CN101917419A - Job network behavior fire wall - Google Patents
Job network behavior fire wall Download PDFInfo
- Publication number
- CN101917419A CN101917419A CN 201010244836 CN201010244836A CN101917419A CN 101917419 A CN101917419 A CN 101917419A CN 201010244836 CN201010244836 CN 201010244836 CN 201010244836 A CN201010244836 A CN 201010244836A CN 101917419 A CN101917419 A CN 101917419A
- Authority
- CN
- China
- Prior art keywords
- behavior
- network
- work
- task
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a job network behavior fire wall, comprising a behavior rule base, a behavior manager and a behavior filter, wherein the behavior rule base is used for defining classification of the job task of document processing and defining the job flow of corresponding document processing; the behavior filter is used for monitoring and filtering the job network behaviors of the log-in users in real time, judging whether the job network behaviors are legal according to the behavior rule base and submitting the judgment result to the behavior manager; and the behavior manager dynamically manages the network jobs according to the judgment result. The fire wall precludes all the non-standard network jobs and document processing behaviors and satisfies the requirements of the job network for high security and reliability.
Description
Technical field
The invention belongs to information network security field fire compartment wall (Fire Wall) technology, particularly a kind of job network behavior fire compartment wall.
Background technology
Network has become the infrastructure of office and enterprises and institutions' operation and work; based on network work is becoming normality; the network that correspondence possesses the institutional settings of one-level protection abilities (GB GB17859-1999) only allows and the relevant internet behavior of working, and we are referred to as job network.The job network characteristics are to be that the data drifting management of carrier is the center with the file, set up the corresponding work flow process around file process and management, with the standard user work behavior of surfing the Net, stop illegal network work behavior, safeguard work network of network safety and information security.
Fire compartment wall is used as the first road guard system of network security usually.Existing fire compartment wall mainly contains packet filter firewall and firewall agent, wherein:
Packet filter firewall adopts passive isolated controlling technology, in network layer packet is checked, advantage is simple and practical, and speed is fast, and shortcoming is to satisfy the requirement of job network high security.Firewall agent adopts initiatively detecting and scanning technique, in application layer packet is monitored, advantage is more effective for the strick precaution of known viruse and attack invasion, and fail safe is higher, shortcoming is that complex management, speed are slow, can not defend the virus of unknown characteristics and invasion to attack.Therefore, how providing a kind of fire compartment wall that can satisfy job network high security, high reliability request, is the problem of needing solution in the prior art badly.
Summary of the invention
The object of the present invention is to provide a kind of job network behavior fire compartment wall, with high security, the high reliability request that satisfies job network.
For achieving the above object, the invention provides a kind of job network behavior fire compartment wall, comprise rule of conduct storehouse, Behavior Manager and behavior filter, wherein:
Described rule of conduct storehouse is used for that task to file process carries out class definition and workflow that corresponding document is handled defines;
Described behavior filter, be used for filtration is monitored in the network work behavior of login user in real time, whether differentiate described network work behavior according to described rule of conduct storehouse is lawful acts, and judged result is committed to described Behavior Manager, according to described judged result described network work is carried out dynamic management by described Behavior Manager.
Job network behavior fire compartment wall of the present invention, described rule of conduct storehouse comprise that task is filtered white list and flow process is filtered white list, wherein:
Described task is filtered white list, is used for the task of file process is carried out class definition, and the attribute of described task comprises staff, target and work authority;
Described flow process is filtered white list, is used to define the workflow that corresponding document is handled, and the attribute of described workflow comprises communication port, host-host protocol, storage data and file format.
Job network behavior fire compartment wall of the present invention, described Behavior Manager comprise that behavior audit module, behavior reporting modules, emergency processing module and rule are provided with module, wherein:
Described behavior audit module is used for the work behavior audit is carried out in the network work behavior of described login user;
Described behavior reporting modules is used to generate the network work behavior report of described login user;
Described emergency processing module is used for the emergency processing measure is taked in the non-standard network work behavior of described login user;
Described rule is provided with module, be used to provide described rule of conduct storehouse modification, upgrade and function be set.
Job network behavior fire compartment wall of the present invention at first filters white list by task task is carried out the task filtration, secondly judge by the task task filtration whether be legal task, filter white list according to flow process then legal task is carried out the flow process filtration, judge then whether the legal task that filters by flow process is legal flow process, if be legal flow process, provide services on the Internet to the legal task of flow process again, thereby stopped all nonstandard network works and file process behavior, satisfied the high security of job network, high reliability request.
Description of drawings
Fig. 1 is the structural representation of job network behavior fire compartment wall of the present invention;
Fig. 2 is the behavior filter method flow chart of job network behavior fire compartment wall of the present invention.
Embodiment
Below in conjunction with accompanying drawing the specific embodiment of the present invention is described in detail:
As shown in Figure 1, job network behavior fire compartment wall of the present invention is made up of rule of conduct storehouse 10, Behavior Manager 20 and behavior filter 00.Wherein:
Rule of conduct storehouse 10 filters white list 11 by task and corresponding flow process filtration white list 12 is formed.Task is filtered white list 11 and is used for the task of file process is carried out class definition, and (form by staff 13, target 14 and work authority 15 by tlv triple for the attribute of task.Flow process is filtered white list 12 and is used to define the workflow that corresponding document is handled, and the attribute of workflow is made up of four-tuple (communication port 16, host-host protocol 17, storage data 18 and file format 19).
Behavior Manager 20 is provided with module 24 by behavior audit module 21, behavior reporting modules 22, emergency processing module 23 and rule and forms.Behavior audit module 21 is used for the user network work behavior is carried out the work behavior audit, behavior reporting modules 22 is used to generate the report of user network work behavior, emergency processing module 23 is used for the emergency processing measure is taked in user's non-standard network work behavior, and rule is provided with modification that module 24 then is used to provide rule of conduct storehouse 10, upgrades and is provided with function.
Be the behavior filter process that example illustrates job network behavior fire compartment wall of the present invention with TV station's network below.As a typical job network, the fail safe of TV station's network and reliability requirement are very high, its task is to upload around audio-video documents such as TV programme and materials, storage, vocational works such as editor and broadcast, suppose that its action is: reporter A uploads the audio frequency of interview by the USB port of network workstation with portable hard drive, video file, its task is: audio-video document is uploaded, its workflow is: the open communication port, check file format, start host-host protocol, storing data files, the behavior fire compartment wall that then is applied to TV station's job network only allows to carry out the network work behavior relevant with above-mentioned task, other network work behaviors are then forbidden, and the behavior filter process that job network behavior fire compartment wall then of the present invention is uploaded work to the audio-video document of this TV station's network is as follows:
Step S1: behavior filter 00 receives logging request.Reporter A is by work stations log TV station network, and application is carried out audio-video document and uploaded work, and Behavior Manager 20 receives the logging request that reporter A sends by work station.
Step S2: behavior filter 00 carries out task and filters.The network work behavior that behavior filter 00 is uploaded work according to 11 pairs of reporter A applications carrying out of the filtration of the task in the rule of conduct storehouse 10 white list audio-video document is carried out the staff and is screened filtration, the filtration of examining of checking filtration and work authority of target, submit to the behavior audit module 21 of Behavior Manager 20 to carry out the behavior audit task filter result, the task filtration auditing result of returning according to Behavior Manager 20 determines whether reporter A has audio-video document and upload and the editing authority then, if have, then by reporter A is applied for carrying out the filtration that audio-video document is uploaded the network work behavior of work, execution in step S3 then, otherwise will not pass through, thereby reporter A is carried out identification and access control.
Step S3: behavior filter 00 carries out legal task and differentiates.Whether the network work behavior that 00 pair of reporter A application carrying out of behavior filter audio-video document is uploaded work is that legal task is differentiated, as find that the network work behavior that reporter A application carrying out audio-video document is uploaded work belongs to illegal network work behavior, then stop reporter A application the carrying out network work behavior that audio-video document is uploaded work by emergency processing module 23, if and reporter A carries out other network work request again, also be regarded as illegal network work behavior.As find that the network work behavior that reporter A application carrying out audio-video document is uploaded work belongs to the legitimate network work behavior, then execution in step 4.
Step S4: behavior filter 00 carries out flow process and filters.The file operation that behavior filter 00 filters in the network work behavior that 12 pairs of reporter A applications carrying out of white list audio-video document uploads work according to the flow process in the rule of conduct storehouse 20 communicates ports filter, host-host protocol filters, storage data filter and file format are filtered, submit to the behavior audit module 21 of Behavior Manager 20 to carry out the behavior audit flow process filter result, the flow process filtration auditing result of returning according to Behavior Manager 20 determines whether to opening the usb communication port to reporter A then, if allow open, then open the usb communication port to reporter A, check file format, start host-host protocol, storing data files, execution in step S5 then, otherwise, reporter A is forbidden this usb communication port.
Step S5: behavior filter 00 carries out legal flow process and differentiates.Whether the network work behavior that the audio-video document that 00 couple of reporter A of behavior filter carries out is uploaded work is that legal flow process is differentiated, as this network work behavior of finding reporter A belongs to illegal network work behavior is then stopped reporter A by emergency processing module 23 network work behavior, as the network work behavior of finding reporter A belongs to the legitimate network work behavior, then execution in step S6.
Step S6: behavior filter 00 provides network work.Differentiate the audio-video document of finding that reporter A carries out in the back and upload the network work behavior of work when belonging to the legitimate network work behavior when behavior filter 00 carries out legal flow process, then provide services on the Internet, ensure that reporter A normally carries out audio-video document and uploads work, if but reporter A uses other network port to upload this audio-video document, or transmission and access extended formatting file etc., promptly be regarded as illegal network work behavior.
Step 7: receive and withdraw from request, withdraw from management.Reporter A submits the request of withdrawing to behavior filter 00 after the audio-video document work of uploading is finished, after this withdrawed from the behavior reporting modules 22 generation behaviors report of request through Behavior Manager 20, behavior filter 00 stopped the network work of reporter A.
Above embodiment is described preferred implementation of the present invention; be not that scope of the present invention is limited; design under the prerequisite of spirit not breaking away from the present invention; various distortion and improvement that the common engineers and technicians in this area make technical scheme of the present invention all should fall in the definite protection range of claims of the present invention.
Claims (3)
1. a job network behavior fire compartment wall is characterized in that, comprises rule of conduct storehouse, Behavior Manager and behavior filter, wherein:
Described rule of conduct storehouse is used for that task to file process carries out class definition and workflow that corresponding document is handled defines;
Described behavior filter, be used for filtration is monitored in the network work behavior of login user in real time, whether differentiate described network work behavior according to described rule of conduct storehouse is lawful acts, and judged result is committed to described Behavior Manager, according to described judged result described network work is carried out dynamic management by described Behavior Manager.
2. job network behavior fire compartment wall according to claim 1 is characterized in that, described rule of conduct storehouse comprises that task is filtered white list and flow process is filtered white list, wherein:
Described task is filtered white list, is used for the task of file process is carried out class definition, and the attribute of described task comprises staff, target and work authority;
Described flow process is filtered white list, is used to define the workflow that corresponding document is handled, and the attribute of described workflow comprises communication port, host-host protocol, storage data and file format.
3. job network behavior fire compartment wall according to claim 2 is characterized in that, described Behavior Manager comprises that behavior audit module, behavior reporting modules, emergency processing module and rule are provided with module, wherein:
Described behavior audit module is used for the work behavior audit is carried out in the network work behavior of described login user;
Described behavior reporting modules is used to generate the network work behavior report of described login user;
Described emergency processing module is used for the emergency processing measure is taked in the non-standard network work behavior of described login user;
Described rule is provided with module, be used to provide described rule of conduct storehouse modification, upgrade and function be set.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010244836 CN101917419A (en) | 2010-08-04 | 2010-08-04 | Job network behavior fire wall |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010244836 CN101917419A (en) | 2010-08-04 | 2010-08-04 | Job network behavior fire wall |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101917419A true CN101917419A (en) | 2010-12-15 |
Family
ID=43324805
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010244836 Pending CN101917419A (en) | 2010-08-04 | 2010-08-04 | Job network behavior fire wall |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101917419A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103744992A (en) * | 2014-01-22 | 2014-04-23 | 重庆心宿二信息技术有限公司 | Control method and control system for accessing to computer file contents |
| CN106127400A (en) * | 2016-06-29 | 2016-11-16 | 北京奇虎科技有限公司 | Work behavior analyzes method and device |
| CN108345902A (en) * | 2018-01-24 | 2018-07-31 | 深圳市永达电子信息股份有限公司 | Self study white list model library structure based on transaction characteristics and white list detection method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1556611A (en) * | 2003-12-30 | 2004-12-22 | 上海交通大学 | Network message safety comprehensive management method based on safety application servicer |
| CN1604541A (en) * | 2004-11-01 | 2005-04-06 | 沈明峰 | Security policy based network security management system and method |
| CN1725703A (en) * | 2005-06-03 | 2006-01-25 | 南京才华信息技术有限公司 | Network behaviour management method and system |
| US7610330B1 (en) * | 2006-03-30 | 2009-10-27 | Packeteer, Inc. | Multi-dimensional computation distribution in a packet processing device having multiple processing architecture |
| CN101582883A (en) * | 2009-06-26 | 2009-11-18 | 西安电子科技大学 | System and method for managing security of general network |
| CN101605066A (en) * | 2009-04-22 | 2009-12-16 | 网经科技(苏州)有限公司 | Telecommunication network behavior method for real-time monitoring based on multilayer data interception |
-
2010
- 2010-08-04 CN CN 201010244836 patent/CN101917419A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1556611A (en) * | 2003-12-30 | 2004-12-22 | 上海交通大学 | Network message safety comprehensive management method based on safety application servicer |
| CN1604541A (en) * | 2004-11-01 | 2005-04-06 | 沈明峰 | Security policy based network security management system and method |
| CN1725703A (en) * | 2005-06-03 | 2006-01-25 | 南京才华信息技术有限公司 | Network behaviour management method and system |
| US7610330B1 (en) * | 2006-03-30 | 2009-10-27 | Packeteer, Inc. | Multi-dimensional computation distribution in a packet processing device having multiple processing architecture |
| CN101605066A (en) * | 2009-04-22 | 2009-12-16 | 网经科技(苏州)有限公司 | Telecommunication network behavior method for real-time monitoring based on multilayer data interception |
| CN101582883A (en) * | 2009-06-26 | 2009-11-18 | 西安电子科技大学 | System and method for managing security of general network |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103744992A (en) * | 2014-01-22 | 2014-04-23 | 重庆心宿二信息技术有限公司 | Control method and control system for accessing to computer file contents |
| CN103744992B (en) * | 2014-01-22 | 2017-05-17 | 重庆心宿二信息技术有限公司 | Control method and control system for accessing to computer file contents |
| CN106127400A (en) * | 2016-06-29 | 2016-11-16 | 北京奇虎科技有限公司 | Work behavior analyzes method and device |
| CN108345902A (en) * | 2018-01-24 | 2018-07-31 | 深圳市永达电子信息股份有限公司 | Self study white list model library structure based on transaction characteristics and white list detection method |
| CN108345902B (en) * | 2018-01-24 | 2021-08-17 | 深圳市永达电子信息股份有限公司 | Self-learning white list model base construction and white list detection method based on transaction characteristics |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104063473B (en) | A kind of database audit monitoring system and its method | |
| CN116488939B (en) | Computer information security monitoring method, system and storage medium | |
| CN108521347B (en) | Industrial control operation and maintenance behavior auditing method, device and system | |
| Montesino et al. | Information security automation: how far can we go? | |
| CN103413088B (en) | A kind of computer document operation safety auditing system | |
| CN100592680C (en) | A device and method for secure information joint processing | |
| KR102033169B1 (en) | intelligence type security log analysis method | |
| CN103795735B (en) | Safety means, server and server info safety implementation method | |
| WO2023216641A1 (en) | Security protection method and system for power terminal | |
| CN111131253A (en) | Scene-based security event global response method, device, equipment and storage medium | |
| CN103441926A (en) | Security gateway system of numerically-controlled machine tool network | |
| CN107463839A (en) | A kind of system and method for managing application program | |
| CN114553537A (en) | Abnormal flow monitoring method and system for industrial Internet | |
| CN108833425A (en) | A kind of network safety system and method based on big data | |
| CN114339767B (en) | Signaling detection method and device, electronic equipment and storage medium | |
| CN101917419A (en) | Job network behavior fire wall | |
| CN111970233A (en) | Analysis and identification method for network violation external connection scene | |
| CN113965355B (en) | Illegal IP (Internet protocol) intra-provincial network plugging method and device based on SOC (system on chip) | |
| CN101917420B (en) | Behavior filtering method of job network behavior fire wall | |
| CN114124450A (en) | Network security system and method for remote storage battery capacity checking | |
| Zhao et al. | Research of intrusion detection system based on neural networks | |
| CN116228195B (en) | Data processing method, device, equipment and storage medium suitable for worksheets | |
| CN102053970B (en) | Database auditing method and system | |
| CN111049853A (en) | Security authentication system based on computer network | |
| CN114745203A (en) | Method and device for monitoring full life cycle of user account |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20101215 |