CN102136935B - Maintenance port and safety protection method thereof - Google Patents
Maintenance port and safety protection method thereof Download PDFInfo
- Publication number
- CN102136935B CN102136935B CN201010546656.5A CN201010546656A CN102136935B CN 102136935 B CN102136935 B CN 102136935B CN 201010546656 A CN201010546656 A CN 201010546656A CN 102136935 B CN102136935 B CN 102136935B
- Authority
- CN
- China
- Prior art keywords
- network port
- maintenance network
- described maintenance
- webmaster
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The embodiment of the invention discloses a maintenance port and a safety protection method thereof, which are invented to improve the safety protection performance of the maintenance port. The safety protection method of the maintenance port comprises the following steps: the maintenance port receives a close command sent by a webmaster when the webmaster judges that the maintenance port is not used; the maintenance port is closed according to the close command; the maintenance port receives an opening command sent by the webmaster when the webmaster judges that the maintenance port needs to be used; and the maintenance port is opened according to the opening command. The maintenance port is closed when being not used, and is opened when needing to be used, thus being capable of improving the safety protection performance of the maintenance port without influencing the normal maintaining function of the maintenance port.
Description
Technical field
The present invention relates to a kind of maintenance network port and safety protecting method thereof.
Background technology
At present network communication apparatus generally provides the maintenance network port of equipment near-end, for realizing the function such as maintenance, debugging and failure diagnosis of maintenance terminal.Although prior art is in the time of access maintenance network port, maintenance network port generally requires to input username and password and authenticates, and to guarantee to access the legitimacy of maintenance network port, still has larger potential safety hazard.For example, at the username and password that adopts acquiescence, or username and password is lost or while being cracked, this maintenance network port may be by unauthorized access.In addition, maintenance network port is only realized simple message flow control, does not support complicated network anti-attack ability, is facing such as TCP, denial of service (Denial of Service, DoS), IP fragmentation and deception etc. are while attacking, probably cause equipment fault or reset.
Summary of the invention
The problem low for maintenance network port security reliability, anti-attack ability is poor, the embodiment of the present invention provides a kind of maintenance network port and safety protecting method thereof, can promote the security protection performance of maintenance network port.
The embodiment of the present invention adopts following technical scheme:
A safety protecting method for maintenance network port, comprising:
Maintenance network port receives the shutdown command that webmaster sends, and described shutdown command is that webmaster sends in the time judging that maintenance network port is idle;
Described maintenance network port is closed described maintenance network port according to described shutdown command;
Maintenance network port receives the open command that described webmaster sends, and described open command is that webmaster sends in the time that judgement need to be used described maintenance network port;
The open command that described maintenance network port sends according to described webmaster is opened described maintenance network port.
A kind of maintenance network port, comprising:
Receiving system, the shutdown command sending for receiving webmaster, described shutdown command is that described webmaster sends in the time judging that maintenance network port is idle;
Shutoff device, cuts out described maintenance network port for the shutdown command receiving according to described receiving system;
The open command that described receiving system also sends for receiving webmaster, described open command is that described webmaster sends in the time that needs use described maintenance network port;
Opening device, opens described maintenance network port for the open command receiving according to described receiving system.
From the technical scheme of the embodiment of the present invention, between maintenance network port lay-up period, the shutdown command sending by receiving webmaster, described maintenance network port is closed described maintenance network port according to described shutdown command, can avoid contingent various unauthorized access and attack; In the time of needs working service network interface, the open command sending to described maintenance network port by receiving webmaster, described maintenance network port is opened described maintenance network port according to described open command, thereby can, in not affecting the conventional maintenance function of maintenance network port, promote the security protection performance of maintenance network port.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described.
Fig. 1 is the flow chart of the safety protecting method of a kind of maintenance network port of the embodiment of the present invention;
Fig. 2 is the flow chart of the safety protecting method of the another kind of maintenance network port of the embodiment of the present invention;
The flow chart of the safety protecting method of the another kind of maintenance network port that Fig. 3 provides for the embodiment of the present invention;
The structural representation of a kind of maintenance network port that Fig. 4 provides for the embodiment of the present invention;
The structural representation of the another kind of maintenance network port that Fig. 5 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the technical scheme in the embodiment of the present invention is further described.
Referring to Fig. 1, the safety protecting method of the maintenance network port that the embodiment of the present invention provides, comprising:
S11, in the time that webmaster judges that maintenance network port leaves unused, described maintenance network port receives the shutdown command that webmaster sends;
S12, described maintenance network port is closed described maintenance network port according to described shutdown command;
S13, in the time that webmaster judgement need to be used described maintenance network port, described maintenance network port receives the open command that described webmaster sends;
S14, described maintenance network port is opened described maintenance network port according to described open command.
The configuration order that maintenance network port can send according to webmaster, controls the opening and closing of maintenance network port.For example during in idle state, receive the shutdown command that webmaster sends to maintenance network port at maintenance network port, described maintenance network port is closed in indication, thereby avoids contingent unauthorized access and attack.
The mode that maintenance network port is closed maintenance network port according to described shutdown command has multiple, for example, can the link of described maintenance network port (for example: Link) be set to invalid (for example: Disable) in physical layer; Also can close in data link layer the message processing of described maintenance network port.Certainly can also arrange maintenance network port in session layer and application layer, to close the communication of maintenance network port and maintenance terminal, thereby avoid various contingent unauthorized access and the attack from maintenance terminal.
In the time that webmaster judgement need to be used described maintenance network port, described maintenance network port receives the open command that webmaster sends, and opens described maintenance network port, thereby can not have influence on the conventional maintenance function of described maintenance network port to maintenance terminal.
Corresponding mode of opening maintenance network port also has multiple, for example, can be set to effectively (for example: Enable) at the link of the described maintenance network port of physical layer; Also can open in data link layer the message processing of described maintenance network port.Certainly can also arrange maintenance network port in session layer and application layer, open the communication of maintenance network port and maintenance terminal, thereby realize the maintenance function to maintenance terminal.
Further, referring to Fig. 2, the safety protecting method of the maintenance network port providing for the embodiment of the present invention, can also comprise:
S21, described maintenance network port access events to described maintenance network port in the time of opening is monitored;
S22, in the time monitoring generation access events, described maintenance network port sends access warning to described webmaster.
The mode that maintenance network port is monitored the access events of described maintenance network port in the time opening has multiple, for example can monitor in physical layer the Link State of described maintenance network port, in the time that Link State changes, for example, for example, while for example, changing into unimpeded (: UP) state by (: the Down) state of interruption, confirm described maintenance network port generation access events; Can also monitor in data link layer the message processing of described maintenance network port, in the time there is packet sending and receiving, as while receiving message, confirm described maintenance network port generation access events.Certainly can also monitor the access events of maintenance network port in session layer and application layer, thereby monitor in time the various access from maintenance terminal, to report access warning to described webmaster, remind the various possible unauthorized access of network management monitoring and processing maintenance network port.
Referring to Fig. 3, the safety protecting method flow chart of the maintenance network port that Fig. 3 provides for the embodiment of the present invention.Between higher level equipment 1 and subordinate equipment 2, realize communication by the communication link of equipment room, the webmaster 3 of higher level equipment sends order is set to the maintenance network port 4 of subordinate equipment, between maintenance network port 4 lay-up periods, close this maintenance network port 4, thereby avoid contingent unauthorized access and attack, need to open between the operating period this maintenance network port 4 at maintenance network port 4, thereby realize the conventional maintenance function of maintenance network port 4 to maintenance terminal 5.Further, in the time that maintenance network port 4 is opened, maintenance network port 4 is also monitored the access of maintenance terminal 5, in the time monitoring access events, the webmaster 3 of superior equipment reports access warning, to remind webmaster 3 to monitor and process the contingent unauthorized access of maintenance network port 4.Hence one can see that, by the said method that adopts the embodiment of the present invention to provide, can promote the security protection performance of maintenance network port.
Referring to Fig. 4, Fig. 4 is the maintenance network port that the embodiment of the present invention provides, and comprising:
Receiving system 43, the shutdown command sending for receiving webmaster, described shutdown command is that described webmaster sends in the time judging that maintenance network port is idle;
The open command that described receiving system 43 also sends for receiving webmaster, described open command is that described webmaster sends in the time that needs use described maintenance network port;
Wherein, described shutoff device 41 can be specifically that it is invalid to be set at the link of the described maintenance network port of physical layer; Or, close the message processing of described maintenance network port in data link layer.
Described opening device 42 can be to be specifically set to effectively at the link of the described maintenance network port of physical layer; Or, the message processing of opening described maintenance network port in data link layer.
The maintenance network port that the embodiment of the present invention provides, in the time that maintenance network port is idle, described maintenance network port is closed in the shutdown command sending according to webmaster by shutoff device 41, can avoid various possible unauthorized access and attack; In the time that needs working service network interface uses, the open command sending according to described webmaster by opening device 42 is opened described maintenance network port, thereby can, in not affecting the conventional maintenance function of maintenance network port, promote the security protection performance of maintenance network port.
Further, referring to Fig. 5, the maintenance network port that the embodiment of the present invention provides can also comprise:
Wherein, described monitoring device 51 can be specifically, monitors the Link State of described maintenance network port in physical layer, in the time that Link State changes, as changed into unimpeded state by interrupt status time, confirms described maintenance network port generation access event; Or, monitor the message processing of described maintenance network port in data link layer, in the time there is packet sending and receiving, confirm described maintenance network port generation access event.
