CN101459652A - Anti-virus method and system for LAN - Google Patents
Anti-virus method and system for LAN Download PDFInfo
- Publication number
- CN101459652A CN101459652A CNA2007101721411A CN200710172141A CN101459652A CN 101459652 A CN101459652 A CN 101459652A CN A2007101721411 A CNA2007101721411 A CN A2007101721411A CN 200710172141 A CN200710172141 A CN 200710172141A CN 101459652 A CN101459652 A CN 101459652A
- Authority
- CN
- China
- Prior art keywords
- local area
- lan
- area network
- network
- described local
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method for preventing virus of a local area network, which comprises: collecting basic network information of the local area network, collecting network tool information which is applied in the local area network, generating an access control list on the basis of basic network information and the network tool information according to predetermined rules, controlling the visit and data transmission of network tools of the local area network to each node in the local area network by the access control list, sending the access control list to each node in the local area network and each owner of the network tools, and controlling the data transmission in the local area network on the basis of the access control list. The method strictly monitors links which suffer from virus or external illegal intrusions and attacks easily in the local area network in an active mode to improve the ability of preventing the virus of the local area network effectively.
Description
Technical field
The present invention relates to the virus proof tech of computer network, more particularly, relate to a kind of method and system of the anti-virus in local area network (LAN).
Background technology
The local area network (LAN) of enterprise is the important equipment that enterprise produces running, because for semiconductor factory (FAB), the network in the FAB is controlled the key that semiconductor device is produced especially.All computer networks all are very fragile for external attack, the particularly attack of virus, and, in case the network of FAB is under attack, will bring inestimable loss to FAB.
So in semi-conductive manufacturing, each tame enterprise has all carried out tight protection to the FAB network of oneself.The technology that is widely used at present is anti-viral software, intruding detection system (IDS) or fire compartment wall (Firewall).
Wherein, anti-viral software is to use virus bounce-back (break-through) technology, according to the virus base that this software carries, checks whether the data by network port transmission carry defined virus in virus base.This is a kind of strategy of Passive Defence, the virus base that need constantly upgrade anti-viral software does not stop the new virus that occurs with reply, and this has increased the cost of corporate operation virtually, simultaneously, the speed that new virus produces is very surprising, and the renewal of virus base can be omitted other virus unavoidably.At this moment, because other preventive means is not provided in the FAB network again, in case anti-viral software is broken, virus will diffusion promptly in network.
Intruding detection system (IDS) and fire compartment wall (Firewall) will stop all, and they think the unnecessary visit for the FAB network.Basically, the filtration of IDS and Firewall is not targetedly, and they can all be refused most visits that have nothing to do with operating system.So IDS and Firewall have also stopped a lot of harmless visits simultaneously, comprise quite a lot of data communication relevant with business event, this with regard to the normal operation band of enterprise a lot of troubles.Simultaneously, because IDS and Firewall itself are based on the software of operating system, interface between they and the operating system and some in the operating system keep the attack inlet (loophole) that interfaces will become illegal invasion.
Owing to anti-viral software, IDS and the existing above-mentioned inherent shortcoming of Firewall, the method that present enterprise often adopts is to adopt better anti-viral software, better IDS and better Firewall, and these all can greatly increase the cost of enterprise.And above-mentioned means all are the means of Passive Defence, in case be broken, network does not have the ability of further protection and control.So, just need be a kind of more effective, and the method that can when virus occurring, control effectively.
Summary of the invention
The present invention aims to provide a kind of virus proof tech of can be in local area network (LAN) initiatively implementing, and can be when virus occurring, virus is controlled on other node and can propagate widely.
According to an aspect of the present invention, provide a kind of anti-virus method of local area network (LAN), comprising: the basic network information of collecting local area network (LAN); Collection is applied to the network tool information of local area network (LAN); According to pre-defined rule, produce Access Control List (ACL) based on basic network information and network tool information, this Access Control List (ACL) control area net network tool is for the visit and the transfer of data of each node in the local area network (LAN); Access Control List (ACL) is sent to each node in the local area network (LAN) and the owner of each network tool; Based on Access Control List (ACL), the transfer of data in the control area net.
Wherein, the Back ground Information of this local area network (LAN) comprises: all peripheral device port in the employed port of each application program, the local area network (LAN) in each IP addresses of nodes, the local area network (LAN) in the local area network (LAN), all the Email ports in the local area network (LAN) and in the local area network (LAN) all are to external port, and this external interface connects the Internet.
The network tool information of this local area network (LAN) comprises: run on the host-host protocol of the e-mail system information in the local area network (LAN), the ancillary equipment that is connected in local area network (LAN), the use of the external interface in the local area network (LAN), this external interface connects the Internet.
The anti-virus method of this local area network (LAN) preferably is used for the network in the semiconductor fabrication factory FAB.
The present invention also provides a kind of Anti-Virus of local area network (LAN), comprising: network foundation information collection apparatus, the basic network information of collecting local area network (LAN); The network tool information gathering-device is collected the network tool information that is applied to local area network (LAN); The pre-defined rule generator is according to the content generation pre-defined rule of outside input or storage in advance; Access control apparatus according to pre-defined rule, produces Access Control List (ACL) based on basic network information and network tool information, and this Access Control List (ACL) control area net network tool is for the visit and the transfer of data of each node in the local area network (LAN); Access control apparatus sends to each node in the local area network (LAN) and the owner of each network tool with Access Control List (ACL); And based on Access Control List (ACL), the transfer of data in the control area net.
Wherein, the Back ground Information of the local area network (LAN) that this network foundation information collection apparatus is collected comprises: all peripheral device port in the employed port of each application program, the local area network (LAN) in each IP addresses of nodes, the local area network (LAN) in the local area network (LAN), all the Email ports in the local area network (LAN) and in the local area network (LAN) all are to external port, and this external interface connects the Internet.
The network tool information of the local area network (LAN) that this network tool information gathering-device is collected comprises: run on the host-host protocol of the e-mail system information in the local area network (LAN), the ancillary equipment that is connected in local area network (LAN), the use of the external interface in the local area network (LAN), this external interface connects the Internet.
The Anti-Virus of this local area network (LAN) is applicable to the network in the semiconductor fabrication factory FAB.
Anti-virus method of the present invention and technology can be controlled the transfer of data in the local area network (LAN) on one's own initiative, the propagation of pre-anti-virus, and can when virus occurring, virus be controlled in the limited scope, prevent the diffusion of virus.
Description of drawings
The above and other features of the present invention, character and advantage will become more obvious by the description below in conjunction with drawings and Examples, in the accompanying drawings, identical Reference numeral is represented identical feature all the time, wherein,
Fig. 1 has disclosed the flow chart according to the anti-virus method of the local area network (LAN) of one embodiment of the invention;
Fig. 2 has disclosed the structured flowchart according to the Anti-Virus of the local area network (LAN) of one embodiment of the invention.
Embodiment
At first with reference to figure 1, Fig. 1 is the flow chart of the anti-virus method 100 of local area network (LAN) of the present invention, and this method preferably is applicable to the network in the semiconductor fabrication factory FAB, and this method comprises following step:
102. collect the basic network information of local area network (LAN).This basic network information comprises: all peripheral device port in the employed port of each application program, the local area network (LAN) in each IP addresses of nodes, the local area network (LAN) in the local area network (LAN), all the Email ports in the local area network (LAN) and in the local area network (LAN) all are to external port, and this external interface connects the Internet.
104. collect the network tool information that is applied to local area network (LAN).The network tool information of this local area network (LAN) comprises: run on the host-host protocol of the e-mail system information in the local area network (LAN), the ancillary equipment that is connected in local area network (LAN), the use of the external interface in the local area network (LAN), this external interface connects the Internet.
106. according to pre-defined rule, produce Access Control List (ACL) based on basic network information and network tool information, this Access Control List (ACL) control area net network tool is for the visit and the transfer of data of each node in the local area network (LAN).
108. Access Control List (ACL) is sent to each node in the local area network (LAN) and the owner of each network tool.
110. based on Access Control List (ACL), the transfer of data in the control area net.
With reference to shown in Figure 2, the present invention has also disclosed a kind of Anti-Virus 200 of local area network (LAN), and this system 200 equally preferably is applicable to the network in the semiconductor fabrication factory FAB, and this system comprises following parts:
Network foundation information collection apparatus 202, the basic network information of collecting local area network (LAN).Similarly, the Back ground Information of the local area network (LAN) that this network foundation information collection apparatus 202 is collected comprises: all peripheral device port in the employed port of each application program, the local area network (LAN) in each IP addresses of nodes, the local area network (LAN) in the local area network (LAN), all the Email ports in the local area network (LAN) and in the local area network (LAN) all are to external port, and this external interface connects the Internet.
Network tool information gathering-device 204 is collected the network tool information that is applied to local area network (LAN).Equally, the network tool information of the local area network (LAN) that this network tool information gathering-device 204 is collected comprises: run on the host-host protocol of the e-mail system information in the local area network (LAN), the ancillary equipment that is connected in local area network (LAN), the use of the external interface in the local area network (LAN), this external interface connects the Internet.
Pre-defined rule generator 206 is according to the content generation pre-defined rule of outside input or storage in advance;
Access control apparatus 208 according to pre-defined rule, produces Access Control List (ACL) based on basic network information and network tool information, and this Access Control List (ACL) control area net network tool is for the visit and the transfer of data of each node in the local area network (LAN); Access control apparatus 208 sends to each node in the local area network (LAN) and the owner of each network tool with Access Control List (ACL); And based on Access Control List (ACL), the transfer of data in the control area net.
Based on above-mentioned anti-virus method 100 and Anti-Virus 200, the invention provides a kind of anti-virus method of initiative.At first, by the control of Access Control List (ACL) for visit, the transfer of data in the FAB network is subjected to strict monitoring, has only through the transfer of data that allows (promptly registering) in Access Control List (ACL) and just can carry out.Any transfer of data of not registering in Access Control List (ACL) all will be prevented from.And Access Control List (ACL) is an object that is created on FAB inside, does not link with external network, and its attribute also can be accomplished to maintain secrecy fully, and therefore, Access Control List (ACL) can accomplish not invaded by the external attack of virus, illegal invasion or the like.Because that Access Control List (ACL) can be thought substantially is fool proof, can not be by malicious modification, therefore, the transfer of data on the local area network (LAN) under the Access Control List (ACL) control will be very reliable.In case virus or illegal invasion occur, because it can't obtain the transfer of data through registration, they will be limited on other node, thereby, by using Access Control List (ACL), the diffusion of limiting virus or illegal invasion effectively.
E-mail system, peripheral device port, application program port and the communication port that links to each other with external network (such as the Internet) all are the main objects that virus and illegal invasion are attacked.So in the present invention, the object that above-mentioned these are attacked easily all is used as network tool and carries out strict management.The present invention can collect in the local area network (LAN) all peripheral device port in the employed port of each application program, the local area network (LAN) in each IP addresses of nodes, the local area network (LAN), all the Email ports in the local area network (LAN) and in the local area network (LAN) all to external port as basic network information.In the present invention, the basic network information that each network tool can be visited all is strictly controlled, the basic network information that each network tool can be visited all can be registered in Access Control List (ACL), has only the transfer of data approach through registration to be allowed in the present invention.
Such as:
For e-mail system, the node that only is authorized to can carry out the transmitting-receiving of Email, can register the port of e-mail system, its use and the IP address of interdependent node in Access Control List (ACL).
For the external interface of network, the Internet is the main source that virus and illegal invasion are attacked.Therefore, the node of only open strict protection of other process of the present invention and monitoring is as external interface, and these IP addresses of nodes and corresponding host-host protocol all can be registered in Access Control List (ACL).Of particular note, for smtp protocol and corresponding ports, http protocol and corresponding ports, the present invention directly closes.
For ancillary equipment, the port of ancillary equipment also will be controlled.In Access Control List (ACL), will register the information of ancillary equipment, the port of its use and relevant IP addresses of nodes.
For operating system of moving in local area network (LAN) and application program, the present invention will monitor its all of the port, and register in Access Control List (ACL), with the attack that prevents to carry out for these ports.
Generally speaking, the present invention carries out strict monitoring in mode on one's own initiative to suffering the link that virus or outside illegal invasion are attacked in the local area network (LAN) easily, with the anti-virus ability of effective raising local area network (LAN).
Anti-virus method of the present invention and technology can be controlled the transfer of data in the local area network (LAN) on one's own initiative, the approach that pre-anti-virus is propagated, and can when virus occurring, virus be controlled in the limited scope, prevent the diffusion of virus.
The foregoing description provides to being familiar with the person in the art and realizes or use of the present invention; those skilled in the art can be under the situation that does not break away from invention thought of the present invention; the foregoing description is made various modifications or variation; thereby protection scope of the present invention do not limit by the foregoing description, and should be the maximum magnitude that meets the inventive features that claims mention.
Claims (8)
1. the anti-virus method of a local area network (LAN) comprises:
Collect the basic network information of local area network (LAN);
Collection is applied to the network tool information of described local area network (LAN);
According to pre-defined rule, produce Access Control List (ACL) based on described basic network information and network tool information, this Access Control List (ACL) is controlled visit and the transfer of data of described local net network instrument for each node in the described local area network (LAN);
Described Access Control List (ACL) is sent to each node in the described local area network (LAN) and the owner of described each network tool;
Based on described Access Control List (ACL), control the transfer of data in the described local area network (LAN).
2. the anti-virus method of local area network (LAN) as claimed in claim 1 is characterized in that,
The Back ground Information of described local area network (LAN) comprises: all peripheral device port in the employed port of each application program, the described local area network (LAN) in each IP addresses of nodes, the described local area network (LAN) in the described local area network (LAN), all the Email ports in the described local area network (LAN) and in the described local area network (LAN) all are to external port, and this external interface connects the Internet.
3. the anti-virus method of local area network (LAN) as claimed in claim 1 is characterized in that,
The network tool information of described local area network (LAN) comprises: run on the host-host protocol of the e-mail system information in the described local area network (LAN), the ancillary equipment that is connected in described local area network (LAN), the use of the external interface in the described local area network (LAN), this external interface connects the Internet.
4. as the anti-virus method of each described local area network (LAN) in the claim 1 to 3, it is characterized in that,
Described local area network (LAN) is the network in the semiconductor fabrication factory FAB.
5. the Anti-Virus of a local area network (LAN) comprises:
The network foundation information collection apparatus, the basic network information of collecting local area network (LAN);
The network tool information gathering-device is collected the network tool information that is applied to described local area network (LAN);
The pre-defined rule generator is according to the content generation pre-defined rule of outside input or storage in advance;
Access control apparatus, according to described pre-defined rule, produce Access Control List (ACL) based on described basic network information and network tool information, this Access Control List (ACL) is controlled visit and the transfer of data of described local net network instrument for each node in the described local area network (LAN); Described access control apparatus sends to each node in the described local area network (LAN) and the owner of described each network tool with described Access Control List (ACL); And, control the transfer of data in the described local area network (LAN) based on described Access Control List (ACL).
6. the Anti-Virus of local area network (LAN) as claimed in claim 5 is characterized in that,
The Back ground Information of the local area network (LAN) that described network foundation information collection apparatus is collected comprises: all peripheral device port in the employed port of each application program, the described local area network (LAN) in each IP addresses of nodes, the described local area network (LAN) in the described local area network (LAN), all the Email ports in the described local area network (LAN) and in the described local area network (LAN) all are to external port, and this external interface connects the Internet.
7. the Anti-Virus of local area network (LAN) as claimed in claim 5 is characterized in that,
The network tool information of the local area network (LAN) that described network tool information gathering-device is collected comprises: run on the host-host protocol of the e-mail system information in the described local area network (LAN), the ancillary equipment that is connected in described local area network (LAN), the use of the external interface in the described local area network (LAN), this external interface connects the Internet.
8. as the Anti-Virus of each described local area network (LAN) in the claim 5 to 7, it is characterized in that,
Described local area network (LAN) is the network in the semiconductor fabrication factory FAB.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101721411A CN101459652B (en) | 2007-12-13 | 2007-12-13 | Anti-virus method and system for LAN |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101721411A CN101459652B (en) | 2007-12-13 | 2007-12-13 | Anti-virus method and system for LAN |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101459652A true CN101459652A (en) | 2009-06-17 |
| CN101459652B CN101459652B (en) | 2012-02-01 |
Family
ID=40770286
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101721411A Expired - Fee Related CN101459652B (en) | 2007-12-13 | 2007-12-13 | Anti-virus method and system for LAN |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101459652B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102413011A (en) * | 2011-11-18 | 2012-04-11 | 奇智软件(北京)有限公司 | Local area network (LAN) security evaluation method and system |
| CN104579769A (en) * | 2014-12-30 | 2015-04-29 | 北京奇虎科技有限公司 | Method, device and system of terminal management |
-
2007
- 2007-12-13 CN CN2007101721411A patent/CN101459652B/en not_active Expired - Fee Related
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102413011A (en) * | 2011-11-18 | 2012-04-11 | 奇智软件(北京)有限公司 | Local area network (LAN) security evaluation method and system |
| CN104579769A (en) * | 2014-12-30 | 2015-04-29 | 北京奇虎科技有限公司 | Method, device and system of terminal management |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101459652B (en) | 2012-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6080910B2 (en) | System and method for network level protection against malicious software | |
| US10212134B2 (en) | Centralized management and enforcement of online privacy policies | |
| JP6923265B2 (en) | Configurable Robustness Agent in Plant Security Systems | |
| JP6086968B2 (en) | System and method for local protection against malicious software | |
| Schnackengerg et al. | Cooperative intrusion traceback and response architecture (CITRA) | |
| EP1887754B1 (en) | A system that provides early detection, alert, and response to electronic threats | |
| US20120246727A1 (en) | System that provides early detection, alert, and response to electronic threats | |
| CN101009704A (en) | Computer system and method for processing advanced network content | |
| CN104380657A (en) | System and method for determining and using local reputations of users and hosts to protect information in a network environment | |
| WO2010144796A2 (en) | Integrated cyber network security system and method | |
| Tyagi | Cyber physical systems (cpss) â [euro]" opportunities and challenges for improving cyber security | |
| Alfaqih et al. | Internet of things security based on devices architecture | |
| Granjal et al. | An intrusion detection and prevention framework for internet-integrated CoAP WSN | |
| Anand et al. | Localized DoS attack detection architecture for reliable data transmission over wireless sensor network | |
| CN101459652B (en) | Anti-virus method and system for LAN | |
| Jain et al. | Threats paradigmin IoT ecosystem | |
| Zou et al. | A firewall network system for worm defense in enterprise networks | |
| Li et al. | Research on sensor-gateway-terminal security mechanism of smart home based on IOT | |
| Jain et al. | Mitigation of denial of service (DoS) attack | |
| Nazir et al. | Internet of Things Security: Issues, Challenges and Counter-Measures | |
| Sharma et al. | Firewalls: A Study and Its Classification. | |
| Hattori et al. | Function-level Access Control System for Home IoT Devices | |
| McLaughlin et al. | PRECYSE: cyber-attack detection and response for industrial control systems | |
| Mahmood et al. | Securing Industrial Internet of Things (Industrial IoT)-A Reviewof Challenges and Solutions | |
| Thant et al. | Development of firewall optimization model using by packet filter |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120201 Termination date: 20181213 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |