CN101714990A - Network security safeguarding integrated system and control method thereof - Google Patents
Network security safeguarding integrated system and control method thereof Download PDFInfo
- Publication number
- CN101714990A CN101714990A CN200910236815A CN200910236815A CN101714990A CN 101714990 A CN101714990 A CN 101714990A CN 200910236815 A CN200910236815 A CN 200910236815A CN 200910236815 A CN200910236815 A CN 200910236815A CN 101714990 A CN101714990 A CN 101714990A
- Authority
- CN
- China
- Prior art keywords
- network information
- information security
- security equipment
- network
- master controller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000004891 communication Methods 0.000 claims abstract description 10
- 230000002452 interceptive effect Effects 0.000 claims abstract description 6
- 238000001514 detection method Methods 0.000 claims description 16
- 230000006870 function Effects 0.000 claims description 14
- 230000009545 invasion Effects 0.000 claims description 4
- 230000004044 response Effects 0.000 claims description 4
- 230000009471 action Effects 0.000 claims description 3
- 230000002159 abnormal effect Effects 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 claims description 2
- 230000002093 peripheral effect Effects 0.000 claims description 2
- 230000003993 interaction Effects 0.000 abstract description 4
- 230000010354 integration Effects 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 13
- 230000007246 mechanism Effects 0.000 description 6
- 230000002155 anti-virotic effect Effects 0.000 description 5
- 230000000875 corresponding effect Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 241000700605 Viruses Species 0.000 description 3
- 238000001914 filtration Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Alarm Systems (AREA)
Abstract
The invention provides a network security safeguarding integrated system and a control method thereof. The system comprises a plurality of network information security equipments and a central controller, wherein each network information security equipment is provided with a function control interface, the function control interface can be used for an external controller to connect and call each security safeguarding function of the network information security equipment to which the interface belongs, the central controller performs interactive communication with each network information security equipment controls the working condition of each network information security equipment, and is provided with a linkage strategic information table enabling each network information security equipment to perform cooperation and interaction. The invention solves the problems of interface standard and interactive operation access between different network information security equipments, realizes cooperative work and linkage between the different network information security equipments and finally realizes seamless integration of each network information security equipment.
Description
Technical field
The present invention relates to the network safety prevention field, relate in particular to a kind of network security safeguarding integrated system and control method thereof.
Background technology
Along with the application in the network becomes increasingly complex, network security problem is unexpected must to be increased, and attack also presents the characteristics that make new advances day by day:
The one, the attack means variation, and attack often is multiple means and usefulness at every turn, mixed type is attacked the main flow that (Hybrid attack) becomes attack.Hybrid Attack is meant with in once attacking, comprises multiple attack patterns such as virus attack, assault, concealed channel, Denial of Service attack, password attack, routing attack, relay attack.
The 2nd, the renewal speed of attack means is very fast, and it is fast that the attack of new leak is produced speed, and safety devices need be taken precautions against various being called as " zero time " (zero-hour) or " zero day " new unknown attack (zero-day).So-called " zero time attack " is meant if after a leak is found, in 24 hours, immediately by malicious exploitation, appearance is to the attack method or the attack of this leak, come out and simultaneously corresponding defence instrument is also untapped, this leak is called as " zero-day vulnerability " so, and this attack is called as " attacking in 1st ".
The 3rd, security threat is not only from the outside, and the improper internet access of enterprises, abuse the Internet and the behavior etc. of divulging a secret can bring safety problem equally.The famous IDC of the market research agency of U.S. report, 70% security loss is caused by the enterprises reason, wherein the utilization of resources improperly and employee's internet behavior " arch-criminal " often.
In the face of the attack variation of the security threat under these new models and the characteristics that merge, traditional fire compartment wall, simple function safety products such as intruding detection system/IPS (IDS/IPS) and anti-virus have seemed powerless, therefore the integrated and integrated demand of safety protection technique is arisen at the historic moment, this is UTM (Unified Threat Management, be called for short UTM), IDC has carried out clearly definition to UTM: UTM is by hardware, the special equipment that software and networking technology is formed, the combination fire compartment wall, VPN, IDS/IPS, anti-virus, Anti-Spam, network address is filtered, information filtering, functions such as traffic monitoring, the management platform of a standard of formation.From technical standpoint, the interlock bridging technology between the network information security equipment helps security system effectively combination and lifting performance.For example, fire compartment wall and anti-virus interlock can provide gateway killing virus capable, have guaranteed the purity of built-in system and external network information flow; Fire compartment wall and Verification System interlock will authenticate with fire compartment wall peels off, and can adopt task equipment to finish authentication work, has improved the reliability and security of authentication, has also alleviated the burden of fire compartment wall; Fire compartment wall and invasion detecting system interlink make protection system by static state to dynamically, to solid, promoted the mobility and the real time reaction ability of fire compartment wall by the plane, also strengthened the block function of intruding detection system etc.
Because the various safety feature of UTM system requirements seamless integrated, and the technical specification of these functional parts, implementation method, system framework, information format, suitable communication protocol, security strategy are expressed and are all had nothing in common with each other.Therefore in order to realize the collaborative work between them, must have interface standard and bridging technology that unified standard solves network information security equipment room.
On the other hand, network security is whole, we can be by selecting outstanding product, outstanding solution of service construction, if it is but isolated mutually between each outstanding product, outstanding each links such as service, then the security strategy of each product, service link is isolated relatively, can't form whole security strategy; Certainly will form security breaches like this, give invador's opportunity.Network security is dynamic, if isolate between each link such as each outstanding product, service, then can't fully understand the general safety situation of network, also can't dynamically adjust security strategy according to network and applicable cases certainly.
The solution of current network security mechanism interoperability framework has three great development trend:
1, with the fire compartment wall is the interoperability framework at center.As the fire compartment wall at center provide and other safety products between standard interface protocol, the SDK that other safety product business mens provide according to the fire compartment wall business men develops their corresponding communication module, and by separately with the interface protocol of fire compartment wall, realize interlock and interoperability.
2, with the intruding detection system be the interoperability framework at center.Following with the fire compartment wall is that the interoperability frame principles at center is the same, is the center with IDS, other safety products by with the interface protocol of IDS, realize interoperability.
3, unified interoperability framework between all safety products.Based on general, disclosed, standard with extendible interface and agreement, realize that effective tissue of safety product also promotes performance.For example, fire compartment wall and anti-virus interlock can provide gateway killing virus capable; Fire compartment wall and Verification System interlock have improved the reliability and security of authentication, have also alleviated the burden of fire compartment wall; Fire compartment wall and invasion detecting system interlink have been realized dynamic, the three-dimensional protective capacities of protection system, have promoted the mobility and the real time reaction ability of fire compartment wall, have also strengthened the block function of intruding detection system etc.
Have many network security management platforms both at home and abroad, the TOPSEC platform of the OPSEC safety interaction platform of wherein external Check Point company and domestic company of Topsec is present comparatively famous implementation.
With OPSEC is example, illustrates that their treatment step is as follows:
The step 1 authentication
Before the product of submitting authentication to, confirm whether each the OPSEC interface that uses has satisfied the standard of authentication in integrated.
Give OPSEC engineer with the overall architecture of safety product, and state with OPSEC engineer how product designs, and how to cooperate with Check Point product.OPSEC engineer prepares corresponding experimental situation for this product and tests.
Obtain the detailed OPSEC identifying procedure document of a cover, explaining in the document has the document of how submitting this product and all product documentations to and how submitting to authentication to need.
If authentification failure must join again and wait in the Approval Queue and resubmit product; If authentication success upgrades all descriptions about this product and company's situation in OPSEC solution center website.
Behind the authentication success, can link and interoperability with other safety products by the OPSEC platform.
The shortcoming of above-mentioned solution:
1, this scheme can realize simple equipment linkage, but does not rise to the angle of safety management, has set up a kind of preliminary network security interaction interoperability mechanism.
2, lack compatibility widely.
API that other manufacturers must provide according to Check Point and OPSEC protocol suite develop can with the integrated safety means of OPSEC, realize Check Point fire compartment wall and third party's intrusion detection, the interlock between the products such as anti-virus and information filtering.But each production firm is design and a development data interface in understanding of oneself and applied environment, and therefore certain limitation is arranged, and lacks compatible.Need general, disclosed, standard, an extendible interface and agreement, make the work of associated safety product collaborative.
3, lack practicality and correct, accuracy.
Interlock between most of product all needs to realize by the configuration of more complicated, and can not guarantee the validity of coordination and response, really reaches blocking-up, needs to be responsible for for a long time configuration, even some product can't reach this effect, lacks practicality.For example,, block normal network traffics, lack correct and accuracy because the IDS wrong report causes the interlock of fire compartment wall mistake.
Summary of the invention
(1) technical problem that will solve
The objective of the invention is to overcome the deficiencies in the prior art, a kind of network security safeguarding integrated system and control method thereof are provided, thereby solve interface standard and interoperability access problem between the heterogeneous networks information safety devices, realize collaborative work and interlock between them, finally realize the seamless integrated of each network information security equipment.
(2) technical scheme
At above problem, the present invention propose a kind of network security safeguarding integrated system, this system is used for protected information network is carried out security protection, described system comprises:
Some network information security equipment, described network information security equipment is used for security protection is carried out in the various different classes of network information security threat of protected information network, each network information security equipment all is provided with a function control interface, and described function control interface can connect and call every function of safety protection of this interface belonging network information safety devices for peripheral control unit; With
Master controller; described master controller is connected by described function control interface with described each network information security equipment; carry out interactive communication with each network information security equipment and the operating state of each network information security equipment is controlled; described master controller is provided with and makes each network information security equipment interactive linkage strategy information table of cooperating; when protected information network and the external world carried out data communication, each network information security equipment was carried out linkage strategy in the above-mentioned linkage strategy information table by described master controller.
The invention allows for a kind of control method at above-mentioned network security safeguarding integrated system, this method comprises the steps:
The function of each network information security equipment is applied in web or the CLI interface that is issued as on the master controller based on Web services, and take between master controller and each network information security equipment to communicate, and adopt XML digital signature and diploma system to guarantee the fail safe of network information security communication between devices based on public invasion and the detection descriptive language of XML and CISL.
Wherein, the described method operating state of supervisory control system in the following way:
Make master controller regularly send the heartbeat request packet to each network information security equipment, wait for the heartbeat reply data bag that each network information security equipment returns then, if master controller has been received the heartbeat reply data bag from each network information security equipment in official hour, it is normal then can be considered each network information security equipment, otherwise be considered as the working state abnormal of network information security equipment, after master controller is noted daily record, to the user interface information that gives a warning.
Wherein, described method is carried out the system configuration renewal in the following way:
The user is in the configuration of changing by WEB interface or CLI interface on each network information security equipment, master controller sends the system configuration update inquiry information to each network information security equipment, after each network information security equipment is received the system configuration update inquiry information that master controller sends, if confirm that order is correct, then upgrade self configuration, and return the response message of config update to master controller according to the requirement of system configuration update inquiry information.
Wherein, described method is carried out the interlock control of system in the following way:
The mode of operation information of each network information security equipment is set in described linkage strategy information table, described mode of operation information is between each network information security equipment, and information transmission, logic determines and action executive mode between master controller and each network information security equipment are stipulated, when system was in running order, then the mode with described mode of operation information specifies turned round.
(3) beneficial effect
Adopt network security safeguarding integrated system of the present invention and control method thereof, interface standard and interoperability access problem between the heterogeneous networks information safety devices have been solved, realize collaborative work and interlock between them, finally realize the seamless integrated of each network information security equipment.
Description of drawings
Fig. 1 is the interoperability framework schematic diagram of network security mechanism of the present invention;
Fig. 2 is the interoperability schematic flow sheet of network security mechanism of the present invention;
Fig. 3 is a heartbeat agreement schematic diagram of the present invention;
Fig. 4 is a more New Deal schematic diagram of system configuration of the present invention;
Fig. 5 is that incident of the present invention is reported the agreement schematic diagram;
Fig. 6 is master controller configuration of the present invention and on-premise network information safety devices schematic diagram;
Fig. 7 is master controller control of the present invention and supervising the network information safety devices schematic diagram;
Fig. 8 is the interlock and the interoperability schematic diagram of network information security equipment room of the present invention.
Embodiment
A kind of network security safeguarding integrated system and control method thereof that the present invention proposes are described as follows in conjunction with the accompanying drawings and embodiments.Following execution mode only is used to illustrate the present invention; and be not limitation of the present invention; the those of ordinary skill in relevant technologies field; under the situation that does not break away from the spirit and scope of the present invention; can also make various variations and modification; therefore all technical schemes that are equal to also belong to category of the present invention, and scope of patent protection of the present invention should be limited by each claim.
The interoperability framework of network security mechanism comprises network information security equipment, interface and master controller as shown in Figure 1, being described below of each unit:
Network information security equipment: being meant needs the network of relation of interoperability and interlock information safety devices, as switch, router, fire compartment wall, intruding detection system, PAA, Anti-Spam Network Management Equipment, content filtering equipment and traffic monitoring equipment etc.
Interface: be meant the communication interface that each network information security equipment provides for other network information security device accesses.
Master controller: be meant the linkage strategy controller, comprise access control and linkage strategy etc.
Each network information security equipment is issued into Web Service interface with application separately, for other component call, thereby reaches cooperation interaction between each assembly; Corresponding linkage strategy is dynamically formulated and safeguarded to master controller.
Following the interlock interoperability of intrusion detection with fire compartment wall below is example, and the standard interoperability flow process of network security mechanism is described, as shown in Figure 2:
0 represents initial work such as master controller configuration network information safety devices and deployment strategy, below specifies the intruding detection system monitoring flow, and to flow to the testing process that reaches as follows when proper network:
The 1A network flow arrives fire compartment wall;
The 1B fire compartment wall is forwarded to intruding detection system according to strategy with this network flow;
Intruding detection system is not measured unusually, the notice fire compartment wall;
1 ' fire compartment wall allows No. 1 network flow to pass through.
The testing process that unusual network flow arrives is as follows:
The 2A network flow arrives fire compartment wall;
The 2B fire compartment wall is forwarded to intruding detection system according to strategy with this network flow;
Intruding detection system is measured unusually;
3 intruding detection systems send to master controller with relevant information;
4 master controllers notice fire compartment wall is carried out and is stopped action;
5 fire compartment wall execution results return to master controller;
6 master controllers notice intruding detection system stops successfully;
2 ' fire compartment wall stops No. 2 streams to be passed through.
As shown in Figure 3, heartbeat agreement schematic diagram for system of the present invention, safeguard a passage of communicating by letter between master controller and each network information security equipment, master controller regularly sends the heartbeat request packet to each network information security equipment, waits for the heartbeat reply data bag that each network information security equipment returns then.If master controller has been received the heartbeat reply data bag from each network information security equipment in official hour, just then master controller thinks that each network information security equipment is normal; If do not receive the heartbeat reply data bag from each network information security equipment in official hour, just then master controller thinks that each network information security equipment is undesired, log is to the user interface warning.
As shown in Figure 4, be system configuration of the present invention New Deal schematic diagram more.The user is in the configuration of changing by WEB interface or CLI interface on each network information security equipment, and master controller needs " notice " each network information security device responds user's order, changes its configuration." notice " herein is exactly the system configuration update inquiry information.After each network information security equipment is received the system configuration update inquiry information of master controller, confirm that order is correct, upgrade configuration as requested, and return " result " of config update to master controller." result " herein is exactly that system configuration is upgraded response message.This message is divided three classes again: success, failure, alarm.
As shown in Figure 5, report the agreement schematic diagram for incident of the present invention.Each network information security equipment may be reported some information to master controller, reports such as unusual stream warning, and operating state incident report etc., master controller is made corresponding action according to these warning messages.
As shown in Figure 6, be master controller configuration of the present invention and deployment secure block diagram; Master controller disposes each network information security equipment, by based on the interface (ws-if) of web service and foregoing system configuration New Deal more, can realize configuration and deployment to the heterogeneous networks information safety devices.
