CN102244622A - Virtual gateway protection method, virtual security gateway and system for server virtualization - Google Patents
Virtual gateway protection method, virtual security gateway and system for server virtualization Download PDFInfo
- Publication number
- CN102244622A CN102244622A CN201110208735XA CN201110208735A CN102244622A CN 102244622 A CN102244622 A CN 102244622A CN 201110208735X A CN201110208735X A CN 201110208735XA CN 201110208735 A CN201110208735 A CN 201110208735A CN 102244622 A CN102244622 A CN 102244622A
- Authority
- CN
- China
- Prior art keywords
- virtual
- secure gateway
- protected
- subnetwork
- communication flows
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a virtual gateway protection method, a virtual security gateway and a system for server virtualization. The method comprises the following steps that: the virtual security gateway is established on a server virtualization platform and accessed to virtual sub-networks to be protected; the virtual security gateway isolates and monitors the communication traffic between the virtual sub-networks, when the communication traffic is against a preset security strategy, the virtual security gateway makes an unexpected response, and when the communication traffic conforms to the security strategy, the virtual security gateway makes a normal response. The method disclosed by the invention establishes the virtual security gateway on the server virtualization platform so as to isolate and monitor the communication traffic between virtual machines, so that the virtual security gateway can make a response in time when the security of the protected virtual machines is threatened, and the virtual machines in a whole virtual network are protected from being influenced.
Description
Technical field
The present invention relates to computer realm, relate in particular to a kind of virtual gateway means of defence, security gateway and system that is used for server virtualization.
Background technology
Server virtualization is meant that the realization by virtualization layer makes and can moves a plurality of virtual servers on the single one physical server.Server virtualization brings makes the change that big variation is exactly a network architecture; under traditional pattern; all overlap independently safety protecting method protection on each physical machine or the server by one; and security protection products such as fire compartment wall have been disposed in the periphery; even server is under attack; harm also only is confined to an isolated area, and coverage is not too large.
But; owing to adopted new network architecture in the virtual data center; tens operating system or application program all are deployed on the physical server with the form of virtual machine simultaneously; share this hardware of server resource between these virtual machines simultaneously; network traffics between virtual machine are not by peripheral safety protection equipment perception; therefore can't utilize existing safety protecting method to protect, when a virtual machine generation problem, safety problem will spread virtual machine to other by network.
Summary of the invention
In view of this, the invention provides a kind of virtual gateway means of defence, security gateway and system that is used for server virtualization, lack the problem of security protection when purpose is that settlement server is virtual between each virtual machine.
For achieving the above object, the invention provides following scheme:
A kind of virtual gateway means of defence that is used for server virtualization comprises:
On described server virtualization platform, set up the virtual secure gateway and described virtual secure gateway is inserted virtual subnetwork to be protected;
Described virtual secure gateway is isolated and is monitored communication flows between described virtual subnetwork, when described communication flows does not meet default security strategy, makes exception response, when described communication flows meets default security strategy, makes normal response.
Preferably, describedly set up the virtual secure gateway and be the detailed process that described virtual secure gateway inserts virtual subnetwork to be protected:
The virtual secure gateway is imported in the described server virtualization platform;
On described virtual secure gateway, add and enable Microsoft Loopback Adapter, and by described Microsoft Loopback Adapter with described virtual secure gateway access virtual subnetwork to be protected;
On described virtual secure gateway, dispose security strategy.
Preferably, describedly on described virtual secure gateway, add and enable Microsoft Loopback Adapter, and with the detailed process that described virtual secure gateway inserts virtual subnetwork to be protected be by described Microsoft Loopback Adapter:
On described virtual secure gateway, add and enable the Microsoft Loopback Adapter that equates with virtual switch quantity in the virtual subnetwork to be protected;
Set up the one-to-one relationship between described virtual switch and described Microsoft Loopback Adapter, so that described virtual secure gateway is inserted described virtual subnetwork to be protected.
Preferably, described security strategy comprises:
A kind of or several combination arbitrarily in the rule of exchanging visits between the rule of described virtual subnetwork visit wide area network, the rule of the described virtual subnetwork of wide-area network access and described virtual subnetwork.
