNA2005100227872A patent/CN1794718A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101252487B (en) * | 2008-04-11 | 2010-12-22 | 杭州华三通信技术有限公司 | Method for processing safety warning and safety policy equipment |
| CN106330483A (en) * | 2015-06-18 | 2017-01-11 | 中兴通讯股份有限公司 | Information acquiring method, client device and server device |
| CN106330483B (en) * | 2015-06-18 | 2021-04-06 | 中兴通讯股份有限公司 | Information acquisition method, client device and server device |
| CN105491009A (en) * | 2015-11-20 | 2016-04-13 | 西安交大捷普网络科技有限公司 | Vulnerability scanning cooperation method based on new communication protocol |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8245297B2 (en) | Computer security event management system | |
| US7725936B2 (en) | Host-based network intrusion detection systems | |
| KR20000072707A (en) | The Method of Intrusion Detection and Automatical Hacking Prevention | |
| WO2004084063A1 (en) | Method and system for preventing virus infection | |
| KR101553264B1 (en) | System and method for preventing network intrusion | |
| CN214306527U (en) | Gas pipe network scheduling monitoring network safety system | |
| Razumov et al. | Developing of algorithm of HTTP FLOOD DDoS protection | |
| CN111131168A (en) | Self-adaptive protection method based on Web application | |
| CN1794718A (en) | Linkage protocol of network safety equipment | |
| CN112671781A (en) | RASP-based firewall system | |
| CN110022319A (en) | Attack security isolation method, device, computer equipment and the storage equipment of data | |
| CN101453363A (en) | Network intrusion detection system | |
| CN1273911C (en) | Safeguard system and method for large and medium-sized inner network | |
| JP2008306610A (en) | Illicit intrusion/illicit software investigation system, and communicating switching device | |
| CN111464551A (en) | Network security analysis system | |
| JP2005071218A (en) | Unauthorized access defense system, policy management device, unauthorized access defense method, and program | |
| KR20050090640A (en) | A system and method for analyzing harmful traffic | |
| KR20050055996A (en) | Security information management and vulnerability analysis system | |
| KR20130033161A (en) | Intrusion detection system for cloud computing service | |
| Ye et al. | Research on network security protection strategy | |
| KR20080073112A (en) | Network security system and method for process thereof | |
| Raju et al. | Network Intrusion Detection System Using KMP Pattern Matching Algorithm | |
| CN112839031A (en) | Industrial control network security protection system and method | |
| KR100422807B1 (en) | Security gateway apparatus for controlling of policy-based network security and its proceeding method | |
| JP3446891B2 (en) | Monitoring system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20060628 |