As shown in Figure 7, be master controller control of the present invention and Administrative Security block diagram, master controller can be by interface (ws-if) and foregoing heartbeat agreement and the incident report agreement based on web service, realization is to the control and the management of each network information security equipment, for example load balancing etc.
As shown in Figure 8, be interlock between safety component of the present invention and interoperability schematic diagram, each network information security equipment can be reported agreement by separately interface based on web service (ws-if) and foregoing incident, realize interlock and interoperability between them, in addition, also can utilize the authentication of master controller to network information security equipment.
Claims (5)
1. network security safeguarding integrated system, described network security safeguarding integrated system is used for protected information network is carried out security protection, it is characterized in that, and described system comprises:
Some network information security equipment, described network information security equipment is used for security protection is carried out in the various different classes of network information security threat of protected information network, each network information security equipment all is provided with a function control interface, and described function control interface can connect and call every function of safety protection of this interface belonging network information safety devices for peripheral control unit; With
Master controller; described master controller is connected by described function control interface with described each network information security equipment; carry out interactive communication with each network information security equipment and the operating state of each network information security equipment is controlled; described master controller is provided with and makes each network information security equipment interactive linkage strategy information table of cooperating; when protected information network and the external world carried out data communication, each network information security equipment was carried out linkage strategy in the above-mentioned linkage strategy information table by described master controller.
2. the control method of the described network security safeguarding integrated system of claim 1 is characterized in that, described method comprises the steps:
The function of each network information security equipment is applied in web or the CLI interface that is issued as on the master controller based on Web services, and take between master controller and each network information security equipment to communicate, and adopt XML digital signature and diploma system to guarantee the fail safe of network information security communication between devices based on public invasion and the detection descriptive language of XML and CISL.
3. control method as claimed in claim 2 is characterized in that, described method is the operating state of supervisory control system in the following way:
Make master controller regularly send the heartbeat request packet to each network information security equipment, wait for the heartbeat reply data bag that each network information security equipment returns then, if master controller has been received the heartbeat reply data bag from each network information security equipment in official hour, it is normal then can be considered each network information security equipment, otherwise be considered as the working state abnormal of network information security equipment, after master controller is noted daily record, to the user interface information that gives a warning.
4. control method as claimed in claim 2 is characterized in that, described method is carried out system configuration in the following way and upgraded:
The user is in the configuration of changing by WEB interface or CLI interface on each network information security equipment, master controller sends the system configuration update inquiry information to each network information security equipment, after each network information security equipment is received the system configuration update inquiry information that master controller sends, if confirm that order is correct, then upgrade self configuration, and return the response message of config update to master controller according to the requirement of system configuration update inquiry information.
5. control method as claimed in claim 2 is characterized in that, described method is carried out the interlock control of system in the following way:
The mode of operation information of each network information security equipment is set in described linkage strategy information table, described mode of operation information is between each network information security equipment, and information transmission, logic determines and action executive mode between master controller and each network information security equipment are stipulated, when system was in running order, then the mode with described mode of operation information specifies turned round.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910236815 CN101714990B (en) | 2009-10-30 | 2009-10-30 | Network security safeguarding integrated system and control method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910236815 CN101714990B (en) | 2009-10-30 | 2009-10-30 | Network security safeguarding integrated system and control method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101714990A true CN101714990A (en) | 2010-05-26 |
| CN101714990B CN101714990B (en) | 2013-06-05 |
Family
ID=42418266
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200910236815 Active CN101714990B (en) | 2009-10-30 | 2009-10-30 | Network security safeguarding integrated system and control method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101714990B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938460A (en) * | 2010-06-22 | 2011-01-05 | 北京豪讯美通科技有限公司 | Coordinated defense method of full process and full network safety coordinated defense system |
| CN103795713A (en) * | 2014-01-20 | 2014-05-14 | 中国建设银行股份有限公司 | System applied to preventing and controlling telecommunication fraud and intersystem information interaction method |
| CN104883348A (en) * | 2014-09-28 | 2015-09-02 | 宁波匡恩网络科技有限公司 | Network security regulation automatic deployment method and system |
| CN108234447A (en) * | 2017-12-04 | 2018-06-29 | 北京交通大学 | A kind of safety regulation for heterogeneous networks security function manages system and method |
| CN110572412A (en) * | 2019-09-24 | 2019-12-13 | 南京大学 | Firewall based on intrusion detection system feedback in cloud environment and implementation method thereof |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7246156B2 (en) * | 2003-06-09 | 2007-07-17 | Industrial Defender, Inc. | Method and computer program product for monitoring an industrial network |
| CN100346610C (en) * | 2004-11-01 | 2007-10-31 | 沈明峰 | Security policy based network security management system and method |
| CN100550768C (en) * | 2006-04-10 | 2009-10-14 | 华为技术有限公司 | A kind of information security management platform |
-
2009
- 2009-10-30 CN CN 200910236815 patent/CN101714990B/en active Active
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938460A (en) * | 2010-06-22 | 2011-01-05 | 北京豪讯美通科技有限公司 | Coordinated defense method of full process and full network safety coordinated defense system |
| CN101938460B (en) * | 2010-06-22 | 2014-04-09 | 北京中兴网安科技有限公司 | Coordinated defense method of full process and full network safety coordinated defense system |
| CN103795713A (en) * | 2014-01-20 | 2014-05-14 | 中国建设银行股份有限公司 | System applied to preventing and controlling telecommunication fraud and intersystem information interaction method |
| CN104883348A (en) * | 2014-09-28 | 2015-09-02 | 宁波匡恩网络科技有限公司 | Network security regulation automatic deployment method and system |
| CN108234447A (en) * | 2017-12-04 | 2018-06-29 | 北京交通大学 | A kind of safety regulation for heterogeneous networks security function manages system and method |
| CN110572412A (en) * | 2019-09-24 | 2019-12-13 | 南京大学 | Firewall based on intrusion detection system feedback in cloud environment and implementation method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101714990B (en) | 2013-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102594814B (en) | Terminal-based network access control system | |
| KR101977731B1 (en) | Apparatus and method for detecting anomaly in a controller system | |
| US8737398B2 (en) | Communication module with network isolation and communication filter | |
| CN104767748B (en) | Opc server security protection system | |
| CN100435513C (en) | Method of linking network equipment and invading detection system | |
| CN101714990B (en) | Network security safeguarding integrated system and control method thereof | |
| WO2017156261A1 (en) | Active deception system | |
| CN102882828A (en) | Information safe transmission control method between inside network and outside network and gateway thereof | |
| KR100523483B1 (en) | The system and method of malicious traffic detection and response in network | |
| CN101984693A (en) | Monitoring method and monitoring device for access of terminal to local area network (LAN) | |
| CN106789982B (en) | Safety protection method and system applied to industrial control system | |
| Li | Security requirements in IoT architecture | |
| CN113467311B (en) | Electric power Internet of things safety protection device and method based on software definition | |
| CN101621427B (en) | Anti-intrusion method and system for a communication network | |
| US20140323095A1 (en) | Method and device for monitoring a mobile radio interface on mobile terminals | |
| CN106161330A (en) | A kind of security isolation system being applied to PROFINET EPA | |
| CN101616038B (en) | SOA security guarantee system and method | |
| KR101881061B1 (en) | 2-way communication apparatus capable of changing communication mode and method thereof | |
| EP3018878B1 (en) | Firewall based prevention of the malicious information flows in smart home | |
| Silveira et al. | Cyber vulnerability assessment of a digital secondary system in an electrical substation | |
| CN101300807A (en) | Network access remote front-end processor for a communication network and method for operating a communications system | |
| US20220272119A1 (en) | Protection system of information networks and relevant security procedure | |
| CN106358188A (en) | Periodic link switching method, equipment and system | |
| CN110896403A (en) | Application firewall architecture | |
| CN110278184A (en) | A kind of isolation of network security and data exchange oil field Network of Power application system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20161213 Address after: 210042 Xuanwu District, Xuanwu District, Jiangsu, Nanjing, No. 699-22, building 18 Patentee after: CERTUSNET CORP. Address before: 100084 Beijing Haidian District Tsinghua Yuan 100084-82 mailbox Patentee before: Qinghua UNiversity |