Send the maintenance network port that the embodiment of the present invention provides, in the time that maintenance network port is opened, by the access event of monitoring device 51 monitoring and maintenance network interfaces, and in the time monitoring generation access event, report access warning by alarm device 52 to described webmaster, thereby can remind network management monitoring and process the unauthorized access that maintenance network port occurs, further promoting the security protection performance of maintenance network port.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, any be familiar with those skilled in the art the present invention disclose technical scope in; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (6)
1. a safety protecting method for maintenance network port, is characterized in that, comprising:
Maintenance network port receives the shutdown command that webmaster sends, and described shutdown command is that webmaster sends in the time judging that maintenance network port is idle;
Described maintenance network port is closed described maintenance network port according to described shutdown command, specifically comprises: it is invalid to be set at the link of the described maintenance network port of physical layer; Or, close the message processing of described maintenance network port in data link layer; Or, in session layer and application layer, network interface is arranged, to close the communication of safeguarding maintenance network port and maintenance terminal;
Maintenance network port receives the open command that described webmaster sends, and described open command is that webmaster sends in the time that judgement need to be used described maintenance network port;
The open command that described maintenance network port sends according to described webmaster is opened described maintenance network port; Described method also comprises:
Described maintenance network port is monitored the access events of described maintenance network port in the time opening;
In the time monitoring generation access events, described maintenance network port reports access warning to described webmaster;
Described maintenance network port is monitored and is comprised the access events of described maintenance network port in the time opening:
Described maintenance network port is monitored the Link State of described maintenance network port in physical layer, in the time that Link State changes, judge described maintenance network port generation access events;
Wherein, the Link State that described maintenance network port is monitored described maintenance network port in physical layer comprises: in session layer and application layer, the access events of maintenance network port is monitored, thereby monitor in time the various access events from maintenance terminal; Described in the time that Link State changes, judge that described maintenance network port generation access events comprises: when Link State is changed into unimpeded state by interrupt status, confirm described maintenance network port generation access events.
2. method according to claim 1, is characterized in that, the open command that described maintenance network port sends according to described webmaster is opened described maintenance network port transmission and comprised:
Be set to effectively at the link of the described maintenance network port of physical layer;
Or, the message processing of opening described maintenance network port in data link layer.
3. method according to claim 1, is characterized in that, described maintenance network port is also monitored and comprised the access events of described maintenance network port in the time opening:
Described maintenance network port is monitored the message processing of described maintenance network port in data link layer, in the time there is packet sending and receiving, judge described maintenance network port generation access events.
4. a maintenance network port, is characterized in that, comprising:
Receiving system, the shutdown command sending for receiving webmaster, described shutdown command is that described webmaster sends in the time judging that maintenance network port is idle;
Shutoff device, cuts out described maintenance network port for the shutdown command receiving according to described receiving system, described shutoff device specifically for: it is invalid to be set at the link of the described maintenance network port of physical layer; Or, close the message processing of described maintenance network port in data link layer; Or, in session layer and application layer, network interface is arranged, to close the communication of safeguarding maintenance network port and maintenance terminal;
The open command that described receiving system also sends for receiving webmaster, described open command is that described webmaster sends in the time that needs use described maintenance network port;
Opening device, opens described maintenance network port for the open command receiving according to described receiving system;
Described maintenance network port also comprises:
Monitoring device, monitors the access events of described maintenance network port when having opened maintenance network port at opening device;
Alarm device, in the time monitoring access events, sends access warning to described webmaster;
Described monitoring device, specifically for monitor the Link State of described maintenance network port in physical layer, in the time that Link State changes, judges described maintenance network port generation access events;
Wherein, described monitoring device is also specifically in session layer and application layer, the access events of maintenance network port being monitored, thereby monitors in time the various access events from maintenance terminal; Described monitoring device also when changing into unimpeded state by interrupt status, is confirmed described maintenance network port generation access events.
5. maintenance network port according to claim 4, is characterized in that, described opening device is specifically for being set to effectively at the link of the described maintenance network port of physical layer, or the message processing of opening described maintenance network port in data link layer.
6. maintenance network port according to claim 4, is characterized in that, described monitoring device is concrete also for monitor the message processing of described maintenance network port in data link layer, in the time there is packet sending and receiving, confirms described maintenance network port generation access events.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010546656.5A CN102136935B (en) | 2010-11-16 | 2010-11-16 | Maintenance port and safety protection method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010546656.5A CN102136935B (en) | 2010-11-16 | 2010-11-16 | Maintenance port and safety protection method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102136935A CN102136935A (en) | 2011-07-27 |
| CN102136935B true CN102136935B (en) | 2014-06-11 |
Family
ID=44296596
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010546656.5A Expired - Fee Related CN102136935B (en) | 2010-11-16 | 2010-11-16 | Maintenance port and safety protection method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102136935B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571424A (en) * | 2011-12-29 | 2012-07-11 | 华为技术服务有限公司 | Processing method, device and system for engineering event |
| CN110610107A (en) * | 2018-06-14 | 2019-12-24 | 北京众享比特科技有限公司 | Network interface, interface device, physical intrusion prevention method, device and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101364983A (en) * | 2007-08-06 | 2009-02-11 | 株式会社东芝 | Communication apparatus and network connection management program |
| CN101478448A (en) * | 2009-02-09 | 2009-07-08 | 中兴通讯股份有限公司 | Control method and apparatus for Ethernet switching equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100490438C (en) * | 2002-02-22 | 2009-05-20 | 联想(北京)有限公司 | Method for fire wall package filtering dynamic switch H.323 protocol communication channel |
| CN101364878B (en) * | 2007-08-10 | 2011-01-26 | 海华科技股份有限公司 | Method and system for automatically network connection port monitoring |
-
2010
- 2010-11-16 CN CN201010546656.5A patent/CN102136935B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101364983A (en) * | 2007-08-06 | 2009-02-11 | 株式会社东芝 | Communication apparatus and network connection management program |
| CN101478448A (en) * | 2009-02-09 | 2009-07-08 | 中兴通讯股份有限公司 | Control method and apparatus for Ethernet switching equipment |
Non-Patent Citations (2)
| Title |
|---|
| 李淑一.浅谈计算机端口维护.《科技咨询导报》.2007,(第16期),全文. |
| 浅谈计算机端口维护;李淑一;《科技咨询导报》;20071231(第16期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102136935A (en) | 2011-07-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107493265B (en) | A kind of network security monitoring method towards industrial control system | |
| Slowik | Crashoverride: Reassessing the 2016 ukraine electric power event as a protection-focused attack | |
| KR101977731B1 (en) | Apparatus and method for detecting anomaly in a controller system | |
| KR20210003933A (en) | External terminal protection device and protection system | |
| WO2009031453A1 (en) | Network security monitor apparatus and network security monitor system | |
| CN101034976B (en) | Intrusion detection in an IP connected security system | |
| CN102136935B (en) | Maintenance port and safety protection method thereof | |
| Zhang et al. | Investigating the impact of cyber attacks on power system reliability | |
| CN101714990B (en) | Network security safeguarding integrated system and control method thereof | |
| EP2710782B1 (en) | Method and apparatus for monitoring a vpn tunnel | |
| CN110990903B (en) | Cloud system and cloud system protection method | |
| CN111885179B (en) | External terminal protection device and protection system based on file monitoring service | |
| CN112929373B (en) | Intranet equipment protection method | |
| CN111859434A (en) | External terminal protection device and protection system for providing confidential file transmission | |
| CN107294998A (en) | A kind of security protection system of intelligent electric power electrical secondary system | |
| KR102145421B1 (en) | Digital substation with smart gateway | |
| JP2017191958A (en) | Redundancy management system, redundancy switching method, and redundancy switching program | |
| CN206251134U (en) | Track traffic station device controller based on safety applications gateway | |
| CN1794718A (en) | Linkage protocol of network safety equipment | |
| CN215912109U (en) | Industrial control network architecture for real-time detection of network data traffic and attack | |
| Hou et al. | Digital substation cyber security analysis with SYN-flood attack as a simulation case | |
| CN204231379U (en) | A kind of device utilizing short information of cell phone remote control server | |
| CN113467311B (en) | Electric power Internet of things safety protection device and method based on software definition | |
| KR102160539B1 (en) | Digital substation with smart gateway | |
| CN212084141U (en) | Safety reinforcement management device for industrial control terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN LIANCHUANG INTELLECTUAL PROPERTY SERVICE Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD. Effective date: 20150702 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20150702 Address after: 518129 Nanshan District Nanshan digital cultural industry base, east block, Guangdong, Shenzhen 407 Patentee after: Shenzhen LIAN intellectual property service center Address before: 518129 headquarters building of Bantian HUAWEI base, Longgang District, Guangdong, Shenzhen Patentee before: Huawei Technologies Co., Ltd. |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20160128 Address after: 224555 Jiangsu province Yancheng City Binhuai town head Zeng Village (Yancheng City coastal chemical industry park) Patentee after: Binhai Xingguang Chemical Co., Ltd. Address before: 518129 Nanshan District Nanshan digital cultural industry base, east block, Guangdong, Shenzhen 407 Patentee before: Shenzhen LIAN intellectual property service center |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140611 Termination date: 20151116 |
|
| EXPY | Termination of patent right or utility model |