CN102136935A - Maintenance port and safety protection method thereof - Google Patents

Maintenance port and safety protection method thereof Download PDF

Info

Publication number
CN102136935A
CN102136935A CN2010105466565A CN201010546656A CN102136935A CN 102136935 A CN102136935 A CN 102136935A CN 2010105466565 A CN2010105466565 A CN 2010105466565A CN 201010546656 A CN201010546656 A CN 201010546656A CN 102136935 A CN102136935 A CN 102136935A
Authority
CN
China
Prior art keywords
network port
maintenance network
described maintenance
webmaster
sends
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010105466565A
Other languages
Chinese (zh)
Other versions
CN102136935B (en
Inventor
邓凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Binhai Xingguang Chemical Co., Ltd.
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201010546656.5A priority Critical patent/CN102136935B/en
Publication of CN102136935A publication Critical patent/CN102136935A/en
Application granted granted Critical
Publication of CN102136935B publication Critical patent/CN102136935B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The embodiment of the invention discloses a maintenance port and a safety protection method thereof, which are invented to improve the safety protection performance of the maintenance port. The safety protection method of the maintenance port comprises the following steps: the maintenance port receives a close command sent by a webmaster when the webmaster judges that the maintenance port is not used; the maintenance port is closed according to the close command; the maintenance port receives an opening command sent by the webmaster when the webmaster judges that the maintenance port needs to be used; and the maintenance port is opened according to the opening command. The maintenance port is closed when being not used, and is opened when needing to be used, thus being capable of improving the safety protection performance of the maintenance port without influencing the normal maintaining function of the maintenance port.

Description

A kind of maintenance network port and safety protecting method thereof
Technical field
The present invention relates to a kind of maintenance network port and safety protecting method thereof.
Background technology
Network communication apparatus generally provides the maintenance network port of equipment near-end at present, is used to realize the functions such as maintenance, debugging and failure diagnosis of maintenance terminal.Though prior art is when inserting maintenance network port, maintenance network port universal demand input username and password authenticates, and to guarantee the legitimacy of visit maintenance network port, still has bigger potential safety hazard.For example, at the username and password that adopts acquiescence, perhaps username and password is lost or when being cracked, this maintenance network port may be by unauthorized access.In addition, maintenance network port is only realized simple message flow control, does not support complicated network anti-attack ability, is facing such as TCP, denial of service (Denial of Service, DoS), when IP fragmentation and deception etc. are attacked, probably cause equipment fault or reset.
Summary of the invention
The problem of, anti-attack ability difference low at the maintenance network port security reliability, the embodiment of the invention provides a kind of maintenance network port and safety protecting method thereof, can promote the security protection performance of maintenance network port.
The embodiment of the invention adopts following technical scheme:
A kind of safety protecting method of maintenance network port comprises:
Maintenance network port receives the shutdown command that webmaster sends, and described shutdown command is that webmaster sends when judging that maintenance network port is idle;
Described maintenance network port is closed described maintenance network port according to described shutdown command;
Maintenance network port receives the open command that described webmaster sends, and described open command is that webmaster is being judged and need sent during the described maintenance network port of use;
Described maintenance network port is opened described maintenance network port according to the open command that described webmaster sends.
A kind of maintenance network port comprises:
Receiving system is used to receive the shutdown command that webmaster sends, and described shutdown command is that described webmaster sends when judging that maintenance network port is idle;
Shutoff device is used for cutting out described maintenance network port according to the shutdown command that described receiving system receives;
Described receiving system also is used to receive the open command that webmaster sends, and described open command is that described webmaster sends when needs use described maintenance network port;
Opening device is used for opening described maintenance network port according to the open command that described receiving system receives.
By the technical scheme of the embodiment of the invention as can be known, between the maintenance network port lay-up period, by receiving the shutdown command that webmaster sends, described maintenance network port is closed described maintenance network port according to described shutdown command, can avoid contingent various unauthorized access and attack; When needs working service network interface, by receiving the open command that webmaster sends to described maintenance network port, described maintenance network port is opened described maintenance network port according to described open command, thereby can when not influencing the conventional maintenance function of maintenance network port, promote the security protection performance of maintenance network port.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention, the accompanying drawing of required use is done an introduction simply in will describing embodiment below.
Fig. 1 is the flow chart of safety protecting method of a kind of maintenance network port of the embodiment of the invention;
Fig. 2 is the flow chart of safety protecting method of the another kind of maintenance network port of the embodiment of the invention;
The flow chart of the safety protecting method of the another kind of maintenance network port that Fig. 3 provides for the embodiment of the invention;
The structural representation of a kind of maintenance network port that Fig. 4 provides for the embodiment of the invention;
The structural representation of the another kind of maintenance network port that Fig. 5 provides for the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing, the technical scheme in the embodiment of the invention is further described.
Referring to Fig. 1, the safety protecting method of the maintenance network port that the embodiment of the invention provides comprises:
S11, when webmaster judged that maintenance network port is idle, described maintenance network port received the shutdown command that webmaster sends;
S12, described maintenance network port is closed described maintenance network port according to described shutdown command;
S13, when the webmaster judgement needed to use described maintenance network port, described maintenance network port received the open command that described webmaster sends;
S14, described maintenance network port is opened described maintenance network port according to described open command.
Maintenance network port can be according to the configuration order of webmaster transmission, the opening and closing of control maintenance network port.For example when maintenance network port is in idle state, receive the shutdown command that webmaster sends to maintenance network port, described maintenance network port is closed in indication, thereby avoids contingent unauthorized access and attack.
The mode that maintenance network port is closed maintenance network port according to described shutdown command has multiple, for example can physical layer with the link of described maintenance network port (for example: Link) be set to invalid (for example: Disable); Also can close the message processing of described maintenance network port in data link layer.Certainly can also be provided with maintenance network port in session layer and application layer, closing the communication of maintenance network port and maintenance terminal, thereby avoid various contingent unauthorized access and attack from maintenance terminal.
When the webmaster judgement needed to use described maintenance network port, described maintenance network port received the open command that webmaster sends, and opens described maintenance network port, thereby can not have influence on the conventional maintenance function of described maintenance network port to maintenance terminal.