Preferably, described virtual secure gateway is isolated and the detailed process of monitoring the communication flows between described virtual subnetwork to be protected is:
Described virtual secure gateway reception is also isolated the communication flows that described virtual subnetwork to be protected sends or receives;
According to the default described communication flows of security strategy analyzing and processing.
Preferably, described exception response comprises:
Report to the police and/or abandon;
Described normal response comprises:
By and/or transmit.
A kind of virtual secure gateway that is used for server virtualization comprises:
Isolate monitoring modular, be used to isolate and monitor communication flows between virtual subnetwork to be protected;
Respond module is used for making exception response when described communication flows does not meet default security strategy, when described communication flows meets default security strategy, makes normal response.
Preferably, described isolation monitoring modular also comprises:
Receiving element is used to receive and isolate the communication flows that virtual subnetwork to be protected sends or receives;
Analytic unit is used for according to the default described communication flows of security strategy analyzing and processing.
A kind of security protection system that is used for server virtualization comprises:
The virtual secure gateway is used to isolate and monitors communication flows between virtual subnet to be protected, when described communication flows does not meet default security strategy, makes exception response, when described communication flows meets default security strategy, makes normal response;
Virtual switch is used for described virtual secure network interface card is inserted virtual subnetwork to be protected.Preferably, according to described virtual secure gateway or security protection system, described virtual secure gateway also comprises:
Microsoft Loopback Adapter, be used to set up and virtual switch between one-to-one relationship, so that described virtual secure gateway is inserted virtual subnetwork to be protected.
Embodiment disclosed by the invention has following beneficial effect: by the virtual secure gateway of setting up at the server virtualization platform, monitor the network traffics between each virtual machine, when virtual machine has safety problem, described virtual secure gateway can in time be made response, has avoided the virtual machine of whole network all to be affected.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the disclosed a kind of virtual gateway means of defence flow chart that is used for server virtualization of the embodiment of the invention;
Fig. 2 is the disclosed flow chart of setting up the virtual secure gateway on the server virtualization platform of the embodiment of the invention;
Fig. 3 sets up the server virtualization application scenarios schematic diagram behind the virtual secure gateway for the embodiment of the invention is disclosed;
Fig. 4 isolates and monitors the flow chart of the data that exchange between virtual subnetwork to be protected for the disclosed virtual secure gateway of the embodiment of the invention;
Fig. 5 is the disclosed a kind of virtual secure gateway structural representation that is used for server virtualization of the embodiment of the invention;
Fig. 6 is the disclosed a kind of security protection system structural representation that is used for server virtualization of the embodiment of the invention.
Embodiment
The present invention relates generally to the network safety protection method that is deployed on the physical server.Particularly, the present invention relates at virtualized server deploy virtual secure gateway, for virtual subnetwork different on the server or virtual application provide security protection, protection Intranet resource is by unauthorized access, stops without the operation and the information output of authorizing.
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
A kind of virtual gateway safety protecting method that is used for server virtualization disclosed by the invention, flow process comprises as shown in Figure 1:
Step S101: on described server virtualization platform, set up the virtual secure gateway, and this virtual secure gateway is inserted virtual subnetwork to be protected.
Server virtualization platform in the present embodiment is meant monitor of virtual machine (Virtual Machine Monitor, be called for short VMM), it is an operating system from the essence speech, bottom hardware equipment carried out virtual, resource management, distribution and the monitor supervision platform of a shielding hardware differences are provided.Operate in the virtual machine on the virtual platform VMM, promptly Guest OS can be linux system, Window system or other application program.
The server virtualization platform that the present invention is suitable for includes, but are not limited to VMware vSphere platform, Citrix XenServer platform, (Kernel based Virtual Machine is called for short: KVM) platform based on the virtual machine of kernel.
Above-mentioned virtual secure gateway can be regarded as the secure virtual machine of function of safety protection such as packet filtering and access control can be provided, it is the virtual realization of physical security gateway, can be fire compartment wall, intrusion prevention system (Intrusion Prevention System, be called for short: IPS), UTM system (Unified Threat Management is called for short UTM) and anti-virus virtual gateway.In the present embodiment, the virtual secure gateway is developed as the virtual device of supporting open virtual machine form (OVF) standard interface, OVF is the open standard that is used to encapsulate and be distributed in the virtual device that moves on the virtual platform, adopt the virtual secure gateway of this standard development no longer to need to be tied to any specific hypervisor or processor architecture, can support different virtual platforms through simple conversion.
