CN101252487B - Method for processing safety warning and safety policy equipment - Google Patents
Method for processing safety warning and safety policy equipment Download PDFInfo
- Publication number
- CN101252487B CN101252487B CN2008101038937A CN200810103893A CN101252487B CN 101252487 B CN101252487 B CN 101252487B CN 2008101038937 A CN2008101038937 A CN 2008101038937A CN 200810103893 A CN200810103893 A CN 200810103893A CN 101252487 B CN101252487 B CN 101252487B
- Authority
- CN
- China
- Prior art keywords
- security
- security strategy
- safe action
- alarm
- strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses a method for processing security alarm and a security policy equipment. In the technical proposal of the invention, the analysis of the security policy equipment to different formats of security alarm is realized through configurating analyzing information, and a prior consultation format and a security control module are adopted to realize the interaction, the compatibility problem that the security equipment is linked with a security alarm module to process the security alarm is solved, and the efficiency of processing the security alarm is improved. Simultaneously, the technical proposal of the invention can also dynamically adapt to newly increased alarm sources and support the log-in and the extension of the security operation, the network security solving proposal in real significance is provided and the generated security alarm can be processed with more intelligence, higher efficiency, quicker speed and more simplicity and convenience.
Description
Technical field
The present invention relates to network security technology, refer to a kind of method and security strategy equipment of handling security alarm especially.
Background technology
Along with the continuous development of network application and the increase day by day of information data amount, network security problem becomes increasingly conspicuous.At virus and attack of a great variety, that emerge in an endless stream, the enterprise customer also is concerned about more the safety of network and payes attention to, and requires also more harsh.
At present, the network security solution that generally adopts is the mode of safety linkage safety control module.Particularly, produce security alarm after the safety means generation security incident, security strategy equipment receives the security alarm that safety means send, and notifies corresponding safety control module to carry out safe action and handles current security alarm.For example, force users rolls off the production line, the user is added blacklist, equipment interface down fallen etc.
Though, the scheme of present this safety linkage safety control module can be good at handling the security alarm that safety means produce, solve the most of problem that exists in the current network safety, but big multi-vendor safety means and the safety control module that self uses of developing separately, security strategy equipment also only can be resolved the warning information that self manufacturer safety means send, and indicates self manufacturer's safety control module to carry out safe action.Like this, just cause the safety means and the safety control module that develop at present, safety means and safety control module that can't compatible other manufacturers' exploitations, limited the scope of application of safety linkage safety control module greatly, reduced the service efficiency of each safety means and safety control module, also reduced simultaneously the treatment effeciency of security alarm, can not carry out active and effective processing security alarm.
Summary of the invention
In view of this, the invention provides a kind of method and security strategy equipment of handling security alarm, use method provided by the present invention and security strategy equipment, can make the safety linkage safety control module handle the safety means and the safety control module of compatible each the manufacturer's exploitation of method of security alarm, improve the efficient of handling security alarm.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of method of handling security alarm, this method may further comprise the steps:
Security strategy equipment receives the security alarm that safety means send, and obtains to resolve the resolving information of this security alarm;
Resolve the security alarm of receiving according to resolving information and obtain its corresponding security alarm type;
Obtain handling the security strategy of the type according to the security alarm type that obtains;
According to the safe action of security strategy definition, adopt the corresponding safety control module of consulting in advance with safety control module of form indication to carry out the safe action that defines.
A kind of security strategy equipment, this equipment comprises processing unit, control unit and performance element;
Described processing unit is used to receive the security alarm that safety means send, and obtains to resolve the resolving information of this security alarm; And resolve the security alarm receive according to resolving information and obtain its corresponding security alarm type, send to described control unit;
Described control unit is used for obtaining handling according to the security alarm type received the security strategy of the type, and described security strategy is sent to described performance element;
Described performance element is used for the safe action according to the security strategy definition, adopts the corresponding safety control module of consulting in advance with safety control module of form indication to carry out the safe action that defines.