Corresponding mode of opening maintenance network port also has multiple, for example effectively (for example: Enable) can be set at the link of the described maintenance network port of physical layer; Also can open the message processing of described maintenance network port in data link layer.Certainly can also be provided with maintenance network port in session layer and application layer, open the communication of maintenance network port and maintenance terminal, thereby realize maintenance function maintenance terminal.
Further, referring to Fig. 2, the safety protecting method of the maintenance network port that provides for the embodiment of the invention can also comprise:
S21, the described maintenance network port access events to described maintenance network port when opening is monitored;
S22, when monitoring the generation access events, described maintenance network port sends access warning to described webmaster.
The mode that maintenance network port is monitored the access events of described maintenance network port when opening has multiple, for example can monitor the Link State of described maintenance network port in physical layer, when Link State changes, for example by interrupt (for example: Down) state change into unimpeded (for example: UP) during state, then confirm described maintenance network port generation access events; Can also handle at the message that data link layer be monitored described maintenance network port, when packet sending and receiving occurring, as when receiving message, then confirm described maintenance network port generation access events.Certainly can also monitor the access events of maintenance network port in session layer and application layer, thereby in time monitor various access from maintenance terminal, so that report access warning, remind the various possible unauthorized access of network management monitoring and processing maintenance network port to described webmaster.
Referring to Fig. 3, the safety protecting method flow chart of the maintenance network port that Fig. 3 provides for the embodiment of the invention.Communication link by equipment room between higher level equipment 1 and the subordinate equipment 2 is realized communication, the webmaster 3 of higher level equipment is provided with order to maintenance network port 4 transmissions of subordinate equipment, between maintenance network port 4 lay-up periods, close this maintenance network port 4, thereby avoid contingent unauthorized access and attack, need to open this maintenance network port 4 between the operating period at maintenance network port 4, thereby realize the conventional maintenance function of 4 pairs of maintenance terminals 5 of maintenance network port.Further, when maintenance network port 4 was opened, maintenance network port 4 was also monitored the access of maintenance terminal 5, when monitoring access events, webmaster 3 to higher level equipment reports access warning, so that remind webmaster 3 monitoring and handle maintenance network port 4 contingent unauthorized access.Hence one can see that, by the said method that adopts the embodiment of the invention to provide, can promote the security protection performance of maintenance network port.
Referring to Fig. 4, Fig. 4 is the maintenance network port that the embodiment of the invention provides, and comprising:
Receiving system 43 is used to receive the shutdown command that webmaster sends, and described shutdown command is that described webmaster sends when judging that maintenance network port is idle;
Shutoff device 41 is used for cutting out described maintenance network port according to the shutdown command that described receiving system receives;
Described receiving system 43 also is used to receive the open command that webmaster sends, and described open command is that described webmaster sends when needs use described maintenance network port;
Opening device 42 is used for opening described maintenance network port according to the open command that described receiving system receives.
Wherein, described shutoff device 41 specifically can be, it is invalid to be set at the link of the described maintenance network port of physical layer; Perhaps, close the message processing of described maintenance network port in data link layer.
Described opening device 42 specifically can be, is set to effectively at the link of the described maintenance network port of physical layer; Perhaps, open the message processing of described maintenance network port in data link layer.
The maintenance network port that the embodiment of the invention provides when maintenance network port is idle, is closed described maintenance network port by shutoff device 41 according to the shutdown command that webmaster sends, and can avoid various possible unauthorized access and attack; When needs working service network interface uses, open described maintenance network port by opening device 42 according to the open command that described webmaster sends, thereby can when not influencing the conventional maintenance function of maintenance network port, promote the security protection performance of maintenance network port.
Further, referring to Fig. 5, the maintenance network port that the embodiment of the invention provides can also comprise:
Monitoring device 51 is used for when opening device 42 has been opened maintenance network port the access incident to described maintenance network port and monitors; With,
Alarm device 52 is used for sending access warning to described webmaster when monitoring device 51 monitors generation access incident.
Wherein, described monitoring device 51 specifically can be, monitors the Link State of described maintenance network port in physical layer, when Link State changes, when changing into unimpeded state by interrupt status, then confirms described maintenance network port generation access incident; Perhaps, monitor the message of described maintenance network port in data link layer and handle, when packet sending and receiving occurring, then confirm described maintenance network port generation access incident.
Send the maintenance network port that the embodiment of the invention provides, when maintenance network port is opened, access incident by monitoring device 51 monitoring and maintenance network interfaces, and when monitoring generation access incident, report access warning by alarm device 52 to described webmaster, thereby can remind network management monitoring and handle the unauthorized access that maintenance network port takes place, further promote the security protection performance of maintenance network port.
The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.

Claims (10)

1. the safety protecting method of a maintenance network port is characterized in that, comprising:
Maintenance network port receives the shutdown command that webmaster sends, and described shutdown command is that webmaster sends when judging that maintenance network port is idle;
Described maintenance network port is closed described maintenance network port according to described shutdown command;
Maintenance network port receives the open command that described webmaster sends, and described open command is that webmaster is being judged and need sent during the described maintenance network port of use;
Described maintenance network port is opened described maintenance network port according to the open command that described webmaster sends.
2. method according to claim 1 is characterized in that, the open command that described maintenance network port sends according to described webmaster is opened described maintenance network port and comprised:
It is invalid to be set at the link of the described maintenance network port of physical layer;
Perhaps, close the message processing of described maintenance network port in data link layer.
3. method according to claim 1 is characterized in that, the open command that described maintenance network port sends according to described webmaster is opened described maintenance network port transmission and comprised:
Link at the described maintenance network port of physical layer is set to effectively;
Perhaps, open the message processing of described maintenance network port in data link layer.
4. according to the arbitrary described method of claim 1-3, it is characterized in that described method also comprises:
Described maintenance network port is monitored the access events of described maintenance network port when opening;
When monitoring the generation access events, described maintenance network port reports access warning to described webmaster.
5. method according to claim 4 is characterized in that, described maintenance network port is monitored the access events of described maintenance network port when opening and comprised:
Described maintenance network port is monitored the Link State of described maintenance network port in physical layer, when Link State changes, then judges described maintenance network port generation access events;
Perhaps, the message that described maintenance network port is monitored described maintenance network port in data link layer is handled, and when packet sending and receiving occurring, then judges described maintenance network port generation access events.
6. a maintenance network port is characterized in that, comprising:
Receiving system is used to receive the shutdown command that webmaster sends, and described shutdown command is that described webmaster sends when judging that maintenance network port is idle;
Shutoff device is used for cutting out described maintenance network port according to the shutdown command that described receiving system receives;
Described receiving system also is used to receive the open command that webmaster sends, and described open command is that described webmaster sends when needs use described maintenance network port;
Opening device is used for opening described maintenance network port according to the open command that described receiving system receives.
7. maintenance network port according to claim 6 is characterized in that, described shutoff device specifically is used for link at the described maintenance network port of physical layer and is set to invalidly, and perhaps the message of closing described maintenance network port in data link layer is handled.
8. maintenance network port according to claim 6 is characterized in that, described opening device specifically is used for being set to effectively at the link of the described maintenance network port of physical layer, perhaps opens the message processing of described maintenance network port in data link layer.
9. according to the arbitrary described maintenance network port of claim 6-8, it is characterized in that described maintenance network port also comprises:
Monitoring device is used for when opening device has been opened maintenance network port the access incident to described maintenance network port and monitors; With
Alarm device is used for when monitoring the access incident, sends access warning to described webmaster.
10. maintenance network port according to claim 9, it is characterized in that, described monitoring device specifically is used for monitoring in physical layer the Link State of described maintenance network port, when Link State changes, then confirm described maintenance network port generation access incident, perhaps monitor the message processing of described maintenance network port, when packet sending and receiving occurring, then confirm described maintenance network port generation access incident in data link layer.
CN201010546656.5A 2010-11-16 2010-11-16 Maintenance port and safety protection method thereof Expired - Fee Related CN102136935B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010546656.5A CN102136935B (en) 2010-11-16 2010-11-16 Maintenance port and safety protection method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010546656.5A CN102136935B (en) 2010-11-16 2010-11-16 Maintenance port and safety protection method thereof

Publications (2)

Publication Number Publication Date
CN102136935A true CN102136935A (en) 2011-07-27
CN102136935B CN102136935B (en) 2014-06-11

Family

ID=44296596

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010546656.5A Expired - Fee Related CN102136935B (en) 2010-11-16 2010-11-16 Maintenance port and safety protection method thereof

Country Status (1)

Country Link
CN (1) CN102136935B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571424A (en) * 2011-12-29 2012-07-11 华为技术服务有限公司 Processing method, device and system for engineering event
CN110610107A (en) * 2018-06-14 2019-12-24 北京众享比特科技有限公司 Network interface, interface device, physical intrusion prevention method, device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1440172A (en) * 2002-02-22 2003-09-03 联想(北京)有限公司 Fire wall package filtering dynamic switch H.323 protocol communication channel method
CN101364983A (en) * 2007-08-06 2009-02-11 株式会社东芝 Communication apparatus and network connection management program
CN101364878A (en) * 2007-08-10 2009-02-11 海华科技股份有限公司 Method and system for automatically network connection port monitoring
CN101478448A (en) * 2009-02-09 2009-07-08 中兴通讯股份有限公司 Control method and apparatus for Ethernet switching equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1440172A (en) * 2002-02-22 2003-09-03 联想(北京)有限公司 Fire wall package filtering dynamic switch H.323 protocol communication channel method
CN101364983A (en) * 2007-08-06 2009-02-11 株式会社东芝 Communication apparatus and network connection management program
CN101364878A (en) * 2007-08-10 2009-02-11 海华科技股份有限公司 Method and system for automatically network connection port monitoring
CN101478448A (en) * 2009-02-09 2009-07-08 中兴通讯股份有限公司 Control method and apparatus for Ethernet switching equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李淑一: "浅谈计算机端口维护", 《科技咨询导报》, no. 16, 31 December 2007 (2007-12-31) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571424A (en) * 2011-12-29 2012-07-11 华为技术服务有限公司 Processing method, device and system for engineering event
CN110610107A (en) * 2018-06-14 2019-12-24 北京众享比特科技有限公司 Network interface, interface device, physical intrusion prevention method, device and storage medium

Also Published As

Publication number Publication date
CN102136935B (en) 2014-06-11

Similar Documents

Publication Publication Date Title
CN107493265B (en) A kind of network security monitoring method towards industrial control system
US8756411B2 (en) Application layer security proxy for automation and control system networks
KR101977731B1 (en) Apparatus and method for detecting anomaly in a controller system
Mallouhi et al. A testbed for analyzing security of SCADA control systems (TASSCS)
KR20210003933A (en) External terminal protection device and protection system
WO2009031453A1 (en) Network security monitor apparatus and network security monitor system
CN101636968A (en) Method for preventing denial of service attacks using transmission control protocol state transition
CN101034976B (en) Intrusion detection in an IP connected security system
CN214306527U (en) Gas pipe network scheduling monitoring network safety system
Januário et al. Security challenges in SCADA systems over Wireless Sensor and Actuator Networks
CN102136935B (en) Maintenance port and safety protection method thereof
Zhang et al. Investigating the impact of cyber attacks on power system reliability
KR102073354B1 (en) Supervisory Control And Data Acquisition for Protection Relay
CN103621043B (en) For monitoring the method and apparatus of vpn tunneling
CN107968777B (en) Network security monitoring system
CN111885179B (en) External terminal protection device and protection system based on file monitoring service
CN113467311B (en) Electric power Internet of things safety protection device and method based on software definition
CN112929373B (en) Intranet equipment protection method
CN107294998A (en) A kind of security protection system of intelligent electric power electrical secondary system
CN111859434A (en) External terminal protection device and protection system for providing confidential file transmission
CN109672569A (en) A kind of research of industry control safety monitoring system and application based on protocol depth analysis
Hou et al. Digital substation cyber security analysis with SYN-flood attack as a simulation case
CN111988333B (en) Proxy software work abnormality detection method, device and medium
CN215912109U (en) Industrial control network architecture for real-time detection of network data traffic and attack
CN117041760B (en) Communication network switching device, system and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: SHENZHEN LIANCHUANG INTELLECTUAL PROPERTY SERVICE

Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD.

Effective date: 20150702

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150702

Address after: 518129 Nanshan District Nanshan digital cultural industry base, east block, Guangdong, Shenzhen 407

Patentee after: Shenzhen LIAN intellectual property service center

Address before: 518129 headquarters building of Bantian HUAWEI base, Longgang District, Guangdong, Shenzhen

Patentee before: Huawei Technologies Co., Ltd.

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20160128

Address after: 224555 Jiangsu province Yancheng City Binhuai town head Zeng Village (Yancheng City coastal chemical industry park)

Patentee after: Binhai Xingguang Chemical Co., Ltd.

Address before: 518129 Nanshan District Nanshan digital cultural industry base, east block, Guangdong, Shenzhen 407

Patentee before: Shenzhen LIAN intellectual property service center

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20140611

Termination date: 20151116

EXPY Termination of patent right or utility model