Above-mentioned network to be protected is to be in the network that the virtual machine by different on the same VMM constitutes, and these networks may include only a virtual machine, also may comprise a plurality of virtual machines.
Step S102: described virtual secure gateway is isolated and is monitored communication flows between virtual subnet to be protected, and when described communication flows did not meet default security strategy, described virtual secure gateway was made exception response; When described communication flows meets default security strategy, make normal response.
Communication flows described in the present embodiment is meant communication data or the specific action that virtual subnetwork is initiated to other virtual subnetwork that transmits between described virtual subnetwork, for example initiates visit etc.
Described security strategy refers to prevent that for what be in virtual subnetwork configuration on the VMM it from being attacked, being used for the safety regulation of security protection, for example, filtering rule, NAT rule, port mapping rule, IP mapping ruler, agent rule, virus filtration rule, transfer of data rule, networkaccess rules etc.What mainly use in the present embodiment is the rule of exchanging visits between the rule, virtual subnetwork of rule, the wide-area network access virtual subnetwork of virtual subnetwork visit wide area network, can be in these rules any one, perhaps several combination arbitrarily, but be not limited to these rules, can also for: packet filtering rules, NAT rule, port mapping rule, IP mapping ruler, agent rule, virus filtration rule etc., these safety regulations can be adjusted according to concrete security protection demand.
Described exception response comprises reports to the police and interception, and when communication flows did not meet default security strategy, the virtual secure gateway was made and being reported to the police or the interception response, also can make two kinds of responses simultaneously; Described normal response comprise by and transmit, when communication flows meets default security strategy, the virtual secure gateway make by or transmitted response, also can make two kinds of responses simultaneously.
The disclosed safety protecting method that is used for server virtualization of present embodiment, the mode of virtual secure gateway is set up in use on VMM, making VMM go up the data that exchange between network can be isolated by the virtual secure gateway and detect, and has played the effect to the protection of server virtualization platform safety.
Further, on described server virtualization platform, set up the virtual secure gateway, and the detailed process of the virtual subnetwork that this virtual secure gateway access is to be protected is as shown in Figure 2, comprising:
Step S201: the virtual secure gateway is imported in the described server virtualization platform.
The process that virtual machine imports to virtual platform is to realize by the virtual machine import feature that virtual machine centralized management software provides, and this virtual machine centralized management software is provided by virtual platform software vendor, can be installed in physical machine or the virtual machine.
Step S202: on described virtual secure gateway, add and enable Microsoft Loopback Adapter, and by described Microsoft Loopback Adapter with described virtual secure gateway access virtual subnetwork to be protected.
The process of adding Microsoft Loopback Adapter also realizes by virtual machine centralized management software; the virtual secure gateway is used network equipment interpolation function interpolation and enables the Microsoft Loopback Adapter that the virtual switch quantity in the virtual subnetwork to be protected equates; set up the one-to-one relationship between described virtual switch and described Microsoft Loopback Adapter then, so that described virtual secure gateway is inserted described virtual subnetwork to be protected.Described virtual switch is meant and is used for the virtual unit that present networks and other networks carry out exchanges data on the VMM.
In addition, the virtual secure gateway also can be realized dynamically adding and the deletion Microsoft Loopback Adapter, under the adaptation server virtual environment, and the variation of network topology and the variation of demand for security.
Step S203: on described virtual secure gateway, dispose security strategy.
The security strategy here is identical with above-mentioned security strategy, the security strategy configuration can be selected from Web interface mode remote access virtual secure gateway, add the policy configurations rule at the corresponding functional modules interface, perhaps the mode by order line signs in to the virtual secure gateway, the corresponding rule of configuration.
