CN102136935A - Maintenance port and safety protection method thereof - Google Patents
Maintenance port and safety protection method thereof Download PDFInfo
- Publication number
- CN102136935A CN102136935A CN2010105466565A CN201010546656A CN102136935A CN 102136935 A CN102136935 A CN 102136935A CN 2010105466565 A CN2010105466565 A CN 2010105466565A CN 201010546656 A CN201010546656 A CN 201010546656A CN 102136935 A CN102136935 A CN 102136935A
- Authority
- CN
- China
- Prior art keywords
- network port
- maintenance network
- described maintenance
- webmaster
- sends
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The embodiment of the invention discloses a maintenance port and a safety protection method thereof, which are invented to improve the safety protection performance of the maintenance port. The safety protection method of the maintenance port comprises the following steps: the maintenance port receives a close command sent by a webmaster when the webmaster judges that the maintenance port is not used; the maintenance port is closed according to the close command; the maintenance port receives an opening command sent by the webmaster when the webmaster judges that the maintenance port needs to be used; and the maintenance port is opened according to the opening command. The maintenance port is closed when being not used, and is opened when needing to be used, thus being capable of improving the safety protection performance of the maintenance port without influencing the normal maintaining function of the maintenance port.
Description
Technical field
The present invention relates to a kind of maintenance network port and safety protecting method thereof.
Background technology
Network communication apparatus generally provides the maintenance network port of equipment near-end at present, is used to realize the functions such as maintenance, debugging and failure diagnosis of maintenance terminal.Though prior art is when inserting maintenance network port, maintenance network port universal demand input username and password authenticates, and to guarantee the legitimacy of visit maintenance network port, still has bigger potential safety hazard.For example, at the username and password that adopts acquiescence, perhaps username and password is lost or when being cracked, this maintenance network port may be by unauthorized access.In addition, maintenance network port is only realized simple message flow control, does not support complicated network anti-attack ability, is facing such as TCP, denial of service (Denial of Service, DoS), when IP fragmentation and deception etc. are attacked, probably cause equipment fault or reset.
Summary of the invention
The problem of, anti-attack ability difference low at the maintenance network port security reliability, the embodiment of the invention provides a kind of maintenance network port and safety protecting method thereof, can promote the security protection performance of maintenance network port.
The embodiment of the invention adopts following technical scheme:
A kind of safety protecting method of maintenance network port comprises:
Maintenance network port receives the shutdown command that webmaster sends, and described shutdown command is that webmaster sends when judging that maintenance network port is idle;
Described maintenance network port is closed described maintenance network port according to described shutdown command;
Maintenance network port receives the open command that described webmaster sends, and described open command is that webmaster is being judged and need sent during the described maintenance network port of use;
Described maintenance network port is opened described maintenance network port according to the open command that described webmaster sends.
A kind of maintenance network port comprises:
Receiving system is used to receive the shutdown command that webmaster sends, and described shutdown command is that described webmaster sends when judging that maintenance network port is idle;
Shutoff device is used for cutting out described maintenance network port according to the shutdown command that described receiving system receives;
Described receiving system also is used to receive the open command that webmaster sends, and described open command is that described webmaster sends when needs use described maintenance network port;
Opening device is used for opening described maintenance network port according to the open command that described receiving system receives.
By the technical scheme of the embodiment of the invention as can be known, between the maintenance network port lay-up period, by receiving the shutdown command that webmaster sends, described maintenance network port is closed described maintenance network port according to described shutdown command, can avoid contingent various unauthorized access and attack; When needs working service network interface, by receiving the open command that webmaster sends to described maintenance network port, described maintenance network port is opened described maintenance network port according to described open command, thereby can when not influencing the conventional maintenance function of maintenance network port, promote the security protection performance of maintenance network port.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention, the accompanying drawing of required use is done an introduction simply in will describing embodiment below.
Fig. 1 is the flow chart of safety protecting method of a kind of maintenance network port of the embodiment of the invention;
Fig. 2 is the flow chart of safety protecting method of the another kind of maintenance network port of the embodiment of the invention;
The flow chart of the safety protecting method of the another kind of maintenance network port that Fig. 3 provides for the embodiment of the invention;
The structural representation of a kind of maintenance network port that Fig. 4 provides for the embodiment of the invention;
The structural representation of the another kind of maintenance network port that Fig. 5 provides for the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing, the technical scheme in the embodiment of the invention is further described.
Referring to Fig. 1, the safety protecting method of the maintenance network port that the embodiment of the invention provides comprises:
S11, when webmaster judged that maintenance network port is idle, described maintenance network port received the shutdown command that webmaster sends;
S12, described maintenance network port is closed described maintenance network port according to described shutdown command;
S13, when the webmaster judgement needed to use described maintenance network port, described maintenance network port received the open command that described webmaster sends;
S14, described maintenance network port is opened described maintenance network port according to described open command.
Maintenance network port can be according to the configuration order of webmaster transmission, the opening and closing of control maintenance network port.For example when maintenance network port is in idle state, receive the shutdown command that webmaster sends to maintenance network port, described maintenance network port is closed in indication, thereby avoids contingent unauthorized access and attack.
The mode that maintenance network port is closed maintenance network port according to described shutdown command has multiple, for example can physical layer with the link of described maintenance network port (for example: Link) be set to invalid (for example: Disable); Also can close the message processing of described maintenance network port in data link layer.Certainly can also be provided with maintenance network port in session layer and application layer, closing the communication of maintenance network port and maintenance terminal, thereby avoid various contingent unauthorized access and attack from maintenance terminal.
When the webmaster judgement needed to use described maintenance network port, described maintenance network port received the open command that webmaster sends, and opens described maintenance network port, thereby can not have influence on the conventional maintenance function of described maintenance network port to maintenance terminal.
Corresponding mode of opening maintenance network port also has multiple, for example effectively (for example: Enable) can be set at the link of the described maintenance network port of physical layer; Also can open the message processing of described maintenance network port in data link layer.Certainly can also be provided with maintenance network port in session layer and application layer, open the communication of maintenance network port and maintenance terminal, thereby realize maintenance function maintenance terminal.
Further, referring to Fig. 2, the safety protecting method of the maintenance network port that provides for the embodiment of the invention can also comprise:
S21, the described maintenance network port access events to described maintenance network port when opening is monitored;
S22, when monitoring the generation access events, described maintenance network port sends access warning to described webmaster.
The mode that maintenance network port is monitored the access events of described maintenance network port when opening has multiple, for example can monitor the Link State of described maintenance network port in physical layer, when Link State changes, for example by interrupt (for example: Down) state change into unimpeded (for example: UP) during state, then confirm described maintenance network port generation access events; Can also handle at the message that data link layer be monitored described maintenance network port, when packet sending and receiving occurring, as when receiving message, then confirm described maintenance network port generation access events.Certainly can also monitor the access events of maintenance network port in session layer and application layer, thereby in time monitor various access from maintenance terminal, so that report access warning, remind the various possible unauthorized access of network management monitoring and processing maintenance network port to described webmaster.
Referring to Fig. 3, the safety protecting method flow chart of the maintenance network port that Fig. 3 provides for the embodiment of the invention.Communication link by equipment room between higher level equipment 1 and the subordinate equipment 2 is realized communication, the webmaster 3 of higher level equipment is provided with order to maintenance network port 4 transmissions of subordinate equipment, between maintenance network port 4 lay-up periods, close this maintenance network port 4, thereby avoid contingent unauthorized access and attack, need to open this maintenance network port 4 between the operating period at maintenance network port 4, thereby realize the conventional maintenance function of 4 pairs of maintenance terminals 5 of maintenance network port.Further, when maintenance network port 4 was opened, maintenance network port 4 was also monitored the access of maintenance terminal 5, when monitoring access events, webmaster 3 to higher level equipment reports access warning, so that remind webmaster 3 monitoring and handle maintenance network port 4 contingent unauthorized access.Hence one can see that, by the said method that adopts the embodiment of the invention to provide, can promote the security protection performance of maintenance network port.
Referring to Fig. 4, Fig. 4 is the maintenance network port that the embodiment of the invention provides, and comprising:
Receiving system 43 is used to receive the shutdown command that webmaster sends, and described shutdown command is that described webmaster sends when judging that maintenance network port is idle;
Described receiving system 43 also is used to receive the open command that webmaster sends, and described open command is that described webmaster sends when needs use described maintenance network port;
Wherein, described shutoff device 41 specifically can be, it is invalid to be set at the link of the described maintenance network port of physical layer; Perhaps, close the message processing of described maintenance network port in data link layer.
Described opening device 42 specifically can be, is set to effectively at the link of the described maintenance network port of physical layer; Perhaps, open the message processing of described maintenance network port in data link layer.
The maintenance network port that the embodiment of the invention provides when maintenance network port is idle, is closed described maintenance network port by shutoff device 41 according to the shutdown command that webmaster sends, and can avoid various possible unauthorized access and attack; When needs working service network interface uses, open described maintenance network port by opening device 42 according to the open command that described webmaster sends, thereby can when not influencing the conventional maintenance function of maintenance network port, promote the security protection performance of maintenance network port.
Further, referring to Fig. 5, the maintenance network port that the embodiment of the invention provides can also comprise:
Wherein, described monitoring device 51 specifically can be, monitors the Link State of described maintenance network port in physical layer, when Link State changes, when changing into unimpeded state by interrupt status, then confirms described maintenance network port generation access incident; Perhaps, monitor the message of described maintenance network port in data link layer and handle, when packet sending and receiving occurring, then confirm described maintenance network port generation access incident.
Send the maintenance network port that the embodiment of the invention provides, when maintenance network port is opened, access incident by monitoring device 51 monitoring and maintenance network interfaces, and when monitoring generation access incident, report access warning by alarm device 52 to described webmaster, thereby can remind network management monitoring and handle the unauthorized access that maintenance network port takes place, further promote the security protection performance of maintenance network port.
The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (10)
1. the safety protecting method of a maintenance network port is characterized in that, comprising:
Maintenance network port receives the shutdown command that webmaster sends, and described shutdown command is that webmaster sends when judging that maintenance network port is idle;
Described maintenance network port is closed described maintenance network port according to described shutdown command;
Maintenance network port receives the open command that described webmaster sends, and described open command is that webmaster is being judged and need sent during the described maintenance network port of use;
Described maintenance network port is opened described maintenance network port according to the open command that described webmaster sends.
2. method according to claim 1 is characterized in that, the open command that described maintenance network port sends according to described webmaster is opened described maintenance network port and comprised:
It is invalid to be set at the link of the described maintenance network port of physical layer;
Perhaps, close the message processing of described maintenance network port in data link layer.
3. method according to claim 1 is characterized in that, the open command that described maintenance network port sends according to described webmaster is opened described maintenance network port transmission and comprised:
Link at the described maintenance network port of physical layer is set to effectively;
Perhaps, open the message processing of described maintenance network port in data link layer.
4. according to the arbitrary described method of claim 1-3, it is characterized in that described method also comprises:
Described maintenance network port is monitored the access events of described maintenance network port when opening;
When monitoring the generation access events, described maintenance network port reports access warning to described webmaster.
5. method according to claim 4 is characterized in that, described maintenance network port is monitored the access events of described maintenance network port when opening and comprised:
Described maintenance network port is monitored the Link State of described maintenance network port in physical layer, when Link State changes, then judges described maintenance network port generation access events;
Perhaps, the message that described maintenance network port is monitored described maintenance network port in data link layer is handled, and when packet sending and receiving occurring, then judges described maintenance network port generation access events.
6. a maintenance network port is characterized in that, comprising:
Receiving system is used to receive the shutdown command that webmaster sends, and described shutdown command is that described webmaster sends when judging that maintenance network port is idle;
Shutoff device is used for cutting out described maintenance network port according to the shutdown command that described receiving system receives;
Described receiving system also is used to receive the open command that webmaster sends, and described open command is that described webmaster sends when needs use described maintenance network port;
Opening device is used for opening described maintenance network port according to the open command that described receiving system receives.
7. maintenance network port according to claim 6 is characterized in that, described shutoff device specifically is used for link at the described maintenance network port of physical layer and is set to invalidly, and perhaps the message of closing described maintenance network port in data link layer is handled.
8. maintenance network port according to claim 6 is characterized in that, described opening device specifically is used for being set to effectively at the link of the described maintenance network port of physical layer, perhaps opens the message processing of described maintenance network port in data link layer.
9. according to the arbitrary described maintenance network port of claim 6-8, it is characterized in that described maintenance network port also comprises:
Monitoring device is used for when opening device has been opened maintenance network port the access incident to described maintenance network port and monitors; With
Alarm device is used for when monitoring the access incident, sends access warning to described webmaster.
10. maintenance network port according to claim 9, it is characterized in that, described monitoring device specifically is used for monitoring in physical layer the Link State of described maintenance network port, when Link State changes, then confirm described maintenance network port generation access incident, perhaps monitor the message processing of described maintenance network port, when packet sending and receiving occurring, then confirm described maintenance network port generation access incident in data link layer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010546656.5A CN102136935B (en) | 2010-11-16 | 2010-11-16 | Maintenance port and safety protection method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010546656.5A CN102136935B (en) | 2010-11-16 | 2010-11-16 | Maintenance port and safety protection method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102136935A true CN102136935A (en) | 2011-07-27 |
| CN102136935B CN102136935B (en) | 2014-06-11 |
Family
ID=44296596
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010546656.5A Expired - Fee Related CN102136935B (en) | 2010-11-16 | 2010-11-16 | Maintenance port and safety protection method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102136935B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571424A (en) * | 2011-12-29 | 2012-07-11 | 华为技术服务有限公司 | Processing method, device and system for engineering event |
| CN110610107A (en) * | 2018-06-14 | 2019-12-24 | 北京众享比特科技有限公司 | Network interface, interface device, physical intrusion prevention method, device and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1440172A (en) * | 2002-02-22 | 2003-09-03 | 联想(北京)有限公司 | Fire wall package filtering dynamic switch H.323 protocol communication channel method |
| CN101364983A (en) * | 2007-08-06 | 2009-02-11 | 株式会社东芝 | Communication apparatus and network connection management program |
| CN101364878A (en) * | 2007-08-10 | 2009-02-11 | 海华科技股份有限公司 | Method and system for automatically network connection port monitoring |
| CN101478448A (en) * | 2009-02-09 | 2009-07-08 | 中兴通讯股份有限公司 | Control method and apparatus for Ethernet switching equipment |
-
2010
- 2010-11-16 CN CN201010546656.5A patent/CN102136935B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1440172A (en) * | 2002-02-22 | 2003-09-03 | 联想(北京)有限公司 | Fire wall package filtering dynamic switch H.323 protocol communication channel method |
| CN101364983A (en) * | 2007-08-06 | 2009-02-11 | 株式会社东芝 | Communication apparatus and network connection management program |
| CN101364878A (en) * | 2007-08-10 | 2009-02-11 | 海华科技股份有限公司 | Method and system for automatically network connection port monitoring |
| CN101478448A (en) * | 2009-02-09 | 2009-07-08 | 中兴通讯股份有限公司 | Control method and apparatus for Ethernet switching equipment |
Non-Patent Citations (1)
| Title |
|---|
| 李淑一: "浅谈计算机端口维护", 《科技咨询导报》, no. 16, 31 December 2007 (2007-12-31) * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571424A (en) * | 2011-12-29 | 2012-07-11 | 华为技术服务有限公司 | Processing method, device and system for engineering event |
| CN110610107A (en) * | 2018-06-14 | 2019-12-24 | 北京众享比特科技有限公司 | Network interface, interface device, physical intrusion prevention method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102136935B (en) | 2014-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107493265B (en) | A kind of network security monitoring method towards industrial control system | |
| US8756411B2 (en) | Application layer security proxy for automation and control system networks | |
| KR101977731B1 (en) | Apparatus and method for detecting anomaly in a controller system | |
| Mallouhi et al. | A testbed for analyzing security of SCADA control systems (TASSCS) | |
| KR20210003933A (en) | External terminal protection device and protection system | |
| WO2009031453A1 (en) | Network security monitor apparatus and network security monitor system | |
| CN101636968A (en) | Method for preventing denial of service attacks using transmission control protocol state transition | |
| CN101034976B (en) | Intrusion detection in an IP connected security system | |
| CN214306527U (en) | Gas pipe network scheduling monitoring network safety system | |
| Januário et al. | Security challenges in SCADA systems over Wireless Sensor and Actuator Networks | |
| CN102136935B (en) | Maintenance port and safety protection method thereof | |
| Zhang et al. | Investigating the impact of cyber attacks on power system reliability | |
| KR102073354B1 (en) | Supervisory Control And Data Acquisition for Protection Relay | |
| CN103621043B (en) | For monitoring the method and apparatus of vpn tunneling | |
| CN107968777B (en) | Network security monitoring system | |
| CN111885179B (en) | External terminal protection device and protection system based on file monitoring service | |
| CN113467311B (en) | Electric power Internet of things safety protection device and method based on software definition | |
| CN112929373B (en) | Intranet equipment protection method | |
| CN107294998A (en) | A kind of security protection system of intelligent electric power electrical secondary system | |
| CN111859434A (en) | External terminal protection device and protection system for providing confidential file transmission | |
| CN109672569A (en) | A kind of research of industry control safety monitoring system and application based on protocol depth analysis | |
| Hou et al. | Digital substation cyber security analysis with SYN-flood attack as a simulation case | |
| CN111988333B (en) | Proxy software work abnormality detection method, device and medium | |
| CN215912109U (en) | Industrial control network architecture for real-time detection of network data traffic and attack | |
| CN117041760B (en) | Communication network switching device, system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN LIANCHUANG INTELLECTUAL PROPERTY SERVICE Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD. Effective date: 20150702 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20150702 Address after: 518129 Nanshan District Nanshan digital cultural industry base, east block, Guangdong, Shenzhen 407 Patentee after: Shenzhen LIAN intellectual property service center Address before: 518129 headquarters building of Bantian HUAWEI base, Longgang District, Guangdong, Shenzhen Patentee before: Huawei Technologies Co., Ltd. |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20160128 Address after: 224555 Jiangsu province Yancheng City Binhuai town head Zeng Village (Yancheng City coastal chemical industry park) Patentee after: Binhai Xingguang Chemical Co., Ltd. Address before: 518129 Nanshan District Nanshan digital cultural industry base, east block, Guangdong, Shenzhen 407 Patentee before: Shenzhen LIAN intellectual property service center |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140611 Termination date: 20151116 |
|
| EXPY | Termination of patent right or utility model |