CN101753333A - Management system for integrated information security service and the protection method thereof - Google Patents

Management system for integrated information security service and the protection method thereof Download PDF

Info

Publication number
CN101753333A
CN101753333A CN200810180748A CN200810180748A CN101753333A CN 101753333 A CN101753333 A CN 101753333A CN 200810180748 A CN200810180748 A CN 200810180748A CN 200810180748 A CN200810180748 A CN 200810180748A CN 101753333 A CN101753333 A CN 101753333A
Authority
CN
China
Prior art keywords
information
user
service
management
security service
Prior art date
Application number
CN200810180748A
Other languages
Chinese (zh)
Other versions
CN101753333B (en
Inventor
姚仁豪
杜秉恒
吴怡芳
游峯鹏
李威
徐明山
许渊珽
余任
Original Assignee
中华电信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中华电信股份有限公司 filed Critical 中华电信股份有限公司
Priority to CN2008101807489A priority Critical patent/CN101753333B/en
Publication of CN101753333A publication Critical patent/CN101753333A/en
Application granted granted Critical
Publication of CN101753333B publication Critical patent/CN101753333B/en

Links

Abstract

The invention relates to a management system for integrated information security service and the protection method thereof, which are characterized in that first the management system for integrated information security service enables a protection device to protect data packets on a device at the user end for security, generates a log event from the protection result and sends the log event to a centralized monitoring platform; then the centralized monitoring platform normalizes and relationally analyzes the log event and detects and transmits the exceptional information to a service platform; finally the service platform displays the exceptional information integrated with the information about the network status on the interface of a webpage and sends the information about the network status and exceptional information to the device at the user end. The management system for integrated information security service and the protection method thereof can directly provide a series of information about the network status and security information at the Internet service provider end to address the problem that a network subscriber usually needs to spend high equipment and (monitoring) labor costs in purchasing, establishing and maintaining an information security protection system on his own in the prior art.

Description

The management system of information security service and means of defence
Technical field
The present invention relates to a kind of management system and means of defence of information security service, more detailed it, be a kind of management system and means of defence that comes information security service by analysis for information safety devices logout (Log).
Background technology
Because development of internet technology, make the speeding up of network system construction.Under the situation that network is more and more popularized, the user carries out every mankind's activity trend that has been inevitable by network, for example uses the network gather data, browses knowledge, buys commodity or make friends or the like.
And user's desire connects the internet, and (InternetService Provider ISP) carries out line generally must to pass through the ISP.The ISP is exactly for the user provides company or the mechanism that imports the internet and the network information service, and the machine room connecting line equipment is set up in these company's infusion of financial resourcess, and rents a large amount of circuits and frequency range, gives general user and collection of charges again.Usually the user can be by leased-line or the mode of dialing and connecting, and the server by the ISP could link to each other with the internet.
Yet, be flooded with a large amount of virus and rogue program on the internet, cause the user to hold damaging when machine and data of computer equipment easily.At present the user is for information security solution, is fire compartment wall to be set voluntarily, to be bought and antivirus software is installed or the safety means cloth of intrusion detecting is deployed on internal network to stop virus and rogue program by user side.But of a great variety for the rogue program that information security can threaten, so the network user must build the safety protection equipment of putting multiple class.But the building to put with maintenance of safety protection equipment can be caused the heavy cost burden of user, the virus and hacker (the software cracker that also may not necessarily check network effectively, be the software hacker) attack, even and if can successfully stop the malice package at user side, be difficult to also prevent that a large amount of malice packages from causing connects the problem that the external network frequency range descends.What more perplex the user is that the information security events that these information safety devices produce writes down numerous and miscellaneous, if user itself does not possess the professional knowledge of network and information security aspect, be difficult in fact to integrate, analysis and organize your messages security incident write down with realize immediately shallow problem.
In sum, how a kind of management system and means of defence that solves the information security service of above-mentioned prior art shortcoming is provided, the user is provided under the situation of taking into account cost and convenience instant protecting information safety monitoring, becomes the problem that needs to be resolved hurrily at present then.
Summary of the invention
For solving the disappearance of aforementioned prior art, the object of the present invention is to provide a kind of management system and means of defence of information security service, in order to the conformability information about information security events and network state to be provided, thereby the user can be fast and is grasped diverse network state and information security information expediently.
For reaching aforementioned purpose, the invention provides a kind of management system and means of defence of information security service.The management system of this information security service comprises: user end apparatus; Route device is in order to provide this user end apparatus line routed path; Protector in order to the data packet from this route device is carried out security protection, and produces logout (Log) with Protection Results; The centralized monitor platform captures and collects this logout, and this logout is carried out association analysis, with the detecting abnormal information; And service platform, in order to capture this abnormal information, wherein, this service platform is shown in web interface with this abnormal information and network state information integration, and this abnormal information is sent to this user end apparatus.
In a preferred embodiment, this centralized monitor platform also comprises: the event collection device, in order to collect this logout and this logout carried out normalization; Event analysis apparatus is used this logout after the normalization is carried out association analysis, and the function that systemic-function is set, the user sets, the association analysis rule is set and the O﹠M system is situated between and connects is provided; The incident storage device is in order to store the result of association analysis; And event processing apparatus, form event lists according to the result of this association analysis, and distinguish event class.
The means of defence of information security service of the present invention may further comprise the steps: (1) makes protector that the data packet of user end apparatus is carried out security protection, and Protection Results is produced logout and this logout is delivered to the centralized monitor platform; (2) make the centralized monitor platform with the normalization of this logout and carry out association analysis; (3) make centralized monitor platform detecting abnormal information, and this abnormal information is sent to service platform; And (4) make service platform that this abnormal information and network state information are integrated being shown in web interface, and this abnormal information is sent to this user end apparatus.
In a preferred embodiment, step (2) is further comprising the steps of: (2-1) make the event collection device collect this logout and this logout is carried out normalization; (2-2) make event analysis apparatus that this logout is carried out association analysis; (2-3) make the result of incident storage device stores association analysis; And (2-4) make event processing apparatus form event lists and distinguish event class according to the result of this association analysis, when particular event takes place, send announcement information to the O﹠M platform.
Than existing technology, the management system of information security service of the present invention and means of defence utilize the transmission route path of the enactment document determination data package of specific user's end device, and thus data packet is imported protector and carry out protecting information safety and handle, can hold the attack of successfully checking internet worm and hacker at ISP, and make the centralized monitor platform with logout normalization and carry out association analysis, by centralized monitor platform detecting abnormal information, and this abnormal information is sent to service platform, then make service platform that abnormal information and network state information integration are shown in web interface, and this abnormal information sent to this user end apparatus, so, the user can receive abnormal information safety alert news quickly and easily, to carry out various protection operations at once.In addition, hold the conformability circular of the information security information that is provided to serve by ISP, enterprise or user need not to build and put a large amount of protecting information safety equipment, also reduce the manpower demand of information spy, therefore can reduce network and information security maintenance cost in a large number.
Description of drawings
Figure 1A to 1D is the Organization Chart of the management system of information security service of the present invention;
Fig. 2 is the Organization Chart of a specific embodiment of management system of information security service of the present invention;
Fig. 3 is the flow chart of the means of defence of information security service of the present invention;
Fig. 4 A to 4C is the flow chart of specific embodiment of the means of defence of information security service of the present invention;
Fig. 5 is the flow chart of the step of specific implementation centralized monitor platform in the means of defence of information security service of the present invention;
Fig. 6 is the flow chart of the step of specific implementation service platform in the means of defence of information security service of the present invention.
The main element symbol description
10 internets
11 user end apparatus
12 route devices
13 protectors
14 centralized monitor platforms
15 service platforms
20 user end apparatus
21 route devices
22 protectors
23 centralized monitor platforms
231 event collection devices
232 event analysis apparatus
233 incident storage devices
234 event processing apparatus
24 O﹠M platforms
25 service platforms
251 management devices
252 aviso devices
253 webpage devices
26 for assembling platform
27 network state arrangement for detecting
S30~S33 step
S411~S412 step
S421~S422 step
S431~S432 step
S50~S53 step
S60~S63 step
Embodiment
Below by particular specific embodiment explanation embodiments of the present invention, those skilled in the art can understand other advantages of the present invention and effect easily by the content that this specification disclosed.The present invention also can be implemented or be used by other different specific embodiments.
See also Figure 1A to 1D, it is the Organization Chart of the management system of information security service of the present invention.Shown in Figure 1A, native system comprises internet 10, user end apparatus 11, route device 12 and protector 13.
But user end apparatus 11 is access data the go forward side by side electronic equipment that line data handles, for example desktop computer, notebook computer, digital television apparatus, personal digital assistant and/or mobile phone.
Route device 12 is in order to provide user end apparatus 11 line routed paths.For information is transmitted between network, route device 12 can be used to the determination data bang path.Because the data on the network are divided into sectional package (packet), and these packages where point to be to be decided by route device 12.Therefore, when user end apparatus 11 was uploaded or received data packet, route device 12 can be with specific router or the server of this data packet guiding.
Protector 13 is in order to carry out security protection to the data packet from this route device.Receive or transmit unusual packet data for fear of user end apparatus 11, protector 13 can carry out every protecting information safety service to the data package.The content of this protecting information safety service can be gas defence, wipes out drugs, stops the malice package and/or stops malicious link.
During concrete enforcement, at first connect route devices 12 by user end apparatus 11, then, route device 12 is according to enactment document that should user end apparatus 11 is produced routed path.When user end apparatus 11 is uploaded packet data, route device 12 can be by route (the Policy-Based Routing based on strategy, PBR) technology imports specific routed path with this packet data, carries out particular safety protection service to be sent to protector 13.This enactment document is to carry out network Shen dress or service request is set up according to user side, and the content of this enactment document is write according to the PBR technology.What this must propose explanation be, route device 12 and enactment document do not limit the PBR technology that adopts, such as can discern the user side connection request and will ask the importing particular way by the communications protocol technology all can use, and protector 13 also can be connected to other platforms by internet 10 and protects service initialization.
See also Figure 1B, user end apparatus 11 is to ISP provider application customizing messages security service function in the diagram.User end apparatus 11 can receive by the route device 12 that ISP provider is provided and be sent to internet 10 from the data packet of internet 10 and with data packet.Wherein, route device 12 can map to the data packet of this user end apparatus protector 13, and carry out the particular safety protection by 13 pairs of data packages of protector and serve, if protector 13 find webpages that the user connected have improper in perhaps or even during malicious web pages, then proactive notification user end apparatus 11 is to stop this connection behavior, the fail safe when using the network service to promote the user.
See also Fig. 1 C, than Figure 1B, this framework is to utilize this user end apparatus 11 of protector 13 agencies to receive or transmit data packet.The user of application information security service not, its data packet transfers to internet 10 by route device 12.And the user of application information security service, the package transmission between user end apparatus 11 and internet 10 must be by protector 13 as window.So the present invention not only utilizes protector 13 agencies to receive or transmits data packet, and the package that is received is carried out various protecting information safeties, to stop malice package or poisoning intrusion user end apparatus 11.
See also Fig. 1 D, as shown in the figure, management system of the present invention comprises internet 10, user end apparatus 11, route device 12, protector 13, centralized monitor platform 14 and service platform 15.
Centralized monitor platform 14 is collected the logout by the information safety devices of protector 13 generations, and this logout is carried out normalization and event correlation analysis, with the detecting abnormal information.In addition, centralized monitor platform 14 can store the result of association analysis, and forms event lists according to the result of association analysis, and distinguishes event class.When the information security events of specific grade takes place, can notify the O﹠M personnel of ISP end to handle immediately.
Service platform 15 is in order to acquisition abnormal information and network state information.Service platform 15 can be integrated abnormal information and network state information and be shown in web interface and be connected for the user and inquire about, when particular event takes place, service platform 15 can initiatively send to user end apparatus with above-mentioned information, thereby the user grasps network connectivity and information security situation immediately.
When the present invention specifically implements, at first, data packet by 13 pairs of user end apparatus 11 of protector carries out security protection, Protection Results is produced logout and this logout is sent to centralized monitor platform 14, then, centralized monitor platform 14 is with logout normalization and carry out association analysis, abnormal information by centralized monitor platform 14 detecting information security events, and this abnormal information is sent to service platform 15, at last, make service platform that abnormal information and network state information are formed the conformability form and be shown in web interface.So, the user can initiatively connect in this web interface inquiry form and perhaps downloads form, and if service platform 15 is also can the proactive notification user when finding abnormal information safety alert news is arranged.
In a preferred embodiment, native system further comprises the network state arrangement for detecting, in order to the user network state of detecting route device, to form network state information.Wherein, service platform 15 can be shown in web interface with network state information, and this network state information is sent to this user end apparatus.The content of network state information can be connecting line equipment state, line status, line frequency range and/or network service efficiency.
In another preferred embodiment, user end apparatus 11 can pass through Wide Area Network system, virtual private net system, local area network system and/or wireless network Connection Service platform 15, and protector 13 can have gas defence, wipes out drugs, stops the malice package, stops malicious link, the function of intrusion prevention, intrusion detecting, information filtering, the protection of info web security threat and/or antivirus protection.
In another preferred embodiment, comprise that by the abnormal information of centralized monitor platform 14 detecting user end apparatus inside is because of poisoning or being subjected to externally unusual line that assault produces and for example DOS/DDOS, worm or leak are attacked from the abnormal operation of outside.
See also Fig. 2, the Organization Chart of a specific embodiment of management system of information security service of the present invention.Comprise user end apparatus 20, route device 21, protector 22, centralized monitor platform 23, O﹠M platform 24, service platform 25 in the present embodiment, supply assembling platform 26 and network state arrangement for detecting 27.Wherein, centralized monitor platform 23 comprises event collection device 231, event analysis apparatus 232, incident storage device 233 and event processing apparatus 234, and service platform 25 comprises management devices 251, aviso device 252 and webpage device 253.Its function mode is described in detail as follows.
At first, user end apparatus 20 is to the application conformability information security service of ISP provider.User end apparatus 20 is connected to route device 21 earlier, and carries out particular safety protection service by 22 pairs of data packages of protector that the ISP end is provided, and protector 22 can produce different logouts according to Protection Results.Then, send logout to centralized monitor platform 23, collect the variety of event record and it is carried out normalization by event collection device 231.Event collection device 231 is passed to event analysis apparatus 232 with the logout after the normalization, according to default analysis rule (rule) logout is carried out association analysis by event analysis apparatus 232, and the detecting abnormal information.Then, event analysis apparatus 232 can be stored in abnormal information incident storage device 233.In addition, event analysis apparatus 232 can be passed to abnormal information event processing apparatus 234, and event processing apparatus 234 forms event lists according to the result of association analysis, and distinguishes event class.Event processing apparatus 234 also can provide information security accident treatment flow management function.Wherein, when the incident of specific grade took place, this event processing apparatus 234 sent announcement informations to O﹠M platform 24, thereby made the O﹠M personnel O﹠M operation of being correlated with immediately.
Moreover event analysis apparatus 232 is passed to service platform 25 with abnormal information.Make aviso device 252 that the network state information that is provided by network state arrangement for detecting 27 is provided, and network state information and abnormal information are sent to webpage device 253, so that network state information and this abnormal information are shown in web interface.On the other hand, aviso device 252 is obtained the data of user end apparatus and is compared to management devices 251, and network state information and abnormal information are sent to this corresponding user end apparatus 20.
In another preferred embodiment, aviso device 252 can be notified user end apparatus 20 by the mode of E-mail or SMS information.
In another preferred embodiment again, the management system of information security service of the present invention also comprises for assembling platform 26, in order to user Shen dress data are offered centralized monitor platform 23 and service platform 25.The user is when the dress information security service of Shen, must be with data storing in supplying assembling platform 26, when the event analysis apparatus in the centralized monitor platform 23 232 carries out association analysis, must compare logout and user data with user, so event analysis apparatus 232 needs by obtaining user data for assembling platform 26 with customizing messages security incident connection correspondence.Aviso device 252 also must carry out above-mentioned comparison again, therefore needs equally just to be able to correct information security information is conveyed to the user by obtaining user data for assembling platform 26.
See also Fig. 3, be the flow chart of the means of defence of information security service of the present invention.As shown in the figure, its idiographic flow comprises the steps.
In step S30, make protector that the data packet of user end apparatus is carried out security protection, Protection Results is produced logout and this logout is sent to the centralized monitor platform.User end apparatus can be desktop computer, notebook computer, personal digital assistant and/or mobile phone.Then proceed to step S31.
In step S31, make the centralized monitor platform with the normalization of this logout and carry out association analysis.Then proceed to step S32.
In step S32, make centralized monitor platform detecting abnormal information, and this abnormal information is sent to service platform.Then proceed to step S33.
In step S33, make service platform that abnormal information is shown in web interface, and abnormal information is sent to user end apparatus.
In a preferred embodiment, user end apparatus can pass through Wide Area Network system, virtual private net system, local area network system and/or wireless network Connection Service platform.
In another preferred embodiment, protector can have gas defence, wipes out drugs, stops the malice package, stops malicious link, the function of intrusion prevention, intrusion detecting, information filtering, the protection of info web security threat and/or antivirus protection.
Fig. 4 A to 4C is the flow chart of specific embodiment of the means of defence of information security service of the present invention.Protecting information safety method of the present invention has three kinds of forms.Shown in Fig. 4 A, the idiographic flow of its first kind of form comprises the steps.
In step S411, make user end apparatus connect route device.Then proceed to step S412.
In step S412, make this route device according to enactment document that should user end apparatus is imported protector with the data packet of this user end apparatus.
Shown in Fig. 4 B, the idiographic flow of its second kind of form comprises the steps.
In step S421, make user end apparatus connect route device.Then proceed to step S422.
In step S422, make this route device map to protector to data packet that should user end apparatus.
Shown in Fig. 4 C, the idiographic flow of its third form comprises the steps.
In step S431, make user end apparatus connect route device.Then proceed to step S432.
In step S432, make this route device connect protector, and carry out transmission of data packets by this protector agency.
By above-mentioned means of defence, utilize the transmission route path of the enactment document determination data package of specific user's end device, and thus data packet is imported protector and carry out protecting information safety and handle, can hold the attack of successfully checking internet worm and hacker at ISP, also promote the service efficiency that connects the external network frequency range simultaneously.In addition, provide protecting information safety service, user to need not to build by the ISP end and put a large amount of safety protection equipments, therefore also reduce the burden of expense.
Consult Fig. 5, be the flow chart of the step of specific implementation centralized monitor platform in the means of defence of information security service of the present invention.Its idiographic flow comprises the steps.
In step S50, make event collection device Collection Events record and this logout is carried out normalization.Then proceed to step S51.
In step S51, make event analysis apparatus that logout is carried out association analysis.Then proceed to step S52.
In step S52, make the result of incident storage device stores association analysis.Then proceed to step S53.
In step S53, make event processing apparatus form event lists and distinguish event class according to the result of this association analysis, when particular event takes place, send announcement information to the O﹠M platform.In addition, event processing apparatus also can provide information security accident treatment flow management function.
In a preferred embodiment, event analysis apparatus can carry out association analysis to logout according to default analysis rule.
In another preferred embodiment, when the customizing messages security incident took place, this event processing apparatus sent announcement information to dimension fortune platform, was sent the engineering staff to circulate a notice of the client or was carried out the O﹠M operation by dimension fortune platform.
Consult Fig. 6, be the flow chart of the step of specific implementation service platform in the means of defence of information security service of the present invention.As shown in the figure, its idiographic flow comprises the steps.
In step S60, make aviso device that the network state information that is provided by the network state arrangement for detecting is provided.Then proceed to step S61.
In step S61, make aviso device that network state information and abnormal information are sent to the webpage device, so that network state information and abnormal information are shown in web interface.Then proceed to step S62.
In step S62, make aviso device obtain the data of user end apparatus and compare to management devices.Then proceed to step S63.
In step S63, make aviso device that network state information and abnormal information are sent to corresponding user end apparatus.
Can find by the foregoing description, the service that the present invention can order the user is classified, and provide protection to serve, and the logout of the information security events that service item produced that the user can be ordered is concentrated and is delivered to the back-end services platform and converge whole and correlation analysis, then integrate user's network state again, produce the conformability form confession user inquiring of the network information and information security information, also or by service platform initiatively send e-mail or SMS messaging is notified the user.Therefore make the user can grasp the information of information security events or network state fast, promote the convenience of user side network operation.
In sum, the monitor supervision platform of integration networks information of the present invention and information security information and method for supervising can produce following effect:
(1) convenience of lifting user side network operation.The present invention carries out normalization and association analysis by the centralized monitor platform with the logout of information security events, the conformability form that is easily understood with formation, the user who does not possess specialized network knowledge also can be known understand its content, therefore the user must promote the convenience of user side network operation greatly by the problem of professional to the information security information judging in the solution prior art.
(2) cost of reduction user side construction security protection mechanism and O﹠M.In the prior art, enterprise except need spend a large sum of amount of money buy and build and put the protecting information safety equipment, also need engage the engineering staff that this equipment is managed and safeguards.Because but the present invention ISP end directly carries out keyholed back plate and protection to user's packet data, and the conformability form that the network information and information security information can be provided is by user inquiring, therefore enterprise need not build safety protection equipment (as firewall box or gas defence software) and the engagement O﹠M personnel of putting by ancillary cost, therefore reduce the network operation cost, increase Enterprises'Competitiveness.
The foregoing description only is illustrative principle of the present invention and effect thereof, but not is used to limit the present invention.Any those skilled in the art all can be under spirit of the present invention and category, and the foregoing description is modified and changed.

Claims (25)

1. the management system of an information security service is characterized in that, comprising:
User end apparatus;
Route device is in order to provide this user end apparatus line routed path;
Protector in order to the data packet from this route device is carried out security protection, and produces logout with Protection Results;
The centralized monitor platform captures and collects this logout, and this logout is carried out association analysis, with the detecting abnormal information; And
Service platform, in order to capturing this abnormal information and network state information,
Wherein, this service platform is shown in web interface with this abnormal information and this network state information, and this abnormal information and this network state information are sent to this user end apparatus.
2. the management system of information security service according to claim 1, it is characterized in that, also comprise the network state arrangement for detecting, in order to detect the user network state of this route device, to form network state information, wherein, this service platform is shown in web interface with this network state information, and this network state information is sent to this user end apparatus.
3. the management system of information security service according to claim 1, it is characterized in that, this route device is according to importing specific routed path to enactment document that should user end apparatus with the data packet of this user end apparatus, and by this protector the data packet that receives carried out particular safety protection service.
4. the management system of information security service according to claim 1, it is characterized in that, this route device will map to this protector to data packet that should user end apparatus, and by this protector the data package be carried out particular safety protection service.
5. the management system of information security service according to claim 1 is characterized in that, this protector has the function that this user end apparatus of agency received or transmitted data packet.
6. the management system of information security service according to claim 1 is characterized in that, this centralized monitor platform also comprises:
The event collection device is in order to collect this logout and this logout is carried out normalization;
Event analysis apparatus is used this logout after the normalization is carried out association analysis, and the function that systemic-function is set, the user sets, the association analysis rule is set and the O﹠M system is situated between and connects is provided;
The incident storage device is in order to store the result of logout and association analysis; And
Event processing apparatus forms event lists according to the result of this association analysis, and distinguishes event class.
7. the management system of information security service according to claim 6 is characterized in that, event analysis apparatus carries out association analysis according to default analysis rule to this logout.
8. the management system of information security service according to claim 6 is characterized in that, when particular event took place, this event processing apparatus sent announcement information to the O﹠M platform, thereby carries out the O﹠M operation.
9. the management system of information security service according to claim 6 is characterized in that, this event processing apparatus provides information security accident treatment flow management function.
10. the management system of information security service according to claim 1 is characterized in that, this service platform also comprises:
Management devices is in order to manage the data of this user end apparatus;
Aviso device is in order to send to this user end apparatus with this abnormal information; And
The webpage device is in order to be shown in web interface with this abnormal information.
11. the management system of information security service according to claim 10 is characterized in that, this aviso device is notified this user end apparatus with E-mail or SMS information.
12. the management system of information security service according to claim 1 is characterized in that, also comprises for assembling platform, in order to user Shen dress data are offered this centralized monitor platform and this service platform.
13. the management system of information security service according to claim 1 is characterized in that, this user end apparatus is to connect this service platform by Wide Area Network system, virtual private net system, local area network system and/or wireless network.
14. the management system of information security service according to claim 1 is characterized in that, this user end apparatus is work station, desktop computer, notebook computer, personal digital assistant and/or mobile phone.
15. the management system of information security service according to claim 1, it is characterized in that this protector has gas defence, wipes out drugs, stops the malice package, stops malicious link, the function of intrusion prevention, intrusion detecting, information filtering, the protection of info web security threat and/or antivirus protection.
16. the means of defence of an information security service is characterized in that, may further comprise the steps:
(1) makes protector that the data packet of user end apparatus is carried out security protection, Protection Results is produced logout and this logout is sent to the centralized monitor platform;
(2) make the centralized monitor platform with the normalization of this logout and carry out association analysis;
(3) make centralized monitor platform detecting abnormal information, and this abnormal information is sent to service platform; And
(4) make service platform that this abnormal information and network state information integration are shown in web interface, and this abnormal information and this network state information are sent to this user end apparatus.
17. the means of defence of information security service according to claim 16 is characterized in that, step (1) is further comprising the steps of:
Make user end apparatus connect route device; And
Make this route device according to enactment document that should user end apparatus is imported protector with the data packet of this user end apparatus.
18. the means of defence of information security service according to claim 16 is characterized in that, step (1) is further comprising the steps of:
Make user end apparatus connect route device; And
Make this route device map to protector to data packet that should user end apparatus.
19. the means of defence of information security service according to claim 16 is characterized in that, step (1) is further comprising the steps of:
Make user end apparatus connect route device; And
Make this route device connect protector, and carry out transmission of data packets by this protector agency.
20. the means of defence of information security service according to claim 16 is characterized in that, step (2) is further comprising the steps of:
(2-1) make the event collection device collect this logout and this logout is carried out normalization; And
(2-2) make event analysis apparatus that this logout is carried out association analysis.
21. the means of defence of information security service according to claim 20 is characterized in that, and is further comprising the steps of:
(2-3) make the result of incident storage device stores logout and association analysis; And
(2-4) make event processing apparatus form event lists and distinguish event class, when particular event takes place, send announcement information to dimension fortune platform according to the result of this association analysis.
22. the means of defence of information security service according to claim 16 is characterized in that, step (4) is further comprising the steps of:
(4-1) make aviso device that the network state information that is provided by the network state arrangement for detecting is provided;
(4-2) make aviso device that this network state information and this abnormal information are sent to the webpage device, so that this network state information and the integration of this abnormal information are shown in web interface;
(4-3) make aviso device obtain the data of user end apparatus and compare to management devices; And
(4-4) make aviso device that this network state information and this abnormal information are sent to this corresponding user end apparatus.
23. the means of defence of information security service according to claim 16 is characterized in that, this user end apparatus is work station, desktop computer, notebook computer, personal digital assistant and/or mobile phone.
24. the means of defence of information security service according to claim 16 is characterized in that, this user end apparatus connects this service platform by Wide Area Network system, virtual private net system, local area network system and/or wireless network.
25. the means of defence of information security service according to claim 16, it is characterized in that this protector has gas defence, wipes out drugs, stops the malice package, stops malicious link, the function of intrusion prevention, intrusion detecting, information filtering, the protection of info web security threat and/or antivirus protection.
CN2008101807489A 2008-11-28 2008-11-28 Management system for integrated information security service and the protection method thereof CN101753333B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008101807489A CN101753333B (en) 2008-11-28 2008-11-28 Management system for integrated information security service and the protection method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008101807489A CN101753333B (en) 2008-11-28 2008-11-28 Management system for integrated information security service and the protection method thereof

Publications (2)

Publication Number Publication Date
CN101753333A true CN101753333A (en) 2010-06-23
CN101753333B CN101753333B (en) 2012-07-04

Family

ID=42479774

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008101807489A CN101753333B (en) 2008-11-28 2008-11-28 Management system for integrated information security service and the protection method thereof

Country Status (1)

Country Link
CN (1) CN101753333B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102185735A (en) * 2011-04-26 2011-09-14 华北电力大学 Network security situation prediction method
CN103401836A (en) * 2013-07-01 2013-11-20 北京卓易讯畅科技有限公司 Method and device used for judging whether webpage is hijacked by ISP (internet service provider) or not
CN103685296A (en) * 2013-12-20 2014-03-26 中电长城网际系统应用有限公司 Safety information integration display method and system
CN103685306A (en) * 2013-12-20 2014-03-26 汉柏科技有限公司 Method and device for integrating network safety equipment
CN106534186A (en) * 2016-12-07 2017-03-22 北京数字观星科技有限公司 Remote emergency response system and response method thereof
CN106526423A (en) * 2016-11-16 2017-03-22 中国电力科学研究院 Method and system for informatization management for transmission line tower grounding resistance data

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100347991C (en) * 2003-03-14 2007-11-07 吉林中软吉大信息技术有限公司 Data network integrated monitoring and measuring system
CN100480921C (en) * 2007-10-17 2009-04-22 天津大学 Multiple physical states monitoring optimizing and remote synthetic diagnose intelligent numerical control system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102185735A (en) * 2011-04-26 2011-09-14 华北电力大学 Network security situation prediction method
CN102185735B (en) * 2011-04-26 2013-06-12 华北电力大学 Network security situation prediction method
CN103401836A (en) * 2013-07-01 2013-11-20 北京卓易讯畅科技有限公司 Method and device used for judging whether webpage is hijacked by ISP (internet service provider) or not
CN103685296A (en) * 2013-12-20 2014-03-26 中电长城网际系统应用有限公司 Safety information integration display method and system
CN103685306A (en) * 2013-12-20 2014-03-26 汉柏科技有限公司 Method and device for integrating network safety equipment
CN106526423A (en) * 2016-11-16 2017-03-22 中国电力科学研究院 Method and system for informatization management for transmission line tower grounding resistance data
CN106534186A (en) * 2016-12-07 2017-03-22 北京数字观星科技有限公司 Remote emergency response system and response method thereof
CN106534186B (en) * 2016-12-07 2019-08-16 北京数字观星科技有限公司 A kind of remote emergency response system and its response method

Also Published As

Publication number Publication date
CN101753333B (en) 2012-07-04

Similar Documents

Publication Publication Date Title
KR101679578B1 (en) Apparatus and method for providing controlling service for iot security
US10110638B2 (en) Enabling dynamic authentication with different protocols on the same port for a switch
US20200404008A1 (en) Systems and Methods for Detecting and Responding to Security Threats Using Application Execution and Connection Lineage Tracing
Mulliner et al. SMS-based one-time passwords: attacks and defense
Delac et al. Emerging security threats for mobile platforms
Jeon et al. A practical analysis of smartphone security
US8776208B2 (en) Incorporating network connection security levels into firewall rules
US8239951B2 (en) System, method and computer readable medium for evaluating a security characteristic
US9686236B2 (en) Mobile telephone firewall and compliance enforcement system and methods
EP2071884B1 (en) Security for mobile communications device
CN101834865B (en) Method for managing network filter based policies
CN102106114B (en) Distributed security provisioning method and its system
Hassan et al. Security threats in Bluetooth technology
CN103283202B (en) System and Method for Network Level Protection Against Malicious Software
US8015414B2 (en) Method and apparatus for providing fraud detection using connection frequency thresholds
US7093292B1 (en) System, method and computer program product for monitoring hacker activities
US8443446B2 (en) Method and system for identifying malicious messages in mobile communication networks, related network and computer program product therefor
Dagon et al. Mobile phones as computing devices: The viruses are coming!
EP2080317B1 (en) Apparatus and a security node for use in determining security attacks
CN103051633B (en) A kind of method and apparatus of defensive attack
US8806607B2 (en) Unauthorized data transfer detection and prevention
US20130070610A1 (en) Mobile communications system, such as a deployable self-contained portable system
US7150043B2 (en) Intrusion detection method and signature table
US8171554B2 (en) System that provides early detection, alert, and response to electronic threats
KR101070614B1 (en) Malicious traffic isolation system using botnet infomation and malicious traffic isolation method using botnet infomation

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120704

Termination date: 20191128