Set up behind the virtual secure gateway the server virtualization application scenarios as shown in Figure 3; virtual machine monitor VMM 302 is carried out in operation on bottom hardware equipment 301; comprise virtual machine 305 in this server monitoring program; 310 and 312; virtual machine 310 and 312 belongs to same network; and the Microsoft Loopback Adapter 311 by separately links to each other with virtual switch 304 in the present networks with 313; virtual machine 305 belongs to the another one network; and link to each other with virtual switch 303 in the present networks by Microsoft Loopback Adapter 306; two networks transmit and receive data by virtual switch 303 and 304 separately; simultaneously virtual switch 303 with 304 also with virtual secure gateway 307 on Microsoft Loopback Adapter 308 link to each other with 309, in two networks to be protected of virtual secure gateway 307 accesses.
The step of more than setting up the virtual secure gateway has workable, adaptable characteristics; the virtual secure gateway of setting up by above step is equivalent to be based upon the secure virtual machine on the VMM; be the basis and the key equipment of VMM security protection, for the Intranet on the virtual server provides fine-grained protection.
Further, the virtual secure gateway isolate and the detailed process of monitoring the communication flows between virtual subnet to be protected as shown in Figure 4, comprising:
Step S401: described virtual secure gateway reception is also isolated the communication flows that described virtual subnetwork to be protected sends or receives.
Virtual subnetwork among the VMM sends communication flows by virtual switch separately to other virtual subnetwork, and receive the communication flows that other virtual subnetwork is sent, the virtual secure gateway is by the one-to-one relationship between virtual switch and Microsoft Loopback Adapter, receive the communication flows that the virtual switch in these virtual subnetwork sends or receives, then described communication flows temporarily is isolated in the virtual secure gateway.
Step S402: according to the default described communication flows of security strategy analyzing and processing.
The virtual secure gateway compares analysis with communication flows that receives and the security strategy of presetting, when meeting security strategy, according to the corresponding relation between virtual switch and Microsoft Loopback Adapter communication flows is sent to virtual switch in the purpose virtual subnetwork, when not meeting security strategy, the virtual secure gateway is made response, for example, the destination interface that detects grouped data is the port that the security strategy regulation is closed, can tackle or abandon these data so, also can select processing mode by the user to User Alarms; Perhaps detect a virtual subnetwork to one its do not have the virtual subnetwork of access rights to initiate visit, so just can be to User Alarms.Concrete response mode also can be by User Defined.
Can find out that from foregoing description virtual secure gateway all data by linking to each other with the virtual switch of each network among the VMM, can detect and exchanging between virtual subnetwork have been eliminated the security protection blind spot in the server virtualization.
Corresponding with the safety protecting method that is used for server virtualization provided by the invention, the embodiment of the invention also discloses a kind of virtual secure gateway and system that is used for server virtualization.
A kind of virtual secure gateway that is used for server virtualization disclosed by the invention, its structure comprises as shown in Figure 5:
Isolate monitoring modular 501, be used to isolate and monitor communication flows between virtual subnetwork to be protected;
Respond module 502 is used for making exception response when described communication flows does not meet default security strategy, when described communication flows meets default security strategy, makes normal response.
Described virtual secure gateway uses flow process shown in Figure 2 to set up, and is used to isolate and monitors communication flows between virtual subnetwork to be protected, makes response when described communication flows does not meet default security strategy, and the detailed process of detection as shown in Figure 5.
Further, described isolation monitoring modular also comprises:
Receiving element 5011 is used to receive and isolate the communication flows that the virtual switch in the virtual subnetwork to be protected sends to other virtual subnetwork to be protected;
The disclosed a kind of security protection system that is used for server virtualization of present embodiment, structure comprises as shown in Figure 6:
Virtual secure gateway 601, be used to isolate and monitor network traffics between virtual subnetwork to be protected, when described network traffics do not meet default security strategy, make exception response, when described communication flows meets default security strategy, make normal response;
The security protection system that present embodiment provides is used for providing security protection to the virtual switch of server virtualization platform, when a virtual machine takes place to guarantee that other virtual machine is unaffected when unusual.
Further; in disclosed virtual secure gateway of above-mentioned two embodiment and the security protection system; described virtual secure gateway also comprises: Microsoft Loopback Adapter, be used to set up and virtual switch between one-to-one relationship, so that described virtual secure gateway is inserted virtual subnetwork to be protected.
Each embodiment adopts the mode of going forward one by one to describe in this specification, and what each embodiment stressed all is and the difference of other embodiment that identical similar part is mutually referring to getting final product between each embodiment.For the disclosed device of embodiment, because it is corresponding with the embodiment disclosed method, so description is fairly simple, relevant part partly illustrates referring to method and gets final product.
To the above-mentioned explanation of the disclosed embodiments, make this area professional and technical personnel can realize or use the present invention.Multiple modification to these embodiment will be conspicuous concerning those skilled in the art, and defined herein General Principle can realize under the situation that does not break away from the spirit or scope of the present invention in other embodiments.Therefore, the present invention will can not be restricted to these embodiment shown in this article, but will meet and principle disclosed herein and features of novelty the wideest corresponding to scope.
Claims (10)
1. a virtual gateway means of defence that is used for server virtualization is characterized in that, comprising:
On described server virtualization platform, set up the virtual secure gateway and described virtual secure gateway is inserted virtual subnetwork to be protected;
Described virtual secure gateway is isolated and is monitored communication flows between described virtual subnetwork, when described communication flows does not meet default security strategy, makes exception response, when described communication flows meets default security strategy, makes normal response.
2. method according to claim 1 is characterized in that, describedly sets up the virtual secure gateway and with the detailed process that described virtual secure gateway inserts virtual subnetwork to be protected is:
The virtual secure gateway is imported in the described server virtualization platform;
On described virtual secure gateway, add and enable Microsoft Loopback Adapter, and by described Microsoft Loopback Adapter with described virtual secure gateway access virtual subnetwork to be protected;
On described virtual secure gateway, dispose security strategy.
3. method according to claim 2 is characterized in that, describedly adds on described virtual secure gateway and enables Microsoft Loopback Adapter, and by described Microsoft Loopback Adapter with the detailed process that described virtual secure gateway inserts virtual subnetwork to be protected be:
On described virtual secure gateway, add and enable the Microsoft Loopback Adapter that equates with virtual switch quantity in the virtual subnetwork to be protected;
Set up the one-to-one relationship between described virtual switch and described Microsoft Loopback Adapter, so that described virtual secure gateway is inserted described virtual subnetwork to be protected.
4. method according to claim 1 and 2 is characterized in that, described security strategy comprises:
A kind of or several combination arbitrarily in the rule of exchanging visits between the rule of described virtual subnetwork visit wide area network, the rule of the described virtual subnetwork of wide-area network access and described virtual subnetwork.
5. method according to claim 1 is characterized in that, described virtual secure gateway is isolated and the detailed process of monitoring the communication flows between described virtual subnetwork to be protected is:
Described virtual secure gateway reception is also isolated the communication flows that described virtual subnetwork to be protected sends or receives;
According to the default described communication flows of security strategy analyzing and processing.
6. according to each described method of claim 1 to 5, it is characterized in that described exception response comprises:
Report to the police and/or abandon;
Described normal response comprises:
By and/or transmit.
7. a virtual secure gateway that is used for server virtualization is characterized in that, comprising:
Isolate monitoring modular, be used to isolate and monitor communication flows between virtual subnetwork to be protected;
Respond module is used for making exception response when described communication flows does not meet default security strategy, when described communication flows meets default security strategy, makes normal response.
8. virtual secure gateway according to claim 7 is characterized in that, described isolation monitoring modular also comprises:
Receiving element is used to receive and isolate the communication flows that virtual subnetwork to be protected sends or receives;
Analytic unit is used for according to the default described communication flows of security strategy analyzing and processing.
9. a security protection system that is used for server virtualization is characterized in that, comprising:
The virtual secure gateway is used to isolate and monitors communication flows between virtual subnet to be protected, when described communication flows does not meet default security strategy, makes exception response, when described communication flows meets default security strategy, makes normal response;
Virtual switch is used for described virtual secure network interface card is inserted virtual subnetwork to be protected.
10. virtual secure gateway according to claim 9 or security protection system is characterized in that, described virtual secure gateway also comprises:
Microsoft Loopback Adapter, be used to set up and virtual switch between one-to-one relationship, so that described virtual secure gateway is inserted virtual subnetwork to be protected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110208735.XA CN102244622B (en) | 2011-07-25 | 2011-07-25 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110208735.XA CN102244622B (en) | 2011-07-25 | 2011-07-25 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102244622A true CN102244622A (en) | 2011-11-16 |
| CN102244622B CN102244622B (en) | 2015-03-11 |
Family
ID=44962471
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110208735.XA Expired - Fee Related CN102244622B (en) | 2011-07-25 | 2011-07-25 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102244622B (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710669A (en) * | 2012-06-29 | 2012-10-03 | 杭州华三通信技术有限公司 | Firewall strategic control method and device |
| CN103428061A (en) * | 2012-05-14 | 2013-12-04 | 上海贝尔股份有限公司 | Access substrate node and method for forwarding data by using access substrate node |
| CN103701822A (en) * | 2013-12-31 | 2014-04-02 | 曙光云计算技术有限公司 | Access control method |
| CN103929413A (en) * | 2013-12-16 | 2014-07-16 | 汉柏科技有限公司 | Method and device for preventing cloud network from being attacked |
| CN104023035A (en) * | 2014-06-26 | 2014-09-03 | 浪潮电子信息产业股份有限公司 | Method for protecting flow among virtual machines in same security domain |
| CN104378387A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Method for protecting information security under virtualization platform |
| CN104504339A (en) * | 2014-12-24 | 2015-04-08 | 北京奇虎科技有限公司 | Virtualization security detection method and system |
| CN104506548A (en) * | 2014-12-31 | 2015-04-08 | 北京天融信科技有限公司 | Data packet redirecting device as well as safety protection method and system for virtual machine |
| CN104519026A (en) * | 2013-09-30 | 2015-04-15 | 中国电信股份有限公司 | Method and system for controlling security access of virtual machines |
| CN104660554A (en) * | 2013-11-19 | 2015-05-27 | 北京天地超云科技有限公司 | Method for implementing communication data security of virtual machines |
| CN104660553A (en) * | 2013-11-19 | 2015-05-27 | 北京天地超云科技有限公司 | Implementation method of virtual firewall |
| CN104685500A (en) * | 2012-10-01 | 2015-06-03 | 国际商业机器公司 | Providing services to virtual overlay network traffic |
| CN105072078A (en) * | 2015-06-30 | 2015-11-18 | 北京奇虎科技有限公司 | Cloud platform virtualization flow monitoring method and device |
| WO2015176682A1 (en) * | 2014-05-22 | 2015-11-26 | Hangzhou H3C Technologies Co., Ltd. | Forwarding a packet |
| CN105450494A (en) * | 2014-08-20 | 2016-03-30 | 北京云巢动脉科技有限公司 | Virtual network and method for implementing same |
| CN105573791A (en) * | 2015-12-15 | 2016-05-11 | 国云科技股份有限公司 | Method for realizing network card hot plug by linux virtual machine |
| CN105592016A (en) * | 2014-10-29 | 2016-05-18 | 国家电网公司 | Virtual machine protection device of power information system in cloud environment |
| CN106411863A (en) * | 2016-09-14 | 2017-02-15 | 南京安贤信息科技有限公司 | Virtualization platform for processing network traffic of virtual switches in real time |
| CN107104966A (en) * | 2017-04-25 | 2017-08-29 | 刘正达 | A kind of home wireless network security mechanism dynamically adjusted based on network structure |
| CN107172127A (en) * | 2017-04-21 | 2017-09-15 | 北京理工大学 | Based on the information security technology contest course monitoring method acted on behalf of more |
| CN107483386A (en) * | 2016-06-08 | 2017-12-15 | 阿里巴巴集团控股有限公司 | Analyze the method and device of network data |
| CN109756431A (en) * | 2017-11-06 | 2019-05-14 | 阿里巴巴集团控股有限公司 | Hybrid network configuration method, device, network structure and electronic equipment |
| CN110958227A (en) * | 2015-02-04 | 2020-04-03 | 英特尔公司 | Techniques for scalable security architecture for virtualized networks |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101212453A (en) * | 2006-12-29 | 2008-07-02 | 凹凸科技(中国)有限公司 | Network access control method and firewall device |
| CN101465770A (en) * | 2009-01-06 | 2009-06-24 | 北京航空航天大学 | Method for disposing inbreak detection system |
| CN101800730A (en) * | 2009-02-09 | 2010-08-11 | 国际商业机器公司 | Safety enhanced virtual machine communication method and virtual machine system |
-
2011
- 2011-07-25 CN CN201110208735.XA patent/CN102244622B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101212453A (en) * | 2006-12-29 | 2008-07-02 | 凹凸科技(中国)有限公司 | Network access control method and firewall device |
| CN101465770A (en) * | 2009-01-06 | 2009-06-24 | 北京航空航天大学 | Method for disposing inbreak detection system |
| CN101800730A (en) * | 2009-02-09 | 2010-08-11 | 国际商业机器公司 | Safety enhanced virtual machine communication method and virtual machine system |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103428061A (en) * | 2012-05-14 | 2013-12-04 | 上海贝尔股份有限公司 | Access substrate node and method for forwarding data by using access substrate node |
| CN103428061B (en) * | 2012-05-14 | 2016-12-28 | 上海贝尔股份有限公司 | Access chassis node and the method utilizing access chassis node to carry out data forwarding |
| CN102710669B (en) * | 2012-06-29 | 2016-03-02 | 杭州华三通信技术有限公司 | A kind of method that firewall policy controls and device |
| US9426117B2 (en) | 2012-06-29 | 2016-08-23 | Hangzhou H3C Technologies Co., Ltd. | Firewall security between virtual devices |
| CN102710669A (en) * | 2012-06-29 | 2012-10-03 | 杭州华三通信技术有限公司 | Firewall strategic control method and device |
| CN104685500B (en) * | 2012-10-01 | 2017-09-29 | 国际商业机器公司 | The method and system of application security strategy in overlay network |
| CN104685500A (en) * | 2012-10-01 | 2015-06-03 | 国际商业机器公司 | Providing services to virtual overlay network traffic |
| CN104519026B (en) * | 2013-09-30 | 2018-11-30 | 中国电信股份有限公司 | The secure accessing control method and system of virtual machine |
| CN104519026A (en) * | 2013-09-30 | 2015-04-15 | 中国电信股份有限公司 | Method and system for controlling security access of virtual machines |
| CN104660554A (en) * | 2013-11-19 | 2015-05-27 | 北京天地超云科技有限公司 | Method for implementing communication data security of virtual machines |
| CN104660553A (en) * | 2013-11-19 | 2015-05-27 | 北京天地超云科技有限公司 | Implementation method of virtual firewall |
| CN103929413A (en) * | 2013-12-16 | 2014-07-16 | 汉柏科技有限公司 | Method and device for preventing cloud network from being attacked |
| CN103701822A (en) * | 2013-12-31 | 2014-04-02 | 曙光云计算技术有限公司 | Access control method |
| WO2015176682A1 (en) * | 2014-05-22 | 2015-11-26 | Hangzhou H3C Technologies Co., Ltd. | Forwarding a packet |
| CN104023035A (en) * | 2014-06-26 | 2014-09-03 | 浪潮电子信息产业股份有限公司 | Method for protecting flow among virtual machines in same security domain |
| CN105450494A (en) * | 2014-08-20 | 2016-03-30 | 北京云巢动脉科技有限公司 | Virtual network and method for implementing same |
| CN105450494B (en) * | 2014-08-20 | 2019-06-25 | 北京云巢动脉科技有限公司 | A kind of virtual network and its implementation |
| CN105592016B (en) * | 2014-10-29 | 2019-04-30 | 国家电网公司 | The protective device of virtual machine under a kind of cloud environment of power information system |
| CN105592016A (en) * | 2014-10-29 | 2016-05-18 | 国家电网公司 | Virtual machine protection device of power information system in cloud environment |
| CN104378387A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Method for protecting information security under virtualization platform |
| CN104504339B (en) * | 2014-12-24 | 2017-11-07 | 北京奇安信科技有限公司 | Virtualize safety detection method and system |
| CN104504339A (en) * | 2014-12-24 | 2015-04-08 | 北京奇虎科技有限公司 | Virtualization security detection method and system |
| CN104506548A (en) * | 2014-12-31 | 2015-04-08 | 北京天融信科技有限公司 | Data packet redirecting device as well as safety protection method and system for virtual machine |
| US11533341B2 (en) | 2015-02-04 | 2022-12-20 | Intel Corporation | Technologies for scalable security architecture of virtualized networks |
| CN110958227A (en) * | 2015-02-04 | 2020-04-03 | 英特尔公司 | Techniques for scalable security architecture for virtualized networks |
| CN105072078B (en) * | 2015-06-30 | 2019-03-26 | 北京奇安信科技有限公司 | A kind of monitoring method and device of cloud platform virtualization flow |
| CN105072078A (en) * | 2015-06-30 | 2015-11-18 | 北京奇虎科技有限公司 | Cloud platform virtualization flow monitoring method and device |
| CN105573791A (en) * | 2015-12-15 | 2016-05-11 | 国云科技股份有限公司 | Method for realizing network card hot plug by linux virtual machine |
| CN107483386A (en) * | 2016-06-08 | 2017-12-15 | 阿里巴巴集团控股有限公司 | Analyze the method and device of network data |
| CN106411863A (en) * | 2016-09-14 | 2017-02-15 | 南京安贤信息科技有限公司 | Virtualization platform for processing network traffic of virtual switches in real time |
| CN107172127A (en) * | 2017-04-21 | 2017-09-15 | 北京理工大学 | Based on the information security technology contest course monitoring method acted on behalf of more |
| CN107104966A (en) * | 2017-04-25 | 2017-08-29 | 刘正达 | A kind of home wireless network security mechanism dynamically adjusted based on network structure |
| CN107104966B (en) * | 2017-04-25 | 2020-07-17 | 刘正达 | Method for realizing household wireless network safety based on network structure dynamic adjustment |
| CN109756431A (en) * | 2017-11-06 | 2019-05-14 | 阿里巴巴集团控股有限公司 | Hybrid network configuration method, device, network structure and electronic equipment |
| CN109756431B (en) * | 2017-11-06 | 2021-07-16 | 阿里巴巴集团控股有限公司 | Hybrid network configuration method and device, network structure and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102244622B (en) | 2015-03-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102244622B (en) | Virtual gateway protection method, virtual security gateway and system for server virtualization | |
| CN103973676B (en) | Cloud computing safety protection system and method based on SDN | |
| US11212315B2 (en) | Tunneling for network deceptions | |
| Al-Ayyoub et al. | Sdsecurity: A software defined security experimental framework | |
| US8640239B2 (en) | Network intrusion detection in a network that includes a distributed virtual switch fabric | |
| US11252183B1 (en) | System and method for ransomware lateral movement protection in on-prem and cloud data center environments | |
| CN104219218B (en) | A kind of method and device of active safety defence | |
| CA3021285C (en) | Methods and systems for network security | |
| Naseer | Implementation of Hybrid Mesh firewall and its future impacts on Enhancement of cyber security | |
| GB2458157A (en) | Hosting program for a computer network to check the status of applications running on virtual machines hosted by the hosting program. | |
| CN102438026A (en) | Industrial control network security protection method and system | |
| WO2018097849A1 (en) | Dynamic hiding of deception mechanism | |
| CN105592016B (en) | The protective device of virtual machine under a kind of cloud environment of power information system | |
| CN103067270A (en) | Virtual machine exchange visit safety control method and device | |
| CN112714137A (en) | Method for deploying honey nets across vlan in large scale based on virtual switching | |
| CN110505212A (en) | A kind of Internet of Things virtual secure equipment based on MiddleBox | |
| CN111262815A (en) | Virtual host management system | |
| CN110278185A (en) | A kind of isolation of network security and data exchange electric power networks application system | |
| WO2015182873A1 (en) | Dns server selective block and dns address modification method using proxy | |
| CN107659582A (en) | A kind of depth defense system for successfully managing APT attacks | |
| JP2001014239A (en) | Security system by multiplex system parallel operated computers | |
| CN108809935A (en) | A kind of cloud environment or the safety access control method under virtual environment and device | |
| KR20220070875A (en) | Smart home network system based on sdn/nfv | |
| CN211183990U (en) | Zero trust network security system | |
| Yuan et al. | Design and implementation of enterprise network security system based on firewall |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150311 Termination date: 20200725 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |