WO2016062113A1 - Wireless network access security detection method and terminal - Google Patents

Wireless network access security detection method and terminal Download PDF

Info

Publication number
WO2016062113A1
WO2016062113A1 PCT/CN2015/082094 CN2015082094W WO2016062113A1 WO 2016062113 A1 WO2016062113 A1 WO 2016062113A1 CN 2015082094 W CN2015082094 W CN 2015082094W WO 2016062113 A1 WO2016062113 A1 WO 2016062113A1
Authority
WO
WIPO (PCT)
Prior art keywords
client
wireless network
security
information
access
Prior art date
Application number
PCT/CN2015/082094
Other languages
French (fr)
Chinese (zh)
Inventor
方明勇
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016062113A1 publication Critical patent/WO2016062113A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • This document relates to the technical field of detecting wireless network access security, and in particular to a method and terminal for detecting wireless network access security.
  • the operator access service is developing rapidly, the usage rate of the home terminal equipment is getting higher and higher, and the user group is also getting larger and larger.
  • the home terminal or the router basically supports the wireless network.
  • the function of access, but the security of the wireless network has always been a problem that needs to be paid attention to during the application process of the user. Because the key problem or some cracking technology causes the attack on the network and the WLAN side to occur, therefore, the wireless network Safety has become a prominent problem in use.
  • the main object of the present invention is to provide a method and terminal for detecting wireless network access security. It aims to solve the problem of illegal user access in wireless networks and improve the access security of wireless networks.
  • a method for detecting wireless network access security includes:
  • the network terminal When detecting the access of the wireless network client, the network terminal records the related information of the wireless network client that is accessed, and determines whether the related information of the wireless network client exists in the security client list, when the security client When the related information of the wireless network client does not exist in the list, the wireless network client is identified as a non-secure client;
  • the accessed wireless network client is updated to a secure client.
  • the method further includes: updating the accessed wireless network client to a locally maintained dangerous client. List
  • the step of updating the accessed wireless network client as a secure client when receiving the client security information confirmed by the management client includes: receiving client security confirmed by the management client When the information is received, the accessed wireless network client is updated to a locally maintained security client list, and the wireless network client confirming security is removed from the dangerous client list.
  • the step of sending the related information of the wireless network client to the management client includes:
  • the related information of the wireless network client is encapsulated into alarm information and sent to the management client, where the management client is installed with an APP for confirming whether the client is secure.
  • the alarm information is in a table field format; the alarm information includes: a MAC address, an access time, and/or an access duration of the wireless network client.
  • the method further includes:
  • the alarm information is pushed again when the to-be-managed client re-accesses.
  • the method before the step of the network terminal recording the information about the wireless network client that is accessed when the wireless network client access is detected, the method further includes:
  • the network terminal performs initial configuration, and the related information is configured on the network terminal, and the related information includes: information about the WAN connection, the SSID of the wireless network, the password configuration information, whether the security protection switch is enabled, and the management client.
  • MAC address information of the access includes: information about the WAN connection, the SSID of the wireless network, the password configuration information, whether the security protection switch is enabled, and the management client.
  • a terminal for detecting wireless network access security includes a detection module, an alarm module, and an update module, wherein:
  • the detecting module is configured to: when detecting the access of the wireless network client, record related information of the accessed wireless network client, and determine whether the wireless is present in the security client list. Corresponding information of the network client, when the information about the wireless network client does not exist in the security client list, identifying the wireless network client as a non-secure client;
  • the alarm module is configured to: send related information of the wireless network client to a management client;
  • the update module is configured to: when the client security information confirmed by the management client is received, update the accessed wireless network client as a secure client.
  • the detecting module is further configured to: update the wireless network client confirmed as the non-secure client to the locally maintained dangerous client list;
  • the update module is further configured to: when receiving the client security information confirmed by the management client, update the accessed wireless network client to a locally maintained security client list, and from the danger The client list removes the wireless network client that confirms security.
  • the alarm module is further configured to: initiate a socket connection with the management client when detecting that the management client's MAC address is accessed to the network terminal; after the socket connection is successfully established Encapsulating related information of the wireless network client as alarm information is sent to the management client, and the management client is installed with a function for confirming whether the client is a secure APP.
  • the alarm module is further configured to: if the client security information confirmed by the management client is not received within a predetermined time, the alarm information is pushed again when the to-be-managed client re-accesses.
  • the terminal further includes a configuration module, where:
  • the configuration module is configured to: perform initialization configuration on the terminal, and configure related information on the network terminal, where the related information includes: related information of the WAN connection, wireless network SSID, password configuration information, and whether the security is enabled. Protection switch, and management MAC address information for client access.
  • a computer program comprising program instructions that, when executed by a terminal, cause the terminal to perform any of the above methods of detecting wireless network access security.
  • a method and a terminal for detecting wireless network access security when detecting a wireless network client access, the network terminal records related information of the accessed wireless network client, and compares the security client.
  • the end list when the information about the wireless network client does not exist in the security client list, the wireless network client is identified as a non-secure client; the related information of the wireless network client is sent to the management client;
  • the wireless network client that has been accessed is updated to be a secure client, so that the attack on the WLAN side and the illegal access can be grasped at any time, and the security risk is lowered. To the lowest.
  • FIG. 1 is a schematic flow chart of an embodiment of a method for detecting wireless network access security according to the present invention
  • FIG. 2 is a networking diagram of an application of a related art wireless network terminal device
  • FIG. 3 is a schematic diagram of a specific process of an embodiment of the present invention.
  • FIG. 4 is a schematic flow chart of another embodiment of a method for detecting wireless network access security according to the present invention.
  • FIG. 5 is a schematic diagram of functional modules of an embodiment of a terminal for detecting wireless network access security according to the present invention.
  • FIG. 6 is a schematic diagram of functional modules of another embodiment of a terminal for detecting wireless network access security according to the present invention.
  • the solution of the embodiment of the present invention is mainly: when the network terminal detects that there is a wireless network client access, the related information of the accessed wireless network client is recorded, and the security client list is compared in the security client list.
  • the wireless network client is identified as a non-secure client; the related information of the wireless network client is sent to the management client; when the management client is received, the confirmation is received.
  • the client security information is updated, the accessed wireless network client is updated to a secure client, so that the WLAN side attack and illegal access can be grasped at any time, and the security risk is minimized.
  • an embodiment of the present invention provides a method for detecting wireless network access security, including:
  • Step S101 The network terminal records the related information of the accessed wireless network client when the wireless network client access is detected, and compares the security client list, when the wireless network client does not exist in the security client list. Identifying the wireless network client as a non-secure client when the related information is end;
  • the method operating environment of this embodiment relates to a wireless network, and particularly relates to a home wireless network terminal system, including a home gateway or a small router for home or enterprise, and the terminal system has a wifi wireless network.
  • FIG. 2 is a network diagram of an application of a related wireless network terminal device.
  • the WAN side and the LAN side are included, wherein the WAN side is used to access the carrier network, and the general WAN side can reduce the risk of security attacks by turning on the firewall.
  • the LAN side is divided into wired (accessing the PC) and WLAN, and the attack on the LAN side mainly comes from the WLAN.
  • the WLAN wireless network can encrypt or set a relatively complicated wireless password
  • the encryption method is set to prevent unauthorized users from accessing.
  • the cracking technology has been updated. If some illegal users crack the password and access the WALN network, with the current technology, users or administrators who are normally authorized to use it are not easy to find, only discover network congestion or other problems during use. When you are concerned, you will be concerned about whether there is a network or an attack.
  • the attack identification or the network identification is completed through the system of the home gateway (or router) + APP with wifi, and the attack on the WLAN side and the illegal access can be grasped at any time, and the security risk is minimized.
  • the network terminal when initializing the configuration, sets related information of the router WAN connection, configuration information such as the SSID and password of the wireless network, and sets whether to open the security protection switch.
  • the MAC address information of the management client (administrator side) needs to be set on the home network terminal, and one or more management client MAC address information can be set.
  • the home network terminal monitors whether it is real-time. There is wireless network client access.
  • the home network terminal When the wireless network client access is detected, the home network terminal records related information such as the MAC address, the access time, and/or the access duration of the accessed wireless network client.
  • the wireless network client is identified as a non-secure client.
  • the process of device initialization is turned on.
  • the above three tables may be empty or may contain one or more records.
  • the administrator information table and the security client list include fields that identify client information, such as a client MAC address.
  • the dangerous client list contains fields that identify client information, such as the client MAC address, as well as time information to access the device.
  • the above three table information will be updated, wherein: the dangerous client list of the device is updated, and the MAC address of the current dangerous client access is recorded, and the access is recorded. Information such as time, the incoming wireless network client is updated as a dangerous client to the list of dangerous clients maintained locally.
  • the home network terminal device queries the dangerous client list. If the table record is empty, it means that there is no dangerous client access, and the process exits; if the table record is not empty, it indicates that there is dangerous client access, and the home network terminal device will The security administrator information table is detected, and the client MAC information of the security administrator is queried, so that when the security management client accesses the device, the related information of the dangerous client is sent to the security management client.
  • Step S102 sending related information of the wireless network client to the management client;
  • the home network terminal After detecting the security management client access device, the home network terminal sends related information such as the MAC address, the access time, and/or the access duration of the wireless network client to the management client as the alarm information.
  • the security management client When the security management client accesses the device, it sends an alert to the APP application of the security management client to the dangerous account.
  • the alarm information includes the MAC information and access time of the dangerous client.
  • the home network terminal initiates a socket connection with the management client when detecting that the management client's MAC address is accessed to the home network terminal.
  • the home network terminal After the socket connection is successfully established, the home network terminal encapsulates the related information of the wireless network client into alarm information and sends the information to the management client, where the management client is installed with a corresponding APP.
  • the alarm information may be encapsulated into a format that facilitates interaction with the mobile phone client, and uses a table field format, which may include a client MAC address, an access time, an access time, and the like, as shown in Table 1 below:
  • Step S103 When receiving the client security information confirmed by the management client, update the accessed wireless network client as a security client.
  • the home network terminal When receiving the client security information confirmed by the management client, the home network terminal updates the security client list, updates the accessed wireless network client to the locally maintained security client list, and moves from the dangerous client list. In addition to confirming the security of the wireless network client. Subsequently, when the management client takes corresponding measures, such as resetting the wifi password on the home network terminal, after the home network terminal is powered on or restarted again, the home network terminal will clear the dangerous client list, or the family. If the network terminal does not detect the dangerous client that was last accessed, the corresponding dangerous client is removed from the dangerous client list.
  • the alarm information is pushed again when the to-be-managed client re-accesses.
  • the implementation process on the home network terminal is as follows:
  • These three tables can be empty or contain one or more records.
  • the administrator information table and the security client list include fields that identify client information, such as a client MAC address.
  • the Dangerous Clients list contains fields that identify client information, such as client MAC addresses, as well as time information to access the device.
  • the above three table information will be updated, wherein: the dangerous client list of the device is updated, and the MAC address of the current dangerous client access is recorded, and the MAC address is accessed. Information such as time of entry;
  • the device queries the dangerous client record table. If the table record is empty, it means that there is no dangerous client access, and the process exits; if the table record is not empty, it indicates that there is dangerous client access, and the device will detect security management.
  • Member information table query the client MAC information of the security administrator.
  • the alarm is sent to the APP application of the security management client, and the alarm information includes the MAC information and access time of the dangerous client.
  • step 15 The security detection module of the home network terminal, if the confirmation message of the dangerous client list fed back by the security client is not received within a certain period of time, the process proceeds to step 14, and the security administrator client re-accesses the device again. Push. If you receive confirmation of the list of dangerous clients that the security client is responding to, the process proceeds to step 11, updating the list of secure clients and clearing the identified dangerous clients.
  • the network terminal when the network terminal detects that there is a wireless network client access, the network terminal records related information of the accessed wireless network client, and identifies the non-secure client; and associates the wireless network client.
  • the information transmission management client when receiving the client security information confirmed by the management client, updating the accessed wireless network client as a security client, thereby grasping the attack and the illegality on the WLAN side at any time Access to minimize security risks.
  • another embodiment of the present invention provides a method for detecting wireless network access security.
  • the network terminal detects that there is a wireless network client access
  • the network access is recorded.
  • the steps for information about the wireless network client also include:
  • Step S100 The network terminal performs initial configuration, and the related information is configured on the network terminal.
  • the embodiment further includes a solution for initial configuration of the network terminal.
  • the network terminal when initializing the configuration, sets the router WAN connection related information and the wireless network SSID, password and other configuration information, and sets whether to open the security protection switch.
  • the MAC address information of the management client (administrator side) needs to be set on the home network terminal, and one or more management client MAC address information can be set.
  • the initial configuration of the network terminal is implemented by the foregoing solution.
  • an embodiment of the present invention provides a terminal for detecting wireless network access security, including: a detection module 201, an alarm module 202, and an update module 203, where:
  • the detecting module 201 is configured to: when the wireless network client access is detected, record related information of the accessed wireless network client, compare the security client list, and the wireless client does not exist in the security client list. Identifying the wireless network client as a non-secure client when the network client has relevant information;
  • the alarm module 202 is configured to: send related information of the wireless network client to the management client;
  • the update module 203 is configured to: when receiving the client security information confirmed by the management client, update related information of the accessed wireless network client to a security client.
  • the terminal in this embodiment includes, but is not limited to, a home gateway or a small router for home or business, and the terminal system has a wifi wireless network.
  • FIG. 2 is a network diagram of an application of a related wireless network terminal device.
  • the WAN side and the LAN side are included, wherein the WAN side is used to access the carrier network, and the general WAN side can reduce the risk of security attacks by turning on the firewall.
  • the LAN side is divided into wired (accessing the PC) and WLAN, and the attack on the LAN side mainly comes from the WLAN.
  • the WLAN wireless network can encrypt or set a relatively complicated wireless password
  • the encryption method is set to prevent unauthorized users from accessing.
  • the cracking technology has been updated. If some illegal users crack the password and access the WALN network, with the current technology, users or administrators who are normally authorized to use it are not easy to find, only discover network congestion or other problems during use. When you are concerned, you will be concerned about whether there is a network or an attack.
  • the attack identification or the network identification is completed through the system of the home gateway (or router) + APP with wifi, and the attack on the WLAN side and the illegal access can be grasped at any time, and the security risk is minimized.
  • the network terminal when initializing the configuration, sets related information of the router WAN connection, configuration information such as the SSID and password of the wireless network, and sets whether to open the security protection switch.
  • the MAC address information of the management client (administrator side) needs to be set on the home network terminal, and one or more management client MAC address information can be set.
  • the detection module 201 of the home network terminal monitors in real time whether there is a wireless network client access.
  • the detecting module 201 records related information such as the MAC address, the access time, and/or the access duration of the accessed wireless network client when the wireless network client access is detected. Comparing the security client list, when the information about the wireless network client does not exist in the security client list, the wireless network client is identified as a non-secure client.
  • the process of device initialization is turned on.
  • the above three tables may be empty or may contain one or more records.
  • the administrator information table and the security client list include fields that identify client information, such as a client MAC address.
  • the dangerous client list contains fields that identify client information, such as the client MAC address, as well as time information to access the device.
  • the above three table information will be updated, wherein: the dangerous client list of the device is updated, and the MAC address of the current dangerous client access is recorded, and the access is recorded. Information such as time, the incoming wireless network client is updated as a dangerous client to the list of dangerous clients maintained locally.
  • the home network terminal device queries the dangerous client list. If the table record is empty, it means that there is no dangerous client access, and the process exits; if the table record is not empty, it indicates that there is dangerous client access, and the home network terminal device will The security administrator information table is detected, and the client MAC information of the security administrator is queried, so that when the security management client accesses the device, the related information of the dangerous client is sent to the security management client.
  • the alarm module 202 of the home network terminal After detecting the security management client access device, the alarm module 202 of the home network terminal sends related information such as the MAC address, the access time, and/or the access duration of the wireless network client to the management client as the alarm information.
  • the alarm module 202 pushes the alarm of the dangerous account to the APP application of the security management client, and the alarm information includes the MAC information and the access time of the dangerous client.
  • the alarm module 202 of the home network terminal initiates a socket connection with the management client when detecting that the management client's MAC address is accessed to the home network terminal.
  • the alarm module 202 of the home network terminal encapsulates the related information of the wireless network client into alarm information and sends the information to the management client, where the management client is installed with a corresponding APP.
  • the alarm information can be encapsulated in a table field format, including the client MAC address, access time, access time, and the like, as shown in Table 1 above:
  • the update module 301 of the home network terminal updates the security client list, updates the accessed wireless network client to the locally maintained security client list, and is dangerous
  • the client list removes the wireless network client that confirms security. Subsequently, when the management client takes corresponding measures, such as resetting the wifi password on the home network terminal, the home network terminal is restarted after the home network terminal is powered on or restarted.
  • the dangerous client list will be emptied, or if the home network terminal does not detect the dangerous client that was last accessed, the corresponding dangerous client is removed from the dangerous client list.
  • the alarm information is pushed again when the to-be-managed client re-accesses.
  • the network terminal when the network terminal detects that there is a wireless network client access, the network terminal records related information of the accessed wireless network client, and identifies the non-secure client; and associates the wireless network client.
  • the information transmission management client when receiving the client security information confirmed by the management client, updating the accessed wireless network client as a security client, thereby grasping the attack and the illegality on the WLAN side at any time Access to minimize security risks.
  • another embodiment of the present invention provides a terminal for detecting wireless network access security.
  • the configuration module 200 is configured to: perform initial configuration on the terminal, and configure related information on the network terminal, where the related information includes: information about the WAN connection, the SSID of the wireless network, and the password configuration information, whether the security is enabled. Protection switch, and management MAC address information for client access.
  • the embodiment further includes a solution for initial configuration of the network terminal.
  • the network terminal when initializing the configuration, sets the router WAN connection related information and the wireless network SSID, password and other configuration information, and sets whether to open the security protection switch.
  • the MAC address information of the management client (administrator side) needs to be set on the home network terminal, and one or more management client MAC address information can be set.
  • the initial configuration of the network terminal is implemented by the foregoing solution.
  • the embodiment of the invention also discloses a computer program, including program instructions, when the program instruction When executed by the terminal, the terminal can perform any of the above methods for detecting wireless network access security.
  • the embodiment of the invention also discloses a carrier carrying the computer program.
  • the method and the terminal for detecting the security of the wireless network access in the embodiment of the present invention when the network terminal detects the access of the wireless network client, the network terminal records the related information of the accessed wireless network client, and identifies the non-secure client; Transmitting the related information of the wireless network client to the management client; when receiving the client security information confirmed by the management client, updating the accessed wireless network client as a secure client, thereby passing
  • the home gateway (or router) + APP system with wifi can complete the attack identification or network identification, and can grasp the attack and illegal access on the WLAN side at any time, and minimize the security risk. For the administrator of the device or the user who is normally authorized, as long as the WALN wireless network is connected, it can immediately obtain whether there is an illegal user access or an illegal user access.
  • the real-time security detection system of the present invention can be applied to other devices with WALN, and can be applied to other devices with intrusion detection, and is not limited herein.
  • the technical solution of the invention can grasp the attack and illegal access on the WLAN side at any time, and minimize the security risk. Therefore, the present invention has strong industrial applicability.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A wireless network access security detection method and terminal, the method comprising: when a network terminal detects access by a wireless network client, recording related information of the accessing wireless network client, comparing the same to a secure client list, and when the related information of the wireless network client is not in the secure client list, marking the wireless network client as an insecure client; transmitting the related information of the wireless network client side to a management client; when client security information confirmed by the management client is received, updating the accessing wireless network client to be a secure client. The technical solution of the present invention can recognize an attack or an illegitimate access of a WLAN side at any time, thus minimizing security risk.

Description

检测无线网络接入安全的方法及终端Method and terminal for detecting wireless network access security 技术领域Technical field
本文涉及检测无线网络接入安全的技术领域,尤其涉及一种检测无线网络接入安全的方法及终端。This document relates to the technical field of detecting wireless network access security, and in particular to a method and terminal for detecting wireless network access security.
背景技术Background technique
目前运营商接入业务发展迅速,家用终端设备的使用率越来越高,用户群也越来越大,另外,因为wifi和智能手机的大规模应用,家用终端或路由器基本都支持了无线网络接入的功能,但无线网络的安全性一直是用户应用过程中需要注意的问题,因为密钥的问题,或者一些破解技术,导致蹭网和WLAN侧的攻击时有出现,因此,无线网络的安全成为使用中比较突出的问题。At present, the operator access service is developing rapidly, the usage rate of the home terminal equipment is getting higher and higher, and the user group is also getting larger and larger. In addition, because of the large-scale application of wifi and smart phones, the home terminal or the router basically supports the wireless network. The function of access, but the security of the wireless network has always been a problem that needs to be paid attention to during the application process of the user. Because the key problem or some cracking technology causes the attack on the network and the WLAN side to occur, therefore, the wireless network Safety has become a prominent problem in use.
发明内容Summary of the invention
本发明的主要目的在于提供一种检测无线网络接入安全的方法及终端。旨在解决无线网络中非法用户接入的问题,提高无线网络的接入安全性。The main object of the present invention is to provide a method and terminal for detecting wireless network access security. It aims to solve the problem of illegal user access in wireless networks and improve the access security of wireless networks.
为了解决上述技术问题,采用如下技术方案:In order to solve the above technical problems, the following technical solutions are adopted:
一种检测无线网络接入安全的方法,包括:A method for detecting wireless network access security includes:
网络终端在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息,判断安全客户端列表中是否存在所述无线网络客户端的相关信息,当所述安全客户端列表中不存在所述无线网络客户端的相关信息时,将所述无线网络客户端标识为非安全客户端;When detecting the access of the wireless network client, the network terminal records the related information of the wireless network client that is accessed, and determines whether the related information of the wireless network client exists in the security client list, when the security client When the related information of the wireless network client does not exist in the list, the wireless network client is identified as a non-secure client;
将所述无线网络客户端的相关信息发送到管理客户端;Sending related information of the wireless network client to the management client;
当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新为安全客户端。When the client security information confirmed by the management client is received, the accessed wireless network client is updated to a secure client.
可选地,所述将所述无线网络客户端标识为非安全客户端的步骤之后,该方法还包括:将接入的所述无线网络客户端更新到本地维护的危险客户端 列表;Optionally, after the step of identifying the wireless network client as a non-secure client, the method further includes: updating the accessed wireless network client to a locally maintained dangerous client. List
所述当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新为安全客户端的步骤包括:当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新到本地维护的安全客户端列表,并从所述危险客户端列表移除确认安全的所述无线网络客户端。The step of updating the accessed wireless network client as a secure client when receiving the client security information confirmed by the management client includes: receiving client security confirmed by the management client When the information is received, the accessed wireless network client is updated to a locally maintained security client list, and the wireless network client confirming security is removed from the dangerous client list.
可选地,所述将无线网络客户端的相关信息发送到管理客户端的步骤包括:Optionally, the step of sending the related information of the wireless network client to the management client includes:
在检测到所述管理客户端的MAC地址接入到所述网络终端时,发起与所述管理客户端之间的socket连接;When detecting that the management client's MAC address is accessed to the network terminal, initiate a socket connection with the management client;
在socket连接建立成功后,将所述无线网络客户端的相关信息封装为告警信息发送至所述管理客户端,其中,所述管理客户端安装有用于确认客户端是否安全的APP。After the socket connection is successfully established, the related information of the wireless network client is encapsulated into alarm information and sent to the management client, where the management client is installed with an APP for confirming whether the client is secure.
可选地,所述告警信息为表字段格式;所述告警信息包括:所述无线网络客户端的MAC地址、接入时间和/或接入时长。Optionally, the alarm information is in a table field format; the alarm information includes: a MAC address, an access time, and/or an access duration of the wireless network client.
可选地,该方法还包括:Optionally, the method further includes:
在预定时间内,若未接收到所述管理客户端确认的客户端安全信息,则待管理客户端重新接入时再次推送所述告警信息。If the client security information confirmed by the management client is not received within the predetermined time, the alarm information is pushed again when the to-be-managed client re-accesses.
可选地,所述网络终端在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息的步骤之前,该方法还包括:Optionally, before the step of the network terminal recording the information about the wireless network client that is accessed when the wireless network client access is detected, the method further includes:
所述网络终端进行初始化配置,在所述网络终端上配置相关信息,配置的所述相关信息包括:WAN连接的相关信息及无线网络SSID、密码配置信息,是否开启安全防护开关,以及管理客户端接入的MAC地址信息。The network terminal performs initial configuration, and the related information is configured on the network terminal, and the related information includes: information about the WAN connection, the SSID of the wireless network, the password configuration information, whether the security protection switch is enabled, and the management client. MAC address information of the access.
一种检测无线网络接入安全的终端,包括检测模块、告警模块和更新模块,其中:A terminal for detecting wireless network access security includes a detection module, an alarm module, and an update module, wherein:
所述检测模块设置成:在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息,判断安全客户端列表中是否存在所述无线 网络客户端的相关信息,当所述安全客户端列表中不存在所述无线网络客户端的相关信息时,将所述无线网络客户端标识为非安全客户端;The detecting module is configured to: when detecting the access of the wireless network client, record related information of the accessed wireless network client, and determine whether the wireless is present in the security client list. Corresponding information of the network client, when the information about the wireless network client does not exist in the security client list, identifying the wireless network client as a non-secure client;
所述告警模块设置成:将所述无线网络客户端的相关信息发送到管理客户端;The alarm module is configured to: send related information of the wireless network client to a management client;
所述更新模块设置成:当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新为安全客户端。The update module is configured to: when the client security information confirmed by the management client is received, update the accessed wireless network client as a secure client.
可选地,所述检测模块还设置成:将确认为非安全客户端的无线网络客户端更新到本地维护的危险客户端列表;Optionally, the detecting module is further configured to: update the wireless network client confirmed as the non-secure client to the locally maintained dangerous client list;
所述更新模块还设置成:当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新到本地维护的安全客户端列表,并从所述危险客户端列表移除确认安全的所述无线网络客户端。The update module is further configured to: when receiving the client security information confirmed by the management client, update the accessed wireless network client to a locally maintained security client list, and from the danger The client list removes the wireless network client that confirms security.
可选地,所述告警模块还设置成:在检测到所述管理客户端的MAC地址接入到所述网络终端时,发起与所述管理客户端之间的socket连接;在socket连接建立成功后,将所述无线网络客户端的相关信息封装为告警信息发送至所述管理客户端,所述管理客户端安装有用于确认客户端是否安全APP。Optionally, the alarm module is further configured to: initiate a socket connection with the management client when detecting that the management client's MAC address is accessed to the network terminal; after the socket connection is successfully established Encapsulating related information of the wireless network client as alarm information is sent to the management client, and the management client is installed with a function for confirming whether the client is a secure APP.
可选地,所述告警模块还设置成:在预定时间内,若未接收到所述管理客户端确认的客户端安全信息,则待管理客户端重新接入时再次推送所述告警信息。Optionally, the alarm module is further configured to: if the client security information confirmed by the management client is not received within a predetermined time, the alarm information is pushed again when the to-be-managed client re-accesses.
可选地,该终端还包括配置模块,其中:Optionally, the terminal further includes a configuration module, where:
所述配置模块设置成:对所述终端进行初始化配置,在所述网络终端上配置相关信息,配置的所述相关信息包括:WAN连接的相关信息及无线网络SSID、密码配置信息,是否开启安全防护开关,以及管理客户端接入的MAC地址信息。The configuration module is configured to: perform initialization configuration on the terminal, and configure related information on the network terminal, where the related information includes: related information of the WAN connection, wireless network SSID, password configuration information, and whether the security is enabled. Protection switch, and management MAC address information for client access.
一种计算机程序,包括程序指令,当该程序指令被终端执行时,使得该终端可执行上述任意的检测无线网络接入安全的方法。 A computer program comprising program instructions that, when executed by a terminal, cause the terminal to perform any of the above methods of detecting wireless network access security.
一种载有所述的计算机程序的载体。A carrier carrying the computer program as described.
本发明实施例提出的一种检测无线网络接入安全的方法及终端,网络终端在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息,比对安全客户端列表,当安全客户端列表中不存在所述无线网络客户端的相关信息时,将所述无线网络客户端标识为非安全客户端;将所述无线网络客户端的相关信息发送管理客户端;当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新为安全客户端,由此可以随时掌握WLAN侧的攻击和非法接入,将安全风险降到最低。A method and a terminal for detecting wireless network access security according to an embodiment of the present invention, when detecting a wireless network client access, the network terminal records related information of the accessed wireless network client, and compares the security client. The end list, when the information about the wireless network client does not exist in the security client list, the wireless network client is identified as a non-secure client; the related information of the wireless network client is sent to the management client; When the client security information confirmed by the management client is received, the wireless network client that has been accessed is updated to be a secure client, so that the attack on the WLAN side and the illegal access can be grasped at any time, and the security risk is lowered. To the lowest.
附图概述BRIEF abstract
图1是本发明检测无线网络接入安全的方法一实施例的流程示意图;1 is a schematic flow chart of an embodiment of a method for detecting wireless network access security according to the present invention;
图2为相关技术的无线网络终端设备的应用组网图;2 is a networking diagram of an application of a related art wireless network terminal device;
图3是本发明实施例方案的具体流程示意图;3 is a schematic diagram of a specific process of an embodiment of the present invention;
图4是本发明检测无线网络接入安全的方法另一实施例的流程示意图;4 is a schematic flow chart of another embodiment of a method for detecting wireless network access security according to the present invention;
图5是本发明检测无线网络接入安全的终端一实施例的功能模块示意图;5 is a schematic diagram of functional modules of an embodiment of a terminal for detecting wireless network access security according to the present invention;
图6是本发明检测无线网络接入安全的终端另一实施例的功能模块示意图。FIG. 6 is a schematic diagram of functional modules of another embodiment of a terminal for detecting wireless network access security according to the present invention.
本发明的较佳实施方式Preferred embodiment of the invention
本发明实施例的解决方案主要是:网络终端在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息,比对安全客户端列表,当安全客户端列表中不存在所述无线网络客户端的相关信息时,将所述无线网络客户端标识为非安全客户端;将所述无线网络客户端的相关信息发送到管理客户端;当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新为安全客户端,由此可以随时掌握WLAN侧的攻击和非法接入,将安全风险降到最低。 The solution of the embodiment of the present invention is mainly: when the network terminal detects that there is a wireless network client access, the related information of the accessed wireless network client is recorded, and the security client list is compared in the security client list. When the related information of the wireless network client does not exist, the wireless network client is identified as a non-secure client; the related information of the wireless network client is sent to the management client; when the management client is received, the confirmation is received. When the client security information is updated, the accessed wireless network client is updated to a secure client, so that the WLAN side attack and illegal access can be grasped at any time, and the security risk is minimized.
如图1所示,本发明一实施例提出一种检测无线网络接入安全的方法,包括:As shown in FIG. 1, an embodiment of the present invention provides a method for detecting wireless network access security, including:
步骤S101,网络终端在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息,比对安全客户端列表,当安全客户端列表中不存在所述无线网络客户端的相关信息时,将所述无线网络客户端标识为非安全客户端;Step S101: The network terminal records the related information of the accessed wireless network client when the wireless network client access is detected, and compares the security client list, when the wireless network client does not exist in the security client list. Identifying the wireless network client as a non-secure client when the related information is end;
本实施例方法运行环境涉及无线网络,尤其涉及家庭无线网络终端系统,包括家庭网关或者是家用或者企业用的小型路由器,该终端系统带wifi无线网络。The method operating environment of this embodiment relates to a wireless network, and particularly relates to a home wireless network terminal system, including a home gateway or a small router for home or enterprise, and the terminal system has a wifi wireless network.
目前,家庭网关和家用路由器、企业用路由器的应用非常普遍,但网络终端设备的安全性问题也日趋严峻。At present, the application of home gateways and home routers and enterprise routers is very common, but the security problems of network terminal equipment are also becoming increasingly serious.
如图2所示,图2为相关的无线网络终端设备的应用组网图。对于这种无线网络终端设备来说,包含WAN侧和LAN侧,其中WAN侧用以接入到运营商网络中,且一般WAN侧通过开启防火墙可以将安全攻击的危险降低。LAN侧分为有线(接入PC端)和WLAN,LAN侧的攻击主要来自WLAN。As shown in FIG. 2, FIG. 2 is a network diagram of an application of a related wireless network terminal device. For the wireless network terminal device, the WAN side and the LAN side are included, wherein the WAN side is used to access the carrier network, and the general WAN side can reduce the risk of security attacks by turning on the firewall. The LAN side is divided into wired (accessing the PC) and WLAN, and the attack on the LAN side mainly comes from the WLAN.
虽然WLAN无线网络可以通过加密或者设置比较复杂的无线密码,以设置加密方式来避免非授权用户进行接入。但破解技术一直在更新,如果一些非法用户破解密码后接入到WALN网络,以目前的技术,正常授权使用的用户或者管理员是不太容易发现的,只有在使用中发现网络拥塞或者其它问题时,才会去关注是否有蹭网或攻击事件发生。Although the WLAN wireless network can encrypt or set a relatively complicated wireless password, the encryption method is set to prevent unauthorized users from accessing. However, the cracking technology has been updated. If some illegal users crack the password and access the WALN network, with the current technology, users or administrators who are normally authorized to use it are not easy to find, only discover network congestion or other problems during use. When you are concerned, you will be concerned about whether there is a network or an attack.
本实施例方案,通过带wifi的家庭网关(或者路由器)+APP的系统,来完成攻击识别或蹭网识别,可以随时掌握WLAN侧的攻击和非法接入,将安全风险降到最低。In the solution of the embodiment, the attack identification or the network identification is completed through the system of the home gateway (or router) + APP with wifi, and the attack on the WLAN side and the illegal access can be grasped at any time, and the security risk is minimized.
具体地,首先,网络终端(本实施例以家庭网络终端举例)在初始化配置时,会设置路由器WAN连接的相关信息及无线网络SSID、密码等配置信息,并设定是否开启安全防护开关。Specifically, first, the network terminal (in the embodiment of the home network terminal), when initializing the configuration, sets related information of the router WAN connection, configuration information such as the SSID and password of the wireless network, and sets whether to open the security protection switch.
此外,在家庭网络终端上还需设置管理客户端(管理员侧)接入的MAC地址信息,可以设置一个或者多个管理客户端MAC地址信息。In addition, the MAC address information of the management client (administrator side) needs to be set on the home network terminal, and one or more management client MAC address information can be set.
在家庭网络终端上开启安全防护开关后,家庭网络终端会实时监测是否 有无线网络客户端接入。After the security switch is turned on on the home network terminal, the home network terminal monitors whether it is real-time. There is wireless network client access.
在监测到有无线网络客户端接入时,家庭网络终端记录接入的所述无线网络客户端的MAC地址、接入时间和/或接入时长等相关信息。When the wireless network client access is detected, the home network terminal records related information such as the MAC address, the access time, and/or the access duration of the accessed wireless network client.
比对本地维护的安全客户端列表,当安全客户端列表中不存在所述无线网络客户端的相关信息时,将此无线网络客户端标识为非安全客户端。Comparing the locally maintained security client list, when the information about the wireless network client does not exist in the security client list, the wireless network client is identified as a non-secure client.
在具体实现时,可以采用如下方案:In the specific implementation, the following scheme can be adopted:
当家庭网络终端上电时,或者无线wifi的SSID或者密码被重新修改时,开启设备初始化的流程。When the home network terminal is powered on, or the SSID or password of the wireless wifi is re-modified, the process of device initialization is turned on.
在家庭网络终端初始化完成后,会生成并维护三张表,包括:After the home network terminal is initialized, three tables are generated and maintained, including:
1、管理员信息表;1. Administrator information table;
2、安全客户端列表;2. A list of secure clients;
3、危险客户端列表。3. List of dangerous clients.
上述这三张表可以为空,也可以包含一条或者多条记录。The above three tables may be empty or may contain one or more records.
其中,管理员信息表和安全客户端列表包含标识客户端信息的字段,比如客户端MAC地址等。The administrator information table and the security client list include fields that identify client information, such as a client MAC address.
危险客户端列表包含标识客户端信息的字段,比如客户端MAC地址,还包括接入到设备的时间信息等。The dangerous client list contains fields that identify client information, such as the client MAC address, as well as time information to access the device.
当有新的无线网络客户端接入到家庭网络终端设备时,上述三张表信息会更新,其中:设备的危险客户端列表会更新,记录下当前危险客户端接入的MAC地址,接入时间等信息,即将接入的无线网络客户端作为危险客户端更新到本地维护的危险客户端列表。When a new wireless network client accesses the home network terminal device, the above three table information will be updated, wherein: the dangerous client list of the device is updated, and the MAC address of the current dangerous client access is recorded, and the access is recorded. Information such as time, the incoming wireless network client is updated as a dangerous client to the list of dangerous clients maintained locally.
家庭网络终端设备对危险客户端列表进行查询,如果表记录为空,表示不存在危险客户端接入,流程退出;如果表记录不为空,表示存在危险客户端接入,家庭网络终端设备会检测安全管理员信息表,查询安全管理员的客户端MAC信息,以便当检测到安全管理客户端接入设备后,将危险客户端的相关信息发送至安全管理客户端。The home network terminal device queries the dangerous client list. If the table record is empty, it means that there is no dangerous client access, and the process exits; if the table record is not empty, it indicates that there is dangerous client access, and the home network terminal device will The security administrator information table is detected, and the client MAC information of the security administrator is queried, so that when the security management client accesses the device, the related information of the dangerous client is sent to the security management client.
步骤S102,将所述无线网络客户端的相关信息发送到管理客户端;Step S102, sending related information of the wireless network client to the management client;
当检测到安全管理客户端接入设备后,家庭网络终端将所述无线网络客户端的MAC地址、接入时间和/或接入时长等相关信息作为告警信息发送给管理客户端。 After detecting the security management client access device, the home network terminal sends related information such as the MAC address, the access time, and/or the access duration of the wireless network client to the management client as the alarm information.
具体采用如下方案:Specifically adopt the following scheme:
当检测到安全管理客户端接入设备后,会向安全管理客户端的APP应用软件推送危险账号存在的告警,告警信息包含危险客户端接入的MAC信息和接入时间等。When the security management client accesses the device, it sends an alert to the APP application of the security management client to the dangerous account. The alarm information includes the MAC information and access time of the dangerous client.
其中,在检测到管理客户端的MAC地址接入到家庭网络终端时,家庭网络终端发起与管理客户端之间的socket连接。The home network terminal initiates a socket connection with the management client when detecting that the management client's MAC address is accessed to the home network terminal.
在socket连接建立成功后,家庭网络终端将所述无线网络客户端的相关信息封装为告警信息发送至所述管理客户端,所述管理客户端安装有相应的APP。After the socket connection is successfully established, the home network terminal encapsulates the related information of the wireless network client into alarm information and sends the information to the management client, where the management client is installed with a corresponding APP.
其中,告警信息可以封装为方便与手机客户端交互的格式,采用表字段格式,具体可以包含客户端MAC地址、接入时间、接入时常等等,如图下表1所示:The alarm information may be encapsulated into a format that facilitates interaction with the mobile phone client, and uses a table field format, which may include a client MAC address, an access time, an access time, and the like, as shown in Table 1 below:
Figure PCTCN2015082094-appb-000001
Figure PCTCN2015082094-appb-000001
表1Table 1
步骤S103,当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新为安全客户端。Step S103: When receiving the client security information confirmed by the management client, update the accessed wireless network client as a security client.
当接收到管理客户端确认的客户端安全信息时,家庭网络终端会更新安全客户端列表,将已接入的无线网络客户端更新到本地维护的安全客户端列表,并从危险客户端列表移除确认安全的所述无线网络客户端。后续,当管理客户端采取相应的措施,比如在家庭网络终端上重新设置wifi密码等操作,则在家庭网络终端再次上电或重新启动后,家庭网络终端会清空危险客户端列表,或者,家庭网络终端检测不到上次接入的危险客户端,则从危险客户端列表移除对应的危险客户端。When receiving the client security information confirmed by the management client, the home network terminal updates the security client list, updates the accessed wireless network client to the locally maintained security client list, and moves from the dangerous client list. In addition to confirming the security of the wireless network client. Subsequently, when the management client takes corresponding measures, such as resetting the wifi password on the home network terminal, after the home network terminal is powered on or restarted again, the home network terminal will clear the dangerous client list, or the family. If the network terminal does not detect the dangerous client that was last accessed, the corresponding dangerous client is removed from the dangerous client list.
在预定时间内,若未接收到所述管理客户端确认的客户端安全信息,则待管理客户端重新接入时再次推送所述告警信息。If the client security information confirmed by the management client is not received within the predetermined time, the alarm information is pushed again when the to-be-managed client re-accesses.
以下结合图3详细阐述本实施例方案的具体流程:The specific process of the solution of this embodiment is described in detail below with reference to FIG. 3:
如图3所示,家庭网络终端上的实施流程如下:As shown in Figure 3, the implementation process on the home network terminal is as follows:
10、当家庭网络终端上电时,或者无线Wifi的SSID或者密码被重新修 改时,开启设备初始化的流程;10. When the home network terminal is powered on, or the SSID or password of the wireless Wifi is repaired. When changing, start the process of device initialization;
11、终端设备初始化完成后,会生成并维护三张表,包括:管理员信息表、安全客户端列表、危险客户端列表。11. After the terminal device is initialized, three tables are generated and maintained, including: administrator information table, security client list, and dangerous client list.
这三张表可以为空,也可以包含一条或者多条记录。These three tables can be empty or contain one or more records.
其中,管理员信息表和安全客户端列表包含标识客户端信息的字段,比如客户端MAC地址。The administrator information table and the security client list include fields that identify client information, such as a client MAC address.
危险客户端列表包含标识客户端信息的字段,比如客户端MAC地址,还包括接入到设备的时间信息等等。The Dangerous Clients list contains fields that identify client information, such as client MAC addresses, as well as time information to access the device.
12、当有新的无线客户端接入到家庭网络终端设备时,上述三张表信息会更新,其中:设备的危险客户端列表会更新,记录下当前危险客户端接入的MAC地址,接入时间等信息;12. When a new wireless client accesses the home network terminal device, the above three table information will be updated, wherein: the dangerous client list of the device is updated, and the MAC address of the current dangerous client access is recorded, and the MAC address is accessed. Information such as time of entry;
13、设备对危险客户端记录表进行查询,如果表记录为空,表示不存在危险客户端接入,流程退出;如果表记录不为空,表示存在危险客户端接入,设备会检测安全管理员信息表,查询安全管理员的客户端MAC信息。13. The device queries the dangerous client record table. If the table record is empty, it means that there is no dangerous client access, and the process exits; if the table record is not empty, it indicates that there is dangerous client access, and the device will detect security management. Member information table, query the client MAC information of the security administrator.
14、当检测到安全管理客户端接入设备后,会向安全管理客户端的APP应用软件推送危险账号存在的告警,告警信息包含危险客户端接入的MAC信息和接入时间等等;14. When the security management client accesses the device, the alarm is sent to the APP application of the security management client, and the alarm information includes the MAC information and access time of the dangerous client.
15、家庭网络终端的安全检测模块,在一定时间内,如果未收到安全客户端反馈的危险客户端列表的确认信息,流程会走向步骤14,待安全管理员客户端重新接入设备时再次推送。如果收到安全客户端反馈的危险客户端列表的确认信息,流程会走向步骤11,更新安全客户端列表,并将确认的危险客户端清除。15. The security detection module of the home network terminal, if the confirmation message of the dangerous client list fed back by the security client is not received within a certain period of time, the process proceeds to step 14, and the security administrator client re-accesses the device again. Push. If you receive confirmation of the list of dangerous clients that the security client is responding to, the process proceeds to step 11, updating the list of secure clients and clearing the identified dangerous clients.
16、流程结束。16. The process ends.
本实施例通过上述方案,网络终端在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息,并标识为非安全客户端;将所述无线网络客户端的相关信息发送管理客户端;当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新为安全客户端,由此可以随时掌握WLAN侧的攻击和非法接入,将安全风险降到最低。 In this embodiment, when the network terminal detects that there is a wireless network client access, the network terminal records related information of the accessed wireless network client, and identifies the non-secure client; and associates the wireless network client. The information transmission management client; when receiving the client security information confirmed by the management client, updating the accessed wireless network client as a security client, thereby grasping the attack and the illegality on the WLAN side at any time Access to minimize security risks.
如图4所示,本发明另一实施例提出一种检测无线网络接入安全的方法,基于上述方法实施例,网络终端在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息的步骤之前还包括:As shown in FIG. 4, another embodiment of the present invention provides a method for detecting wireless network access security. According to the foregoing method embodiment, when the network terminal detects that there is a wireless network client access, the network access is recorded. The steps for information about the wireless network client also include:
步骤S100,所述网络终端进行初始化配置,在所述网络终端上配置相关信息。Step S100: The network terminal performs initial configuration, and the related information is configured on the network terminal.
相比上述实施例,本实施例还包括网络终端进行初始化配置的方案。Compared with the foregoing embodiment, the embodiment further includes a solution for initial configuration of the network terminal.
首先,网络终端(本实施例以家庭网络终端举例)在初始化配置时,会设置路由器WAN连接的相关信息及无线网络SSID、密码等配置信息,并设定是否开启安全防护开关。First, the network terminal (in the embodiment of the home network terminal), when initializing the configuration, sets the router WAN connection related information and the wireless network SSID, password and other configuration information, and sets whether to open the security protection switch.
此外,在家庭网络终端上还需设置管理客户端(管理员侧)接入的MAC地址信息,可以设置一个或者多个管理客户端MAC地址信息。In addition, the MAC address information of the management client (administrator side) needs to be set on the home network terminal, and one or more management client MAC address information can be set.
本实施例通过上述方案,实现了对网络终端的初始化配置。In this embodiment, the initial configuration of the network terminal is implemented by the foregoing solution.
如图5所示,本发明一实施例提出一种检测无线网络接入安全的终端,包括:检测模块201、告警模块202及更新模块203,其中:As shown in FIG. 5, an embodiment of the present invention provides a terminal for detecting wireless network access security, including: a detection module 201, an alarm module 202, and an update module 203, where:
检测模块201,设置成:在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息,比对安全客户端列表,当安全客户端列表中不存在所述无线网络客户端的相关信息时,将所述无线网络客户端标识为非安全客户端;The detecting module 201 is configured to: when the wireless network client access is detected, record related information of the accessed wireless network client, compare the security client list, and the wireless client does not exist in the security client list. Identifying the wireless network client as a non-secure client when the network client has relevant information;
告警模块202,设置成:将所述无线网络客户端的相关信息发送到管理客户端;The alarm module 202 is configured to: send related information of the wireless network client to the management client;
更新模块203,设置成:当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端的相关信息更新为安全客户端。The update module 203 is configured to: when receiving the client security information confirmed by the management client, update related information of the accessed wireless network client to a security client.
具体地,本实施例终端包括但不限于家庭网关或者是家用或者企业用的小型路由器,该终端系统带wifi无线网络。Specifically, the terminal in this embodiment includes, but is not limited to, a home gateway or a small router for home or business, and the terminal system has a wifi wireless network.
目前,家庭网关和家用路由器、企业用路由器的应用非常普遍,但网络终端设备的安全性问题也日趋严峻。At present, the application of home gateways and home routers and enterprise routers is very common, but the security problems of network terminal equipment are also becoming increasingly serious.
如图2所示,图2为相关的无线网络终端设备的应用组网图。对于这种无线网络终端设备来说,包含WAN侧和LAN侧,其中WAN侧用以接入到运营商网络中,且一般WAN侧通过开启防火墙可以将安全攻击的危险降低。 LAN侧分为有线(接入PC端)和WLAN,LAN侧的攻击主要来自WLAN。As shown in FIG. 2, FIG. 2 is a network diagram of an application of a related wireless network terminal device. For the wireless network terminal device, the WAN side and the LAN side are included, wherein the WAN side is used to access the carrier network, and the general WAN side can reduce the risk of security attacks by turning on the firewall. The LAN side is divided into wired (accessing the PC) and WLAN, and the attack on the LAN side mainly comes from the WLAN.
虽然WLAN无线网络可以通过加密或者设置比较复杂的无线密码,以设置加密方式来避免非授权用户进行接入。但破解技术一直在更新,如果一些非法用户破解密码后接入到WALN网络,以目前的技术,正常授权使用的用户或者管理员是不太容易发现的,只有在使用中发现网络拥塞或者其它问题时,才会去关注是否有蹭网或攻击事件发生。Although the WLAN wireless network can encrypt or set a relatively complicated wireless password, the encryption method is set to prevent unauthorized users from accessing. However, the cracking technology has been updated. If some illegal users crack the password and access the WALN network, with the current technology, users or administrators who are normally authorized to use it are not easy to find, only discover network congestion or other problems during use. When you are concerned, you will be concerned about whether there is a network or an attack.
本实施例方案,通过带wifi的家庭网关(或者路由器)+APP的系统,来完成攻击识别或蹭网识别,可以随时掌握WLAN侧的攻击和非法接入,将安全风险降到最低。In the solution of the embodiment, the attack identification or the network identification is completed through the system of the home gateway (or router) + APP with wifi, and the attack on the WLAN side and the illegal access can be grasped at any time, and the security risk is minimized.
具体地,首先,网络终端(本实施例以家庭网络终端举例)在初始化配置时,会设置路由器WAN连接的相关信息及无线网络SSID、密码等配置信息,并设定是否开启安全防护开关。Specifically, first, the network terminal (in the embodiment of the home network terminal), when initializing the configuration, sets related information of the router WAN connection, configuration information such as the SSID and password of the wireless network, and sets whether to open the security protection switch.
此外,在家庭网络终端上还需设置管理客户端(管理员侧)接入的MAC地址信息,可以设置一个或者多个管理客户端MAC地址信息。In addition, the MAC address information of the management client (administrator side) needs to be set on the home network terminal, and one or more management client MAC address information can be set.
在家庭网络终端上开启安全防护开关后,家庭网络终端的检测模块201会实时监测是否有无线网络客户端接入。After the security protection switch is turned on on the home network terminal, the detection module 201 of the home network terminal monitors in real time whether there is a wireless network client access.
检测模块201在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的MAC地址、接入时间和/或接入时长等相关信息。比对安全客户端列表,当安全客户端列表中不存在所述无线网络客户端的相关信息时,将此无线网络客户端标识为非安全客户端。The detecting module 201 records related information such as the MAC address, the access time, and/or the access duration of the accessed wireless network client when the wireless network client access is detected. Comparing the security client list, when the information about the wireless network client does not exist in the security client list, the wireless network client is identified as a non-secure client.
在具体实现时,可以采用如下方案:In the specific implementation, the following scheme can be adopted:
当家庭网络终端上电时,或者无线wifi的SSID或者密码被重新修改时,开启设备初始化的流程。When the home network terminal is powered on, or the SSID or password of the wireless wifi is re-modified, the process of device initialization is turned on.
在家庭网络终端初始化完成后,会生成并维护三张表,包括:After the home network terminal is initialized, three tables are generated and maintained, including:
1、管理员信息表;1. Administrator information table;
2、安全客户端列表;2. A list of secure clients;
3、危险客户端列表。3. List of dangerous clients.
上述这三张表可以为空,也可以包含一条或者多条记录。The above three tables may be empty or may contain one or more records.
其中,管理员信息表和安全客户端列表包含标识客户端信息的字段,比如客户端MAC地址等。 The administrator information table and the security client list include fields that identify client information, such as a client MAC address.
危险客户端列表包含标识客户端信息的字段,比如客户端MAC地址,还包括接入到设备的时间信息等。The dangerous client list contains fields that identify client information, such as the client MAC address, as well as time information to access the device.
当有新的无线网络客户端接入到家庭网络终端设备时,上述三张表信息会更新,其中:设备的危险客户端列表会更新,记录下当前危险客户端接入的MAC地址,接入时间等信息,即将接入的无线网络客户端作为危险客户端更新到本地维护的危险客户端列表。When a new wireless network client accesses the home network terminal device, the above three table information will be updated, wherein: the dangerous client list of the device is updated, and the MAC address of the current dangerous client access is recorded, and the access is recorded. Information such as time, the incoming wireless network client is updated as a dangerous client to the list of dangerous clients maintained locally.
家庭网络终端设备对危险客户端列表进行查询,如果表记录为空,表示不存在危险客户端接入,流程退出;如果表记录不为空,表示存在危险客户端接入,家庭网络终端设备会检测安全管理员信息表,查询安全管理员的客户端MAC信息,以便当检测到安全管理客户端接入设备后,将危险客户端的相关信息发送至安全管理客户端。The home network terminal device queries the dangerous client list. If the table record is empty, it means that there is no dangerous client access, and the process exits; if the table record is not empty, it indicates that there is dangerous client access, and the home network terminal device will The security administrator information table is detected, and the client MAC information of the security administrator is queried, so that when the security management client accesses the device, the related information of the dangerous client is sent to the security management client.
当检测到安全管理客户端接入设备后,家庭网络终端的告警模块202将所述无线网络客户端的MAC地址、接入时间和/或接入时长等相关信息作为告警信息发送给管理客户端。After detecting the security management client access device, the alarm module 202 of the home network terminal sends related information such as the MAC address, the access time, and/or the access duration of the wireless network client to the management client as the alarm information.
具体采用如下方案:Specifically adopt the following scheme:
当检测到安全管理客户端接入设备后,告警模块202会向安全管理客户端的APP应用软件推送危险账号存在的告警,告警信息包含危险客户端接入的MAC信息和接入时间等。After detecting the security management client accessing the device, the alarm module 202 pushes the alarm of the dangerous account to the APP application of the security management client, and the alarm information includes the MAC information and the access time of the dangerous client.
其中,在检测到管理客户端的MAC地址接入到家庭网络终端时,家庭网络终端的告警模块202发起与管理客户端之间的socket连接。The alarm module 202 of the home network terminal initiates a socket connection with the management client when detecting that the management client's MAC address is accessed to the home network terminal.
在socket连接建立成功后,家庭网络终端的告警模块202将所述无线网络客户端的相关信息封装为告警信息发送至所述管理客户端,所述管理客户端安装有相应的APP。After the socket connection is successfully established, the alarm module 202 of the home network terminal encapsulates the related information of the wireless network client into alarm information and sends the information to the management client, where the management client is installed with a corresponding APP.
其中,告警信息可以封装为表字段格式,包含客户端MAC地址、接入时间、接入时常等等,如图上表1所示:The alarm information can be encapsulated in a table field format, including the client MAC address, access time, access time, and the like, as shown in Table 1 above:
当接收到管理客户端确认的客户端安全信息时,家庭网络终端的更新模块301会更新安全客户端列表,将已接入的无线网络客户端更新到本地维护的安全客户端列表,并从危险客户端列表移除确认安全的所述无线网络客户端。后续,当管理客户端采取相应的措施,比如在家庭网络终端上重新设置wifi密码等操作,则在家庭网络终端再次上电或重新启动后,家庭网络终端 会清空危险客户端列表,或者,家庭网络终端检测不到上次接入的危险客户端,则从危险客户端列表移除对应的危险客户端。When receiving the client security information confirmed by the management client, the update module 301 of the home network terminal updates the security client list, updates the accessed wireless network client to the locally maintained security client list, and is dangerous The client list removes the wireless network client that confirms security. Subsequently, when the management client takes corresponding measures, such as resetting the wifi password on the home network terminal, the home network terminal is restarted after the home network terminal is powered on or restarted. The dangerous client list will be emptied, or if the home network terminal does not detect the dangerous client that was last accessed, the corresponding dangerous client is removed from the dangerous client list.
在预定时间内,若未接收到所述管理客户端确认的客户端安全信息,则待管理客户端重新接入时再次推送所述告警信息。If the client security information confirmed by the management client is not received within the predetermined time, the alarm information is pushed again when the to-be-managed client re-accesses.
需要说明的是,本实施例上述各功能模块的功能并不限于由上述三种模块来完成,比如还可以细分为更多或更少的模块来完成,如上述更新模块203的功能可以由检测模块201来完成,在此不作限定。It should be noted that the functions of the foregoing functional modules in this embodiment are not limited to being implemented by the foregoing three modules, for example, may be further divided into more or fewer modules, as the function of the foregoing update module 203 may be The detection module 201 is completed, which is not limited herein.
本实施例通过上述方案,网络终端在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息,并标识为非安全客户端;将所述无线网络客户端的相关信息发送管理客户端;当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新为安全客户端,由此可以随时掌握WLAN侧的攻击和非法接入,将安全风险降到最低。In this embodiment, when the network terminal detects that there is a wireless network client access, the network terminal records related information of the accessed wireless network client, and identifies the non-secure client; and associates the wireless network client. The information transmission management client; when receiving the client security information confirmed by the management client, updating the accessed wireless network client as a security client, thereby grasping the attack and the illegality on the WLAN side at any time Access to minimize security risks.
如图6所示,本发明另一实施例提出一种检测无线网络接入安全的终端,基于上述实施例,还包括:As shown in FIG. 6 , another embodiment of the present invention provides a terminal for detecting wireless network access security.
配置模块200,设置成:对所述终端进行初始化配置,在所述网络终端上配置相关信息,配置的所述相关信息包括:WAN连接的相关信息及无线网络SSID、密码配置信息,是否开启安全防护开关,以及管理客户端接入的MAC地址信息。The configuration module 200 is configured to: perform initial configuration on the terminal, and configure related information on the network terminal, where the related information includes: information about the WAN connection, the SSID of the wireless network, and the password configuration information, whether the security is enabled. Protection switch, and management MAC address information for client access.
相比上述实施例,本实施例还包括网络终端进行初始化配置的方案。Compared with the foregoing embodiment, the embodiment further includes a solution for initial configuration of the network terminal.
首先,网络终端(本实施例以家庭网络终端举例)在初始化配置时,会设置路由器WAN连接的相关信息及无线网络SSID、密码等配置信息,并设定是否开启安全防护开关。First, the network terminal (in the embodiment of the home network terminal), when initializing the configuration, sets the router WAN connection related information and the wireless network SSID, password and other configuration information, and sets whether to open the security protection switch.
此外,在家庭网络终端上还需设置管理客户端(管理员侧)接入的MAC地址信息,可以设置一个或者多个管理客户端MAC地址信息。In addition, the MAC address information of the management client (administrator side) needs to be set on the home network terminal, and one or more management client MAC address information can be set.
本实施例通过上述方案,实现了对网络终端的初始化配置。In this embodiment, the initial configuration of the network terminal is implemented by the foregoing solution.
本发明实施例还公开了一种计算机程序,包括程序指令,当该程序指令 被终端执行时,使得该终端可执行上述任意的检测无线网络接入安全的方法。The embodiment of the invention also discloses a computer program, including program instructions, when the program instruction When executed by the terminal, the terminal can perform any of the above methods for detecting wireless network access security.
本发明实施例还公开了一种载有所述计算机程序的载体。The embodiment of the invention also discloses a carrier carrying the computer program.
本发明实施例检测无线网络接入安全的方法及终端,网络终端在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息,并标识为非安全客户端;将所述无线网络客户端的相关信息发送管理客户端;当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新为安全客户端,由此通过带wifi的家庭网关(或者路由器)+APP的系统,来完成攻击识别或蹭网识别,可以随时掌握WLAN侧的攻击和非法接入,将安全风险降到最低。对于设备的管理员或者正常授权的用户而言,只要接入到WALN无线网络,就能立即获取到是否有非法用户接入或者曾经有非法用户接入。The method and the terminal for detecting the security of the wireless network access in the embodiment of the present invention, when the network terminal detects the access of the wireless network client, the network terminal records the related information of the accessed wireless network client, and identifies the non-secure client; Transmitting the related information of the wireless network client to the management client; when receiving the client security information confirmed by the management client, updating the accessed wireless network client as a secure client, thereby passing The home gateway (or router) + APP system with wifi can complete the attack identification or network identification, and can grasp the attack and illegal access on the WLAN side at any time, and minimize the security risk. For the administrator of the device or the user who is normally authorized, as long as the WALN wireless network is connected, it can immediately obtain whether there is an illegal user access or an illegal user access.
此外,本发明的实时安全检测系统,除了应用于家庭网络终端设备或者家庭路由器中,还可以应用在其它带WALN的任何设备上,也可以应用在其它入侵检测的设备中,在此不作限定。In addition, the real-time security detection system of the present invention can be applied to other devices with WALN, and can be applied to other devices with intrusion detection, and is not limited herein.
以上所述仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或流程变换,或直接或间接运用在其它相关的技术领域,均同理包括在本发明的专利保护范围内。The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or process changes made by the specification and the drawings of the present invention may be directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of the present invention.
工业实用性Industrial applicability
本发明技术方案可以随时掌握WLAN侧的攻击和非法接入,将安全风险降到最低。因此本发明具有很强的工业实用性。 The technical solution of the invention can grasp the attack and illegal access on the WLAN side at any time, and minimize the security risk. Therefore, the present invention has strong industrial applicability.

Claims (13)

  1. 一种检测无线网络接入安全的方法,包括:A method for detecting wireless network access security includes:
    网络终端在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息,判断安全客户端列表中是否存在所述无线网络客户端的相关信息,当所述安全客户端列表中不存在所述无线网络客户端的相关信息时,将所述无线网络客户端标识为非安全客户端;When detecting the access of the wireless network client, the network terminal records the related information of the wireless network client that is accessed, and determines whether the related information of the wireless network client exists in the security client list, when the security client When the related information of the wireless network client does not exist in the list, the wireless network client is identified as a non-secure client;
    将所述无线网络客户端的相关信息发送到管理客户端;Sending related information of the wireless network client to the management client;
    当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新为安全客户端。When the client security information confirmed by the management client is received, the accessed wireless network client is updated to a secure client.
  2. 根据权利要求1所述的检测无线网络接入安全的方法,其中,The method of detecting wireless network access security according to claim 1, wherein
    所述将所述无线网络客户端标识为非安全客户端的步骤之后,该方法还包括:将接入的所述无线网络客户端更新到本地维护的危险客户端列表;After the step of identifying the wireless network client as a non-secure client, the method further includes: updating the accessed wireless network client to a locally maintained dangerous client list;
    所述当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新为安全客户端的步骤包括:当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新到本地维护的安全客户端列表,并从所述危险客户端列表移除确认安全的所述无线网络客户端。The step of updating the accessed wireless network client as a secure client when receiving the client security information confirmed by the management client includes: receiving client security confirmed by the management client When the information is received, the accessed wireless network client is updated to a locally maintained security client list, and the wireless network client confirming security is removed from the dangerous client list.
  3. 根据权利要求1所述的检测无线网络接入安全的方法,其中,所述将无线网络客户端的相关信息发送到管理客户端的步骤包括:The method for detecting wireless network access security according to claim 1, wherein the step of transmitting the related information of the wireless network client to the management client comprises:
    在检测到所述管理客户端的MAC地址接入到所述网络终端时,发起与所述管理客户端之间的socket连接;When detecting that the management client's MAC address is accessed to the network terminal, initiate a socket connection with the management client;
    在socket连接建立成功后,将所述无线网络客户端的相关信息封装为告警信息发送至所述管理客户端,其中,所述管理客户端安装有用于确认客户端是否安全的APP。After the socket connection is successfully established, the related information of the wireless network client is encapsulated into alarm information and sent to the management client, where the management client is installed with an APP for confirming whether the client is secure.
  4. 根据权利要求3所述的检测无线网络接入安全的方法,其中,所述告警信息为表字段格式;所述告警信息包括:所述无线网络客户端的MAC地址、接入时间和/或接入时长。 The method for detecting wireless network access security according to claim 3, wherein the alarm information is in a table field format; the alarm information includes: a MAC address, an access time, and/or an access of the wireless network client. duration.
  5. 根据权利要求3所述的检测无线网络接入安全的方法,该方法还包括:The method for detecting wireless network access security according to claim 3, the method further comprising:
    在预定时间内,若未接收到所述管理客户端确认的客户端安全信息,则待管理客户端重新接入时再次推送所述告警信息。If the client security information confirmed by the management client is not received within the predetermined time, the alarm information is pushed again when the to-be-managed client re-accesses.
  6. 根据权利要求1-5中任一项所述的检测无线网络接入安全的方法,其中,所述网络终端在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息的步骤之前,该方法还包括:The method for detecting wireless network access security according to any one of claims 1 to 5, wherein the network terminal records the accessed wireless network client when it detects that there is wireless network client access Before the steps of related information, the method further includes:
    所述网络终端进行初始化配置,在所述网络终端上配置相关信息,配置的所述相关信息包括:WAN连接的相关信息及无线网络SSID、密码配置信息,是否开启安全防护开关,以及管理客户端接入的MAC地址信息。The network terminal performs initial configuration, and the related information is configured on the network terminal, and the related information includes: information about the WAN connection, the SSID of the wireless network, the password configuration information, whether the security protection switch is enabled, and the management client. MAC address information of the access.
  7. 一种检测无线网络接入安全的终端,包括检测模块、告警模块和更新模块,其中:A terminal for detecting wireless network access security includes a detection module, an alarm module, and an update module, wherein:
    所述检测模块设置成:在监测到有无线网络客户端接入时,记录接入的所述无线网络客户端的相关信息,判断安全客户端列表中是否存在所述无线网络客户端的相关信息,当所述安全客户端列表中不存在所述无线网络客户端的相关信息时,将所述无线网络客户端标识为非安全客户端;The detecting module is configured to: when detecting the access of the wireless network client, record related information of the accessed wireless network client, and determine whether the information about the wireless network client exists in the security client list, when When the related information of the wireless network client does not exist in the security client list, the wireless network client is identified as a non-secure client;
    所述告警模块设置成:将所述无线网络客户端的相关信息发送到管理客户端;The alarm module is configured to: send related information of the wireless network client to a management client;
    所述更新模块设置成:当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新为安全客户端。The update module is configured to: when the client security information confirmed by the management client is received, update the accessed wireless network client as a secure client.
  8. 根据权利要求7所述的终端,其中,The terminal according to claim 7, wherein
    所述检测模块还设置成:将确认为非安全客户端的无线网络客户端更新到本地维护的危险客户端列表;The detecting module is further configured to: update the wireless network client that is confirmed to be a non-secure client to a list of dangerous clients that are locally maintained;
    所述更新模块还设置成:当接收到所述管理客户端确认的客户端安全信息时,将已接入的所述无线网络客户端更新到本地维护的安全客户端列表,并从所述危险客户端列表移除确认安全的所述无线网络客户端。 The update module is further configured to: when receiving the client security information confirmed by the management client, update the accessed wireless network client to a locally maintained security client list, and from the danger The client list removes the wireless network client that confirms security.
  9. 根据权利要求7所述的终端,其中,The terminal according to claim 7, wherein
    所述告警模块还设置成:在检测到所述管理客户端的MAC地址接入到所述网络终端时,发起与所述管理客户端之间的socket连接;在socket连接建立成功后,将所述无线网络客户端的相关信息封装为告警信息发送至所述管理客户端,所述管理客户端安装有用于确认客户端是否安全APP。The alarm module is further configured to: initiate a socket connection with the management client when detecting that the management client's MAC address is accessed to the network terminal; after the socket connection is successfully established, the The related information of the wireless network client is encapsulated as alarm information sent to the management client, and the management client is installed with a function for confirming whether the client is secure.
  10. 根据权利要求9所述的终端,其中,The terminal according to claim 9, wherein
    所述告警模块还设置成:在预定时间内,若未接收到所述管理客户端确认的客户端安全信息,则待管理客户端重新接入时再次推送所述告警信息。The alarm module is further configured to: if the client security information confirmed by the management client is not received within a predetermined time, the alarm information is pushed again when the client to be managed re-accesses.
  11. 根据权利要求7-10中任一项所述的终端,该终端还包括配置模块,其中:The terminal according to any one of claims 7 to 10, further comprising a configuration module, wherein:
    所述配置模块设置成:对所述终端进行初始化配置,在所述网络终端上配置相关信息,配置的所述相关信息包括:WAN连接的相关信息及无线网络SSID、密码配置信息,是否开启安全防护开关,以及管理客户端接入的MAC地址信息。The configuration module is configured to: perform initialization configuration on the terminal, and configure related information on the network terminal, where the related information includes: related information of the WAN connection, wireless network SSID, password configuration information, and whether the security is enabled. Protection switch, and management MAC address information for client access.
  12. 一种计算机程序,包括程序指令,当该程序指令被终端执行时,使得该终端可执行如权利要求1-6中任一项所述的检测无线网络接入安全的方法。A computer program comprising program instructions that, when executed by a terminal, cause the terminal to perform the method of detecting wireless network access security as claimed in any one of claims 1-6.
  13. 一种载有如权利要求12所述的计算机程序的载体。 A carrier carrying a computer program as claimed in claim 12.
PCT/CN2015/082094 2014-10-20 2015-06-23 Wireless network access security detection method and terminal WO2016062113A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410557505.8A CN105516074A (en) 2014-10-20 2014-10-20 Method and terminal for detecting wireless network access security
CN201410557505.8 2014-10-20

Publications (1)

Publication Number Publication Date
WO2016062113A1 true WO2016062113A1 (en) 2016-04-28

Family

ID=55723715

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/082094 WO2016062113A1 (en) 2014-10-20 2015-06-23 Wireless network access security detection method and terminal

Country Status (2)

Country Link
CN (1) CN105516074A (en)
WO (1) WO2016062113A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112039894A (en) * 2020-08-31 2020-12-04 北京天融信网络安全技术有限公司 Network access control method, device, storage medium and electronic equipment
CN113285929A (en) * 2021-05-10 2021-08-20 新华三技术有限公司 Terminal validity detection method and device

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106102066A (en) * 2016-08-23 2016-11-09 上海斐讯数据通信技术有限公司 A kind of wireless network secure certification devices and methods therefor, a kind of router
CN106656547B (en) * 2016-08-30 2019-12-31 海尔优家智能科技(北京)有限公司 Method and device for updating network configuration of household electrical appliance
CN107148022B (en) * 2017-06-30 2019-01-15 腾讯科技(深圳)有限公司 A kind of anti-loiter network based reminding method and relevant device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101192916A (en) * 2006-11-23 2008-06-04 华为技术有限公司 Wireless access method and wireless access device
CN101286948A (en) * 2008-05-30 2008-10-15 杭州华三通信技术有限公司 Access authority control method and wireless access equipment
CN103856941A (en) * 2012-12-05 2014-06-11 腾讯科技(深圳)有限公司 Wireless network monitoring method and related device
CN103944907A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data updating method and system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102448065A (en) * 2010-10-13 2012-05-09 中兴通讯股份有限公司 Method and device for automatically configuring wireless access control list
CN102149092A (en) * 2011-01-28 2011-08-10 中国联合网络通信集团有限公司 Method and device for processing user illegal access
US20130166910A1 (en) * 2011-12-22 2013-06-27 Broadcom Corporation Revocable Security System and Method for Wireless Access Points
US9031541B2 (en) * 2012-04-09 2015-05-12 Cellco Partnership Method for transmitting information stored in a tamper-resistant module
CN103442097B (en) * 2013-08-30 2016-12-28 烽火通信科技股份有限公司 A kind of home gateway controls the system and method for WiFi terminal access authority

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101192916A (en) * 2006-11-23 2008-06-04 华为技术有限公司 Wireless access method and wireless access device
CN101286948A (en) * 2008-05-30 2008-10-15 杭州华三通信技术有限公司 Access authority control method and wireless access equipment
CN103856941A (en) * 2012-12-05 2014-06-11 腾讯科技(深圳)有限公司 Wireless network monitoring method and related device
CN103944907A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data updating method and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112039894A (en) * 2020-08-31 2020-12-04 北京天融信网络安全技术有限公司 Network access control method, device, storage medium and electronic equipment
CN113285929A (en) * 2021-05-10 2021-08-20 新华三技术有限公司 Terminal validity detection method and device
CN113285929B (en) * 2021-05-10 2023-03-24 新华三技术有限公司 Terminal validity detection method and device

Also Published As

Publication number Publication date
CN105516074A (en) 2016-04-20

Similar Documents

Publication Publication Date Title
US11102233B2 (en) Detection of vulnerable devices in wireless networks
US10542020B2 (en) Home network intrusion detection and prevention system and method
WO2016062113A1 (en) Wireless network access security detection method and terminal
US9736152B2 (en) Device blocking tool
US20160050227A1 (en) Out of band end user notification systems and methods for security events related to non-browser mobile applications
US10798061B2 (en) Automated learning of externally defined network assets by a network security device
US9553891B1 (en) Device blocking tool
JP2016537894A (en) Security gateway for local / home networks
WO2013086968A1 (en) Method, device and system for network security protection
EP3466136B1 (en) Method and system for improving network security
JP2020017809A (en) Communication apparatus and communication system
US10382444B2 (en) Device blocking tool
CN103561405A (en) Method and device for countering Rogue AP
KR20160006915A (en) The Management Method and Apparatus for the Internet of Things
WO2018141172A1 (en) Method for controlling web browsing on terminal and for web browsing on terminal, router device, and terminal
US11876827B2 (en) Multiple sourced classification
JPWO2012014509A1 (en) Unauthorized access blocking control method
US11336621B2 (en) WiFiwall
CN104113453A (en) Method and system for monitoring and alarming abnormal parallel accessing of local area network
CN107835188B (en) SDN-based device security access method and system
US9628480B2 (en) Device blocking tool
JP4418211B2 (en) Network security maintenance method, connection permission server, and connection permission server program
US20170339153A1 (en) Device blocking tool
US10609064B2 (en) Network device access control and information security
US10158661B2 (en) Device blocking tool

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15853390

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15853390

Country of ref document: EP

Kind code of ref document: A1