A kind of method and security strategy equipment of handling security alarm provided by the present invention.Technical scheme of the present invention realizes the parsing of security strategy equipment to the different-format security alarm by Command Line Parsing information, and adopt form and the safety control module consulted in advance to realize alternately, solve the compatibility issue of safety linkage safety control module processing security alarm, improved the efficient of handling security alarm.Simultaneously, technical scheme of the present invention can also dynamic adaptation newly-increased alarm source, and support the registration and the expansion of safe action to provide network security solution truly, more intelligence, efficient, fast, the security alarm that produces of convenient disposal.
Description of drawings
Fig. 1 is the exemplary process diagram of embodiment of the invention method;
Fig. 2 is the exemplary block diagram of embodiment of the invention security strategy equipment;
The concrete network environment that Fig. 3 uses for the embodiment of the invention;
Fig. 4 is the form of security alarm in the prior art;
Fig. 5 is the flow chart of embodiment of the invention method;
Fig. 6 carries out the implementation strategy of safe action for order in the embodiment of the invention;
Fig. 7 is an implementation strategy of selecting to carry out safe action in the embodiment of the invention;
Fig. 8 carries out the implementation strategy of safe action for having ready conditions in the embodiment of the invention;
Fig. 9 is the structure chart of security strategy equipment in the embodiment of the invention.
Embodiment
In order to realize goal of the invention of the present invention, as long as security strategy equipment can be resolved the security alarm from each manufacturer's safety means, and the form that adopts each safety control module to discern indicates it to carry out safe action, the safety linkage safety control module is handled the method for security alarm, safety means and the safety control module just can compatible each manufacturer developed.
Referring to Fig. 1, Fig. 1 is the exemplary process diagram of the inventive method.Specifically comprise: in step 101, security strategy equipment receives the security alarm that safety means send, and obtains to resolve the resolving information of this security alarm; In step 102, resolve the security alarm of receiving according to resolving information and obtain its corresponding security alarm type; In step 103, obtain handling the security strategy of the type according to the security alarm type that obtains; In step 104,, adopt the corresponding safety control module of consulting in advance with safety control module of form indication to carry out the safe action that defines according to the safe action of security strategy definition.
In addition, referring to Fig. 2, Fig. 2 is the exemplary process diagram of security strategy equipment of the present invention.This security strategy equipment comprises processing unit, control unit and performance element.Wherein, described processing unit is used to receive the security alarm that safety means send, and obtains to resolve the resolving information of this security alarm; And resolve the security alarm receive according to resolving information and obtain its corresponding security alarm type, send to described control unit; And resolve the security alarm receive according to resolving information and obtain its corresponding security alarm type, send to described control unit.Described control unit is used for obtaining handling according to the security alarm type received the security strategy of the type, and described security strategy is sent to described performance element.Described performance element is used for the safe action according to the security strategy definition, adopts the corresponding safety control module of consulting in advance with safety control module of form indication to carry out the safe action that defines.
Here, the safety means of security strategy equipment connection are represented: need this security strategy device processes self to send the safety means of security alarm.
For the purpose, technical scheme and the advantage that make the embodiment of the invention is clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, the embodiment of the invention is described in further detail.
Referring to Fig. 3, Fig. 3 is for using a concrete network system of present embodiment technical scheme.As shown in Figure 3, this network system is made of three parts, comprises safe perception part, Strategy Center's part and security response part.Wherein, safe perception partly comprises the safety means of a plurality of manufacturers exploitation.Safety means can detect abnormal flow and attack message, form daily record, produce security alarm, and security alarm are sent to the security strategy device processes of Strategy Center's part.Strategy Center's part mainly is made of security strategy equipment, receives security alarm, determines to handle the security strategy of this security alarm, carries out safe action according to the safety control module of security strategy indication security response part and handles security alarm.The security response part is made of the safety control module of different vendor's exploitation, can be software or hardware, for example Access Control List (ACL) management (ACL), Service Quality Management (QoS), endpoint admission defense (EAD) etc.These safety control modules are carried out different safe actions, are used for handling the security alarm of current generation.
Can resolve the security alarm of the different-format of each safety means transmission for making security strategy equipment, can resolve the resolving information of this security alarm according to the format configuration that each safety means sends security alarm, security strategy equipment just can obtain the resolving information that disposes into these safety means according to the form of the security alarm of receiving like this.Resolving information has defined the method that reads security alarm, i.e. the information of each field correspondence in the security alarm.For example, referring to Fig. 4, Fig. 4 is the security alarm form that safety means send.Wherein field atckType (1016) represents the security alarm kind, field atckTime_cn (1048) represents attack time, source IP address is attacked in field srcIPAddr (1017) expression, field srcMacAddr (1021) expression attack source MAC Address, purpose IP address is attacked in field srcIPAddr (1017) expression, and target MAC (Media Access Control) address is attacked in field srcMacAddr (1021) expression.According to these information architectures security alarm as shown in Table 1 that obtains.The resolving information of these safety means has defined exactly at field atckType (1016) and has read the security alarm kind, reads attack time at field atckTime_cn (1048), and the rest may be inferred, thereby realizes the parsing to security alarm.The concrete method that is provided with can be determined according to the form that concrete safety means security alarm is adopted.
Mutual between security strategy equipment and the safety control module then can adopt the form of consulting in advance with safety control module to carry out.
Below in conjunction with flow process shown in Figure 5 is example, introduces the method flow diagram of present embodiment.Flow process shown in Figure 5 comprises:
In step 501, security strategy equipment is received the security alarm that safety means send.
In step 502, determine the form that the current safety alarm is adopted, determine corresponding resolving information according to this form.
Security strategy equipment can be resolved the resolving information of this form in advance at each format record, just can determine corresponding resolving information according to the form of this security alarm when receiving message.Determine the method for security alarm, a variety of selections can be arranged, for example determine form, perhaps according to form etc. is determined in the identification of data structure according to the agreement that is adopted according to the applicable cases of reality.
In addition, in the technical scheme of present embodiment, each safety means Command Line Parsing information that can also be connected for security strategy equipment.After receiving security alarm, determine to send the safety means of this security alarm, and then obtain resolving information for this safety means configuration.Wherein, determine that according to the security alarm of receiving the method for the safety means of this security alarm of transmission can be: determine corresponding safety means according to the device-dependent message that carries in the security alarm.
In step 503, security strategy equipment is resolved security alarm, the security alarm type that obtains carrying in the security alarm according to the resolving information that obtains.
In security alarm as shown in Figure 4, the security alarm type that obtains carrying in the security alarm is address resolution protocol storm (ARP_Flooding).Here, except can resolving the security alarm type that obtains carrying in the security alarm, other information that can also obtain carrying in the security alarm according to resolving information, for example attack time, attack information such as source IP address.Security strategy equipment can write down to resolve and obtain information, is used to refer to safety control module and uses.When resolving security alarm shown in Figure 4, can obtain the record shown in following table one:
| Field name | Field value | Explanation |
| name | arp_flooding | Alarm type |
| time | 20070912153934 | Attack time |
| atck_srcIp | 192.168.99.254 | Attack source IP |
| atck_srcMac | 44-44-22-22-88-89 | Attack source MAC |
| atck_destIp | 192.168.96.21 | Attack purpose IP |
| atck_destMac | 00-15-e9-44-ba-c6 | Attack purpose MAC |
Table one
In step 504, determine to handle the security strategy of this security alarm according to the security alarm type.
Security strategy has defined self treatable security alarm type.Security strategy equipment can obtain to handle the security strategy of current safety alarm according to the security alarm type that self can handle that comprises in the security strategy.In the technical scheme of present embodiment, a security strategy can be handled one or more security alarm types, can effectively reduce the formulation number of security strategy, reduces the complexity of system.
In step 505, according to the defined safe action of security strategy, to adopt and the pre-form of consulting of safety control module, indication is carried out the safety control module of this safe action and is carried out safe action.
When security strategy equipment is carried out safe action at the indication safety control module, need carry and carry out the required parameter of safe action.For example, make the action need of user offline carry user name and user's IP address; With the operation that device port Down falls, need carry the positional information of port etc.These parameters all can be in step 503 obtain the parsing of security alarm, carry according to the actual needs of safe action, are not described in detail in this.
In the technical scheme of present embodiment, when security strategy had defined multiple safe action, security strategy provided the implementation strategy of three kinds of safe actions.The user can according to the safe action of security alarm to be processed, employing, select implementation strategy flexibly.Concrete implementation strategy can be referring to Fig. 6,7 and 8.
Referring to Fig. 6, Fig. 6 is for wherein carrying out the implementation strategy of safe action in proper order.When described security strategy has further defined when carrying out the implementation strategy of safe action in proper order, security strategy equipment is according to the order of definition, and the corresponding safety control module of indication is carried out safe action.So no matter whether certain action wherein runs succeeded, and safe action all can be carried out down in proper order.For example, when running into ARP_Flooding and attacking alarm, security strategy that should security alarm has been defined two kinds of safe actions, comprising: the equipment interface Down that will be attacked falls and sends Email to the related personnel.At this moment, when the implementation strategy of safe action was carried out in employing in proper order, order was carried out and equipment interface Down to be fallen and is sent the safe action of Email to the related personnel, and no matter the implementation status of safe action is success or failure.
Referring to Fig. 7, Fig. 7 is for selecting to carry out the implementation strategy of safe action.When security strategy had further defined the implementation strategy of selecting the execution safe action, security strategy equipment was according to the order of definition, and the corresponding safety control module of indication is carried out the safe action of correspondence successively, up to the safe action that a successful execution is arranged.Like this, be equivalent in all alternative safe actions, only carry out an action.For example, when running into ARP_Flooding equally and attack alarm, security strategy that should security alarm has been defined two kinds of safe actions equally, comprising: the equipment interface Down that will be attacked falls and sends Email to the related personnel.When adopting the implementation strategy of selecting the execution safe action, at first indicate the safe action of carrying out equipment interface Down is fallen, when equipment interface success Down falls, no longer carry out the safe action of sending out Email to the related personnel; When the not successful Down of equipment interface falls, carry out the safe action that sends Email to the related personnel.Can when successfully not removing security attack, notify the related personnel to carry out operations necessary in this way, ensure the fail safe of network.
Referring to Fig. 8, Fig. 8 has ready conditions to carry out the implementation strategy of safe action.When security strategy had further defined the implementation strategy of the execution safe action of having ready conditions, security strategy equipment was according to the order of definition, and the corresponding safety control module of indication is carried out the safe action of correspondence successively, up to the safe action that a successful execution is arranged; Behind this safe action of successful execution, the corresponding safety control module of indication is carried out the redirect action again.The core of this implementation strategy is, regardless of the implementation status of removing other safe actions the redirect action of security strategy definition, when carrying out also security strategy, must carry out this redirect and move.For example, running into equally when attacking alarm A, security strategy that should security alarm has been defined three kinds of safe actions equally, comprising: safe action A, safe action B and send Email to the related personnel, wherein sending Email to the related personnel is the redirect action.Have ready conditions when carrying out the implementation strategy of safe action in employing so, at first carry out safe action A,, carry out the redirect action of sending out Email to the related personnel if during safe action A success; If safe action B is then carried out in safe action A failure.Then, carry out safe action B, during safe action B success, carry out the redirect action that sends Email to the related personnel; During safe action B failure, carry out this redirect action equally.This shows that this mode can be guaranteed a kind of safe action execution.Herein send Email to the related personnel, just can inform related personnel's concrete condition, make the related personnel can understand the current network event, with convenient to Network Management.
Be not difficult to find out that by above-mentioned introduction the implementation strategy that present embodiment provides can make user's flexible definition satisfy the implementation strategy of oneself requirement to three kinds of implementation strategies of present embodiment, convenient, handle security alarm fast, efficiently.By three kinds of implementation strategies that present embodiment provides, the inventor believes that those skilled in the art can use technological means commonly used to obtain other modes of texturing.
In addition, according to the difference of safety control module function, some can realize a plurality of safe actions, and some only can realize a safe action.No matter a plurality of safe actions of security strategy definition are to be realized or realized by a plurality of safety control modules by a safety control module, can carry out each safe action by the security strategy device trigger, and after executing this safe action, receive the response message of reflection implementation status.Like this, when the implementation strategy of the employing selection execution safe action and the execution safe action of having ready conditions, just can determine whether to carry out the follow-up safe action of security strategy definition according to the response message that returns.
Simultaneously, before security strategy equipment indication safety control module is carried out safe action, can ask the network manager for instructions, receive that the network manager indicates under the situation of execution, trigger again and carry out this safe action.Adopt this mode that the network manager is participated in the process of handling security alarm, can effectively improve the controllability of processing procedure, make things convenient for the effective control of keeper network.When some safe action relates to the action recovery, can when satisfying felicity condition, network carry out the corresponding action that recovers.Certainly, also can remind the keeper to note, come the recovery of trigger action by the keeper.For example, certain user added blacklist after, if in certain time period, the user no longer starts to attack, and then carries out it and recovers action, and it is automatically terminated from blacklist.
The technical scheme of present embodiment not only can compatible each manufacturer safety means and safety control module, can also take into account the adaptive of new security alarm source simultaneously, and the dynamic expansion of safe action.
When new safety means attachment security strategy equipment, when promptly should new safety means that connect needing the security alarm of its transmission of security strategy device processes, the safety means of this new connection report the format information of inherently safe alarm to security strategy equipment; Security strategy equipment is the corresponding resolving information of this safety means configuration according to the format information that reports.Safety means comprise the information that comprises in the field in the structure of security alarm and the security alarm in the format information that security strategy equipment reports.Like this, security strategy equipment just can dispose corresponding resolving information according to the format information of receiving, and then carries out the parsing to security alarm.
Simultaneously, when new safety control module attachment security strategy equipment, the safe action that the safety control module of this new connection self can provide to the security strategy facility registration, the relevant information of this safe action of security strategy equipment records is for the configuration security strategy.The keeper just can be configured according to the safe action of registration when the configuration security strategy like this.When safety control module is registered, can adopt identical safe action registration standard.Safe action registration standard can be the file of an XML form in essence, and the relevant information of regulation safe action information such as tabulates, whether can recover as safe action title, description, execution parameter.After the new safe action registration, system can refresh current safe action tabulation of having registered by resolving this XML file, uses when disposing security strategy to make things convenient for the keeper.
In addition, referring to the security strategy equipment that Fig. 9, Fig. 9 provide for present embodiment, this equipment comprises processing unit, control unit and performance element as shown in Figure 2.
Specifically in the present embodiment, processing unit comprises receiving element and a plurality of resolution unit.Wherein, described receiving element is used to write down the form of the security alarm that each resolution unit resolves, and receives the security alarm that safety means send, according to the definite resolution unit of resolving this security alarm of described record, the security alarm of receiving is sent to determined resolution unit.Described resolution unit is used to receive the security alarm that described receiving element sends, and utilizes the resolving information that self disposes to resolve the security alarm of receiving, obtains its corresponding security alarm type, and sends to described control unit.
In addition, this equipment further comprises dispensing unit.Described dispensing unit is used to receive the format information of the security alarm that the safety means of new connection report; The resolution unit that in described processing unit, is provided with for these safety means, and be this resolution unit Command Line Parsing information according to the format information that reports; Resolution unit from this new configuration to described receiving element that register with and the form of the security alarm of resolving.Registered the resolution unit of new configuration at described receiving element after, the follow-up security alarm of receiving from this newly-increased resolution unit just can be sent into this resolution unit by receiving element and handle.
Wherein, described control unit is used for when obtaining handling the security strategy of this current security alarm corresponding types, according to the security alarm type of self handling of each security strategy definition, obtains to handle the security strategy of current safety alarm.
Wherein, described performance element, be used for when indication safety control module execution security strategy defines safe action, when described security strategy has further defined when carrying out the implementation strategy of safe action in proper order, security strategy equipment is according to the order of definition, and the corresponding safety control module of indication is carried out safe action; Perhaps, when security strategy had further defined the implementation strategy of selecting the execution safe action, security strategy equipment was according to the order of definition, and the corresponding safety control module of indication is carried out the safe action of correspondence successively, up to the safe action that a successful execution is arranged; Perhaps, when security strategy has further defined the implementation strategy of the execution safe action of having ready conditions, security strategy equipment is according to the order of definition, and the corresponding safety control module of indication is carried out corresponding safe action successively, up to the safe action that a successful execution is arranged; Behind this safe action of successful execution, the corresponding safety control module of indication is carried out the redirect action again.
In addition, this equipment further comprises registering unit and man-machine interface unit.Described registering unit is used to receive the safe action registration message of the safety control module of this new connection, writes down the relevant information of this safe action.Described man-machine interface unit is used for according to the information configuration security strategy of indication from described registering unit reading and recording, and the security strategy of configuration is set in the described control unit.Man-machine interface unit further indication dispensing unit Command Line Parsing parameter and the operation that resolution unit is set.
By above-mentioned introduction to the embodiment of the invention, as can be known in the technical scheme of the embodiment of the invention, by the security alarm of security strategy device parses from manufacturer's safety means, and adopt the form of consulting in advance to indicate the safety control module of each manufacturer to carry out corresponding safe action, make the safety linkage safety control module handle safety means and safety control module that the method for security alarm can compatible each manufacturer.
Moreover, technical scheme of the present invention can also be when increasing safety means, the alarm source that dynamic adaptation increases newly; Simultaneously, there being new safety control module to add, can support the registration and the expansion of safe action.And then, not only can realize compatibility of apparatus, network security management scheme truly also is provided, can be more intelligence, efficient, fast, the security alarm that produces of convenient disposal.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being made, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. a method of handling security alarm is characterized in that, this method may further comprise the steps:
Security strategy equipment receives the security alarm that safety means send, and obtains to resolve the resolving information of this security alarm;
Resolve the security alarm of receiving according to resolving information and obtain its corresponding security alarm type;
Obtain handling the security strategy of the type according to the security alarm type that obtains;
According to the safe action of security strategy definition, adopt the corresponding safety control module of consulting in advance with safety control module of form indication to carry out the safe action that defines.
2. method according to claim 1 is characterized in that,
This method further comprises: the resolving information that sends the format configuration parsing security alarm of security alarm according to each safety means;
The resolving information that this security alarm is resolved in described acquisition comprises: obtain the resolving information that disposes for these safety means according to the form of the security alarm of receiving.
3. method according to claim 1 is characterized in that, described security strategy comprises the security alarm type of its processing at least;
The described security strategy that obtains handling the type according to the security alarm type that obtains comprises: according to the type of the processing security alarm that comprises in the security strategy, obtain to handle the security strategy of current safety alarm.
4. method according to claim 1 is characterized in that, described safe action according to the security strategy definition, and the corresponding safety control module of indication is carried out the safe action that defines and is comprised:
When described security strategy has further defined when carrying out the implementation strategy of safe action in proper order, security strategy equipment is according to the order of definition, and the corresponding safety control module of indication is carried out safe action;
Perhaps, when security strategy had further defined the implementation strategy of selecting the execution safe action, security strategy equipment was according to the order of definition, and the corresponding safety control module of indication is carried out the safe action of correspondence successively, up to the safe action that a successful execution is arranged;
Perhaps, when security strategy has further defined the implementation strategy of the execution safe action of having ready conditions, security strategy equipment is according to the order of definition, and the corresponding safety control module of indication is carried out corresponding safe action successively, up to the safe action that a successful execution is arranged; Behind this safe action of successful execution, the corresponding safety control module of indication is carried out the redirect action again.
5. according to the described method of arbitrary claim in the claim 1 to 4, it is characterized in that this method further comprises:
When new safety means attachment security strategy equipment, the format information of the security alarm that the safety means that described security strategy equipment receives this new connection report; Described security strategy equipment is the corresponding resolving information of this safety means configuration according to the format information that reports.
6. according to the described method of arbitrary claim in the claim 1 to 4, it is characterized in that this method further comprises:
When new safety control module attachment security strategy equipment, described security strategy equipment receives the safe action registration message of the safety control module of this new connection, and the relevant information that writes down this safe action is for the configuration security strategy.
7. a security strategy equipment is characterized in that, this equipment comprises processing unit, control unit and performance element;
Described processing unit is used to receive the security alarm that safety means send, and obtains to resolve the resolving information of this security alarm; And resolve the security alarm receive according to resolving information and obtain its corresponding security alarm type, send to described control unit;
Described control unit is used for obtaining handling according to the security alarm type received the security strategy of the type, and described security strategy is sent to described performance element;
Described performance element is used for the safe action according to the security strategy definition, adopts the corresponding safety control module of consulting in advance with safety control module of form indication to carry out the safe action that defines.
8. security strategy equipment according to claim 7 is characterized in that, described processing unit comprises receiving element and a plurality of resolution unit;
Described receiving element, be used to write down the form of the security alarm that each resolution unit resolves, receive the security alarm that safety means send,, the security alarm of receiving is sent to determined resolution unit according to the definite resolution unit of resolving this security alarm of described record;
Described resolution unit is used to receive the security alarm that described receiving element sends, and utilizes the resolving information that self disposes to resolve the security alarm of receiving, obtains its corresponding security alarm type, and sends to described control unit.
9. security strategy equipment according to claim 8 is characterized in that this equipment further comprises dispensing unit;
Described dispensing unit is used to receive the format information of the security alarm that the safety means of new connection report; The resolution unit that in described processing unit, is provided with for these safety means, and be this resolution unit Command Line Parsing information according to the format information that reports; Resolution unit from this new configuration to described receiving element that register with and the form of the security alarm of resolving.
10. security strategy equipment according to claim 7 is characterized in that,
Described control unit is used for when obtaining handling the security strategy of this current security alarm corresponding types, according to the security alarm type of self handling of each security strategy definition, obtains to handle the security strategy of current safety alarm.
11. security strategy equipment according to claim 7 is characterized in that,
Described performance element, be used for when indication safety control module execution security strategy defines safe action, when described security strategy has further defined when carrying out the implementation strategy of safe action in proper order, security strategy equipment is according to the order of definition, and the corresponding safety control module of indication is carried out safe action; Perhaps, when security strategy had further defined the implementation strategy of selecting the execution safe action, security strategy equipment was according to the order of definition, and the corresponding safety control module of indication is carried out the safe action of correspondence successively, up to the safe action that a successful execution is arranged; Perhaps, when security strategy has further defined the implementation strategy of the execution safe action of having ready conditions, security strategy equipment is according to the order of definition, the corresponding safety control module of indication is carried out corresponding safe action successively, up to the safe action that a successful execution is arranged, behind this safe action of successful execution, the corresponding safety control module of indication is carried out the redirect action again.
12., it is characterized in that this equipment further comprises registering unit and man-machine interface unit according to the described security strategy equipment of arbitrary claim in the claim 7 to 11;
Described registering unit is used to receive the safe action registration message of the safety control module of this new connection, writes down the relevant information of this safe action;
Described man-machine interface unit is used for according to the information configuration security strategy of indication from described registering unit reading and recording, and the security strategy of configuration is set in the described control unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101038937A CN101252487B (en) | 2008-04-11 | 2008-04-11 | Method for processing safety warning and safety policy equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101038937A CN101252487B (en) | 2008-04-11 | 2008-04-11 | Method for processing safety warning and safety policy equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101252487A CN101252487A (en) | 2008-08-27 |
| CN101252487B true CN101252487B (en) | 2010-12-22 |
Family
ID=39955684
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101038937A Expired - Fee Related CN101252487B (en) | 2008-04-11 | 2008-04-11 | Method for processing safety warning and safety policy equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101252487B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101626497B (en) * | 2009-08-10 | 2012-05-23 | 浙江宇视科技有限公司 | Alarm linkage method and alarm linkage device |
| CN103795735B (en) * | 2014-03-07 | 2017-11-07 | 深圳市迈科龙电子有限公司 | Safety means, server and server info safety implementation method |
| CN104901960A (en) * | 2015-05-26 | 2015-09-09 | 汉柏科技有限公司 | Device and method for network security management based on alarm strategy |
| CN108667776B (en) * | 2017-03-31 | 2022-02-22 | 中兴通讯股份有限公司 | Network service diagnosis method |
| CN109309687A (en) * | 2018-11-27 | 2019-02-05 | 杭州迪普科技股份有限公司 | Network security defence method, device and the network equipment |
| CN112241439B (en) * | 2020-10-12 | 2023-07-21 | 绿盟科技集团股份有限公司 | Attack organization discovery method, device, medium and equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1556613A (en) * | 2003-12-30 | 2004-12-22 | 上海交通大学 | Confidential active type strategy linkage method |
| CN1794718A (en) * | 2005-12-31 | 2006-06-28 | 西安交大捷普网络科技有限公司 | Linkage protocol of network safety equipment |
| CN1968159A (en) * | 2006-11-16 | 2007-05-23 | 杭州华为三康技术有限公司 | Network failure detection interlock method and network operator edge device |
-
2008
- 2008-04-11 CN CN2008101038937A patent/CN101252487B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1556613A (en) * | 2003-12-30 | 2004-12-22 | 上海交通大学 | Confidential active type strategy linkage method |
| CN1794718A (en) * | 2005-12-31 | 2006-06-28 | 西安交大捷普网络科技有限公司 | Linkage protocol of network safety equipment |
| CN1968159A (en) * | 2006-11-16 | 2007-05-23 | 杭州华为三康技术有限公司 | Network failure detection interlock method and network operator edge device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101252487A (en) | 2008-08-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101252487B (en) | Method for processing safety warning and safety policy equipment | |
| CN101453495B (en) | Method, system and equipment for preventing authentication address resolution protocol information loss | |
| US20070234425A1 (en) | Multistep integrated security management system and method using intrusion detection log collection engine and traffic statistic generation engine | |
| JP2006521598A (en) | Method and system for managing security policies | |
| CN102238023B (en) | Method and device for generating warning data of network management system | |
| CN101247217A (en) | Method, unit and system for preventing address resolution protocol flux attack | |
| CN102820993A (en) | Network resource monitoring system and network resource monitoring method | |
| CN101754221A (en) | Data transmission method between heterogeneous systems and data transmission system | |
| CN101409654B (en) | Method for processing SNMP information in network management system | |
| CN101009588B (en) | Method and system for configuring the distributed proxy server information | |
| KR101619736B1 (en) | Method, apparatus and system for manageing private network remotely using session initiation protocol | |
| CN110445697B (en) | Video big data cloud platform equipment access service method | |
| CN101388903A (en) | Mobile enterprise IT standardization management platform | |
| CN112702333B (en) | Data security detection method and device | |
| CN102065416B (en) | Method, device and system for formatting logs | |
| CN102984507A (en) | Network assisting management device and concurrent management device in video monitoring system | |
| CN101227287B (en) | Data message processing method and data message processing equipment | |
| CN113872795A (en) | Intelligent monitoring analysis and fault processing system and method for distributed server | |
| CN108540356B (en) | Processing method and processing apparatus | |
| CN100493065C (en) | Method for using immediate information software by data detection network address switching equipment | |
| CN115484047A (en) | Method, device, equipment and storage medium for identifying flooding attack in cloud platform | |
| CN113824594A (en) | Message sending method and equipment | |
| CN101677278A (en) | Method and system for monitoring availability of network information system | |
| CN101582880A (en) | Method and system for filtering messages based on audited object | |
| CN100505643C (en) | Network management system and its communication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20101222 Termination date: 20200411 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |