CN102244622B - Virtual gateway protection method, virtual security gateway and system for server virtualization - Google Patents
Virtual gateway protection method, virtual security gateway and system for server virtualization Download PDFInfo
- Publication number
- CN102244622B CN102244622B CN201110208735.XA CN201110208735A CN102244622B CN 102244622 B CN102244622 B CN 102244622B CN 201110208735 A CN201110208735 A CN 201110208735A CN 102244622 B CN102244622 B CN 102244622B
- Authority
- CN
- China
- Prior art keywords
- virtual
- security gateway
- protected
- subnetwork
- communication flows
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a virtual network protection method, a virtual security gateway and a system for server virtualization. The method comprises the following steps that: the virtual security gateway is established on a server virtualization platform and accessed to virtual sub-networks to be protected; the virtual security gateway isolates and monitors the communication traffic between the virtual sub-networks, when the communication traffic is against a preset security strategy, the virtual security gateway makes an unexpected response, and when the communication traffic conforms to the security strategy, the virtual security gateway makes a normal response. The method disclosed by the invention establishes the virtual security gateway on the server virtualization platform so as to isolate and monitor the communication traffic between virtual machines, so that the virtual security gateway can make a response in time when the security of the protected virtual machines is threatened, and the virtual machines in a whole virtual network are protected from being influenced.
Description
Technical field
The present invention relates to computer realm, particularly relate to a kind of virtual gateway means of defence for server virtualization, security gateway and system.
Background technology
Server virtualization refers to and makes can run multiple virtual server on single one physical server by the realization of virtualization layer.What server virtualization brought makes the change that large change is exactly network architecture; under traditional pattern; each physical machine or server are protected by a set of independently safety protecting method; and the security protection products such as fire compartment wall are deployed in periphery; even if server is under attack; harm is also only confined to an isolated area, and coverage is not too large.
But; owing to have employed new network architecture in Visualized data centre; tens operating systems or application program are all deployed on physical server with the form of virtual machine simultaneously; share the hardware resource of this server between these virtual machines simultaneously; network traffics between virtual machine are not by the perception of perimeter security safeguard; therefore existing safety protecting method cannot be utilized to protect, and when a virtual machine generation problem, safety problem will spread virtual machine to other by network.
Summary of the invention
In view of this, the invention provides a kind of virtual gateway means of defence for server virtualization, security gateway and system, when object is that settlement server is virtual, between each virtual machine, lack the problem of security protection.
For achieving the above object, the invention provides following scheme:
For a virtual gateway means of defence for server virtualization, comprising:
Virtual Security Gateway set up by described server virtualization platform and described Virtual Security Gateway is accessed virtual subnetwork to be protected;
Described Virtual Security Gateway is isolated and is monitored the communication flows between described virtual subnetwork, when described communication flows does not meet default security strategy, makes exception response, when described communication flows meets default security strategy, makes normal response.
Preferably, describedly Virtual Security Gateway is set up and the detailed process described Virtual Security Gateway being accessed virtual subnetwork to be protected is:
Virtual Security Gateway is imported in described server virtualization platform;
Described Virtual Security Gateway add and enables Microsoft Loopback Adapter, and by described Microsoft Loopback Adapter, described Virtual Security Gateway being accessed virtual subnetwork to be protected;
Described Virtual Security Gateway configures security strategy.
Preferably, describedly add on described Virtual Security Gateway and enable Microsoft Loopback Adapter, and by the detailed process that described Virtual Security Gateway to be accessed virtual subnetwork to be protected by described Microsoft Loopback Adapter being:
Described Virtual Security Gateway adds and enables the Microsoft Loopback Adapter equal with the virtual switch quantity in virtual subnetwork to be protected;
Set up the one-to-one relationship between described virtual switch and described Microsoft Loopback Adapter, so that described Virtual Security Gateway is accessed described virtual subnetwork to be protected.
Preferably, described security strategy comprises:
A kind of or several arbitrarily combination in the rule of exchanging visits between the rule of virtual subnetwork described in the rule of described virtual subnetwork access wide area network, wide-area network access and described virtual subnetwork.
Preferably, described Virtual Security Gateway is isolated and the detailed process of monitoring the communication flows between described virtual subnetwork to be protected is:
Described Virtual Security Gateway receives and the communication flows of isolating the transmission of described virtual subnetwork to be protected or receiving;
According to communication flows described in the security policy analysis process preset.
Preferably, described exception response comprises:
Report to the police and/or abandon;
Described normal response comprises:
By and/or forward.
For a Virtual Security Gateway for server virtualization, comprising:
Isolation monitoring modular, for isolating and monitoring the communication flows between virtual subnetwork to be protected;
Respond module, for when described communication flows does not meet default security strategy, makes exception response, when described communication flows meets default security strategy, makes normal response.
Preferably, described isolation monitoring modular also comprises:
Receiving element, for receiving and the communication flows of isolating virtual subnetwork transmission to be protected or receiving;
Analytic unit, for communication flows described in the security policy analysis process that foundation is preset.
For a security protection system for server virtualization, comprising:
Virtual Security Gateway, for isolating and monitoring the communication flows between virtual subnet to be protected, when described communication flows does not meet default security strategy, makes exception response, when described communication flows meets default security strategy, makes normal response;
Virtual switch, for accessing virtual subnetwork to be protected by described virtual secure network interface card.Preferably, according to described Virtual Security Gateway or security protection system, described Virtual Security Gateway also comprises:
Microsoft Loopback Adapter, for the one-to-one relationship set up and between virtual switch, to access virtual subnetwork to be protected by described Virtual Security Gateway.
Embodiment disclosed by the invention has following beneficial effect: by the Virtual Security Gateway set up at server virtualization platform, monitor the network traffics between each virtual machine, when there being virtual machine to have safety problem, described Virtual Security Gateway can make response in time, and the virtual machine avoiding whole network is all affected.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of virtual gateway means of defence flow chart for server virtualization disclosed in the embodiment of the present invention;
Fig. 2 is the disclosed flow chart setting up Virtual Security Gateway on server virtualization platform of the embodiment of the present invention;
Fig. 3 sets up the server virtualization application scenarios schematic diagram after Virtual Security Gateway disclosed in the embodiment of the present invention;
Fig. 4 Virtual Security Gateway disclosed in the embodiment of the present invention is isolated and monitors the flow chart of the data exchanged between virtual subnetwork to be protected;
Fig. 5 is a kind of Virtual Security Gateway structural representation for server virtualization disclosed in the embodiment of the present invention;
Fig. 6 is a kind of security protection system structural representation for server virtualization disclosed in the embodiment of the present invention.
Embodiment
The present invention relates generally to the network safety protection method be deployed on physical server.Specifically, the present invention relates at virtualized server deploy Virtual Security Gateway, for virtual subnetwork different on server or virtual application provide security protection, protection Intranet resource, not by unauthorized access, stops and exports without the information run and authorize.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
A kind of virtual gateway safety protecting method for server virtualization disclosed by the invention, flow process as shown in Figure 1, comprising:
Step S101: set up Virtual Security Gateway on described server virtualization platform, and this Virtual Security Gateway is accessed virtual subnetwork to be protected.
Server virtualization platform in the present embodiment refers to monitor of virtual machine (Virtual MachineMonitor, be called for short VMM), it is an operating system from essence speech, bottom hardware equipment is carried out virtual, provide the resource management of a shielding hardware differences, distribution and monitor supervision platform.Operating in the virtual machine on virtual platform VMM, i.e. Guest OS, can be linux system, Window system or other application program.
The server virtualization platform that the present invention is suitable for include, but are not limited to VMware vSphere platform, Citrix XenServer platform, based on kernel virtual machine (Kernel based Virtual Machine, be called for short: KVM) platform.
Above-mentioned Virtual Security Gateway can be regarded as the secure virtual machine that can provide the function of safety protection such as packet filtering and access control, it is the virtual realization of physical security gateways, can be fire compartment wall, intrusion prevention system (Intrusion Prevention System, IPS), unified threat management system (Unified Threat Management, be called for short UTM) and anti-virus virtual gateway be called for short:.In the present embodiment, Virtual Security Gateway is developed as the virtual device supporting open virtual machine form (OVF) standard interface, OVF is the open standard for encapsulating and be distributed in the virtual device that virtual platform runs, adopt the Virtual Security Gateway of this standard development no longer to need to be tied to any specific hypervisor or processor architecture, different virtual platforms can be supported through simple conversion.
Above-mentioned network to be protected is the network be made up of different virtual machines be on same VMM, and these networks may only include a virtual machine, also may comprise multiple virtual machine.
Step S102: described Virtual Security Gateway is isolated and monitored the communication flows between virtual subnet to be protected, when described communication flows does not meet default security strategy, described Virtual Security Gateway makes exception response; When described communication flows meets default security strategy, make normal response.
Communication flows described in the present embodiment refers to the specific action that the communication data that transmits between described virtual subnetwork or a virtual subnetwork are initiated to other virtual subnetwork, such as, initiate access etc.
Described security strategy refers to prevent it from suffering to attack, for the safety regulation of security protection for what be in virtual subnetwork configuration on VMM, such as, regular, the networkaccess rules of filtering rule, NAT rule, port mapping regular, IP mapping ruler, agent rule, virus filtration rule, transfer of data etc.The rule that what mainly use in the present embodiment is the virtual subnetwork access rule of wide area network, exchange visits between the rule of wide-area network access virtual subnetwork, virtual subnetwork, can be any one in these rules, or combinations several arbitrarily, but be not limited to these rules, can also be: packet filtering rules, NAT rule, port mapping are regular, IP mapping ruler, agent rule, virus filtration are regular, and these safety regulations can adjust according to concrete security protection demand.
Described exception response comprises reports to the police and interception, and when communication flows does not meet default security strategy, Virtual Security Gateway is made and being reported to the police or interception response, also can make two kinds of responses simultaneously; Described normal response comprise by and forwarding, when communication flows meets default security strategy, Virtual Security Gateway make by or transmitted response, also can make two kinds of responses simultaneously.
The disclosed safety protecting method for server virtualization of the present embodiment, be used in mode VMM setting up Virtual Security Gateway, enable the data that VMM exchanges between network be isolated by Virtual Security Gateway and detect, serve the effect to the protection of server virtualization platform safety.
Further, Virtual Security Gateway set up by described server virtualization platform, and this Virtual Security Gateway accessed the detailed process of virtual subnetwork to be protected as shown in Figure 2, comprising:
Step S201: Virtual Security Gateway is imported in described server virtualization platform.
The process that virtual machine imports to virtual platform is that the virtual machine import feature provided by virtual machine centralized management software is realized, and this virtual machine centralized management software is provided by virtual platform software vendor, can be arranged in physical machine or virtual machine.
Step S202: add on described Virtual Security Gateway and enable Microsoft Loopback Adapter, and by described Microsoft Loopback Adapter, described Virtual Security Gateway is accessed virtual subnetwork to be protected.
Add the process of Microsoft Loopback Adapter also by virtual machine centralized management software simulating; use the network equipment to add function to Virtual Security Gateway add and enable the equal Microsoft Loopback Adapter of virtual switch quantity in virtual subnetwork to be protected; then the one-to-one relationship between described virtual switch and described Microsoft Loopback Adapter is set up, so that described Virtual Security Gateway is accessed described virtual subnetwork to be protected.Described virtual switch refers to virtual unit VMM carrying out exchanges data for present networks and other networks.
In addition, Virtual Security Gateway also can realize dynamically adding and deleting Microsoft Loopback Adapter, with under adaptation server virtual environment, and the change of network topology and the change of demand for security.
Step S203: configure security strategy on described Virtual Security Gateway.
Here security strategy is identical with above-mentioned security strategy, security strategy configuration can be selected from Web interface manner remote access Virtual Security Gateway, tactful configuration rule is added at corresponding functional module interface, or sign in Virtual Security Gateway by the mode of order line, the corresponding rule of configuration.
Set up the server virtualization application scenarios after Virtual Security Gateway as shown in Figure 3, bottom hardware equipment 301 runs and carries out virtual machine monitor VMM 302, this server monitoring program comprises virtual machine 305, 310 and 312, virtual machine 310 and 312 belongs to same network, and be connected with the virtual switch 304 in present networks with 313 by respective Microsoft Loopback Adapter 311, virtual machine 305 belongs to another one network, and be connected with the virtual switch 303 in present networks by Microsoft Loopback Adapter 306, two networks are transmitted and receive data by respective virtual switch 303 and 304, virtual switch 303 is also connected with 309 with the Microsoft Loopback Adapter 308 on Virtual Security Gateway 307 with 304 simultaneously, Virtual Security Gateway 307 is accessed in two networks to be protected.
The step more than setting up Virtual Security Gateway has workable, adaptable feature; the Virtual Security Gateway set up by above step is equivalent to the secure virtual machine be based upon on VMM; basis and the key equipment of VMM security protection, for the Intranet on virtual server provides fine-grained protection.
Further, Virtual Security Gateway isolate and the detailed process of monitoring the communication flows between virtual subnet to be protected as shown in Figure 4, comprising:
Step S401: described Virtual Security Gateway receives and the communication flows of isolating the transmission of described virtual subnetwork to be protected or receiving.
Virtual subnetwork in VMM sends communication flows by respective virtual switch to other virtual subnetwork, and receive the communication flows that other virtual subnetwork sends, Virtual Security Gateway is by the one-to-one relationship between virtual switch and Microsoft Loopback Adapter, receive the communication flows that the virtual switch in these virtual subnetwork sends or receives, then described communication flows is temporarily isolated in Virtual Security Gateway.
Step S402: according to communication flows described in the security policy analysis process preset.
The communication flows received and the security strategy preset are compared analysis by Virtual Security Gateway, when meeting security strategy, according to the corresponding relation between virtual switch and Microsoft Loopback Adapter, communication flows is sent to the virtual switch in object virtual subnetwork, when not meeting security strategy, Virtual Security Gateway makes response, such as, detect that the destination interface of grouped data is the port that security strategy specifies to close, so can tackle these data or abandon, also to User Alarms, processing mode can be selected by user; Or detect a virtual subnetwork to one its do not have access rights virtual subnetwork initiate access, so just can to User Alarms.Concrete response mode also can by User Defined.
Can find out from foregoing description, Virtual Security Gateway, by being connected with the virtual switch of each network in VMM, can detect all data exchanged between virtual subnetwork, eliminates the security protection blind spot in server virtualization.
Corresponding with the safety protecting method for server virtualization provided by the invention, the embodiment of the present invention also discloses a kind of Virtual Security Gateway for server virtualization and system.
A kind of Virtual Security Gateway for server virtualization disclosed by the invention, its structure as shown in Figure 5, comprising:
Isolation monitoring modular 501, for isolating and monitoring the communication flows between virtual subnetwork to be protected;
Respond module 502, for when described communication flows does not meet default security strategy, makes exception response, when described communication flows meets default security strategy, makes normal response.
Described Virtual Security Gateway uses the flow process shown in Fig. 2 to set up, and for isolating and monitoring the communication flows between virtual subnetwork to be protected, make response when described communication flows does not meet default security strategy, the detailed process of detection as shown in Figure 5.
Further, described isolation monitoring modular also comprises:
Receiving element 5011, for receiving and isolating the communication flows that the virtual switch in virtual subnetwork to be protected sends to other virtual subnetwork to be protected;
Analytic unit 5012, for communication flows described in the security policy analysis process that foundation is preset.
A kind of security protection system for server virtualization disclosed in the present embodiment, structure as shown in Figure 6, comprising:
Virtual Security Gateway 601, for isolating and monitoring the network traffics between virtual subnetwork to be protected, when described network traffics do not meet default security strategy, make exception response, when described communication flows meets default security strategy, make normal response;
Virtual switch 602, for accessing virtual subnetwork to be protected by described virtual secure network interface card.
The security protection system that the present embodiment provides, for providing security protection to the virtual switch of server virtualization platform, when a virtual machine occurs abnormal, ensures that other virtual machine is unaffected.
Further; in Virtual Security Gateway disclosed in above-mentioned two embodiments and security protection system; described Virtual Security Gateway also comprises: Microsoft Loopback Adapter, for the one-to-one relationship set up and between virtual switch, so that described Virtual Security Gateway is accessed virtual subnetwork to be protected.
In this specification, each embodiment adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar portion mutually see.For device disclosed in embodiment, because it corresponds to the method disclosed in Example, so description is fairly simple, relevant part illustrates see method part.
To the above-mentioned explanation of the disclosed embodiments, professional and technical personnel in the field are realized or uses the present invention.To be apparent for those skilled in the art to the multiple amendment of these embodiments, General Principle as defined herein can without departing from the spirit or scope of the present invention, realize in other embodiments.Therefore, the present invention can not be restricted to these embodiments shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.
Claims (10)
1., for a virtual gateway means of defence for server virtualization, it is characterized in that, comprising:
Virtual Security Gateway set up by server virtualization platform and described Virtual Security Gateway is accessed virtual subnetwork to be protected;
Described Virtual Security Gateway is isolated and is monitored the communication flows between described virtual subnetwork, when described communication flows does not meet default security strategy, makes exception response, when described communication flows meets default security strategy, makes normal response;
Described exception response comprises reports to the police and interception, and when described communication flows does not meet described default security strategy, described Virtual Security Gateway is made and being reported to the police or interception response, or makes two kinds of responses simultaneously.
2. method according to claim 1, is characterized in that, describedly sets up Virtual Security Gateway and the detailed process described Virtual Security Gateway being accessed virtual subnetwork to be protected is:
Virtual Security Gateway is imported in described server virtualization platform;
Described Virtual Security Gateway add and enables Microsoft Loopback Adapter, and by described Microsoft Loopback Adapter, described Virtual Security Gateway being accessed virtual subnetwork to be protected;
Described Virtual Security Gateway configures security strategy.
3. method according to claim 2, is characterized in that, describedly adds on described Virtual Security Gateway and enables Microsoft Loopback Adapter, and by the detailed process that described Virtual Security Gateway to be accessed virtual subnetwork to be protected by described Microsoft Loopback Adapter is:
Described Virtual Security Gateway adds and enables the Microsoft Loopback Adapter equal with the virtual switch quantity in virtual subnetwork to be protected;
Set up the one-to-one relationship between described virtual switch and described Microsoft Loopback Adapter, so that described Virtual Security Gateway is accessed described virtual subnetwork to be protected.
4. method according to claim 1 and 2, is characterized in that, described security strategy comprises:
A kind of or several arbitrarily combination in the rule of exchanging visits between the rule of virtual subnetwork described in the rule of described virtual subnetwork access wide area network, wide-area network access and described virtual subnetwork.
5. method according to claim 1, is characterized in that, described Virtual Security Gateway is isolated and the detailed process of monitoring the communication flows between described virtual subnetwork to be protected is:
Described Virtual Security Gateway receives and the communication flows of isolating the transmission of described virtual subnetwork to be protected or receiving;
According to communication flows described in the security policy analysis process preset.
6. the method according to any one of claim 1 to 5, is characterized in that, described normal response comprises:
By and/or forward.
7. for a Virtual Security Gateway for server virtualization, it is characterized in that, comprising:
Isolation monitoring modular, for isolating and monitoring the communication flows between virtual subnetwork to be protected;
Respond module, for when described communication flows does not meet default security strategy, make exception response, described exception response comprises reports to the police and interception, when described communication flows does not meet described default security strategy, described Virtual Security Gateway is made and being reported to the police or interception response, or makes two kinds of responses simultaneously, when described communication flows meets default security strategy, make normal response.
8. Virtual Security Gateway according to claim 7, is characterized in that, described isolation monitoring modular also comprises:
Receiving element, for receiving and the communication flows of isolating virtual subnetwork transmission to be protected or receiving;
Analytic unit, for communication flows described in the security policy analysis process that foundation is preset.
9. for a security protection system for server virtualization, it is characterized in that, comprising:
Virtual Security Gateway, for isolating and monitoring the communication flows between virtual subnet to be protected, when described communication flows does not meet default security strategy, make exception response, described exception response comprises reports to the police and interception, when described communication flows does not meet described default security strategy, described Virtual Security Gateway is made and being reported to the police or interception response, or make two kinds of responses simultaneously, when described communication flows meets default security strategy, make normal response;
Virtual switch, for accessing virtual subnetwork to be protected by described Virtual Security Gateway.
10. Virtual Security Gateway according to claim 9 or security protection system, is characterized in that, described Virtual Security Gateway also comprises:
Microsoft Loopback Adapter, for the one-to-one relationship set up and between virtual switch, to access virtual subnetwork to be protected by described Virtual Security Gateway.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110208735.XA CN102244622B (en) | 2011-07-25 | 2011-07-25 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110208735.XA CN102244622B (en) | 2011-07-25 | 2011-07-25 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102244622A CN102244622A (en) | 2011-11-16 |
| CN102244622B true CN102244622B (en) | 2015-03-11 |
Family
ID=44962471
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110208735.XA Expired - Fee Related CN102244622B (en) | 2011-07-25 | 2011-07-25 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102244622B (en) |
Families Citing this family (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103428061B (en) * | 2012-05-14 | 2016-12-28 | 上海贝尔股份有限公司 | Access chassis node and the method utilizing access chassis node to carry out data forwarding |
| CN102710669B (en) * | 2012-06-29 | 2016-03-02 | 杭州华三通信技术有限公司 | A kind of method that firewall policy controls and device |
| US9178715B2 (en) * | 2012-10-01 | 2015-11-03 | International Business Machines Corporation | Providing services to virtual overlay network traffic |
| CN104519026B (en) * | 2013-09-30 | 2018-11-30 | 中国电信股份有限公司 | The secure accessing control method and system of virtual machine |
| CN104660553A (en) * | 2013-11-19 | 2015-05-27 | 北京天地超云科技有限公司 | Implementation method of virtual firewall |
| CN104660554A (en) * | 2013-11-19 | 2015-05-27 | 北京天地超云科技有限公司 | Method for implementing communication data security of virtual machines |
| CN103929413A (en) * | 2013-12-16 | 2014-07-16 | 汉柏科技有限公司 | Method and device for preventing cloud network from being attacked |
| CN103701822A (en) * | 2013-12-31 | 2014-04-02 | 曙光云计算技术有限公司 | Access control method |
| CN105100026B (en) * | 2014-05-22 | 2018-07-20 | 新华三技术有限公司 | A kind of safe retransmission method of message and device |
| CN104023035A (en) * | 2014-06-26 | 2014-09-03 | 浪潮电子信息产业股份有限公司 | Method for protecting flow among virtual machines in same security domain |
| CN105450494B (en) * | 2014-08-20 | 2019-06-25 | 北京云巢动脉科技有限公司 | A kind of virtual network and its implementation |
| CN105592016B (en) * | 2014-10-29 | 2019-04-30 | 国家电网公司 | The protective device of virtual machine under a kind of cloud environment of power information system |
| CN104378387A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Virtual platform information security protection method |
| CN104504339B (en) * | 2014-12-24 | 2017-11-07 | 北京奇安信科技有限公司 | Virtualize safety detection method and system |
| CN104506548B (en) * | 2014-12-31 | 2018-05-04 | 北京天融信科技有限公司 | A kind of data packet redirection device, secure virtual machine guard method and system |
| US9560078B2 (en) * | 2015-02-04 | 2017-01-31 | Intel Corporation | Technologies for scalable security architecture of virtualized networks |
| CN105072078B (en) * | 2015-06-30 | 2019-03-26 | 北京奇安信科技有限公司 | A kind of monitoring method and device of cloud platform virtualization flow |
| CN105573791A (en) * | 2015-12-15 | 2016-05-11 | 国云科技股份有限公司 | Method for realizing network card hot plug by linux virtual machine |
| CN107483386A (en) * | 2016-06-08 | 2017-12-15 | 阿里巴巴集团控股有限公司 | Analyze the method and device of network data |
| CN106411863A (en) * | 2016-09-14 | 2017-02-15 | 南京安贤信息科技有限公司 | Virtualization platform for processing network traffic of virtual switches in real time |
| CN107172127A (en) * | 2017-04-21 | 2017-09-15 | 北京理工大学 | Based on the information security technology contest course monitoring method acted on behalf of more |
| CN107104966B (en) * | 2017-04-25 | 2020-07-17 | 刘正达 | Method for realizing household wireless network safety based on network structure dynamic adjustment |
| CN109756431B (en) * | 2017-11-06 | 2021-07-16 | 阿里巴巴集团控股有限公司 | Hybrid network configuration method and device, network structure and electronic equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101212453A (en) * | 2006-12-29 | 2008-07-02 | 凹凸科技(中国)有限公司 | Network access control method and firewall device |
| CN101465770B (en) * | 2009-01-06 | 2011-04-06 | 北京航空航天大学 | Method for disposing inbreak detection system |
| CN101800730B (en) * | 2009-02-09 | 2013-02-27 | 国际商业机器公司 | Safety enhanced virtual machine communication method and virtual machine system |
-
2011
- 2011-07-25 CN CN201110208735.XA patent/CN102244622B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN102244622A (en) | 2011-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102244622B (en) | Virtual gateway protection method, virtual security gateway and system for server virtualization | |
| US11212315B2 (en) | Tunneling for network deceptions | |
| Al-Ayyoub et al. | Sdsecurity: A software defined security experimental framework | |
| US10218741B2 (en) | Immunizing network devices using a malware marker | |
| CN104219218B (en) | A kind of method and device of active safety defence | |
| US9756075B1 (en) | Dynamic hiding of deception mechanism | |
| CN103973676A (en) | Cloud computing safety protection system and method based on SDN | |
| WO2017156261A1 (en) | Active deception system | |
| CN101645873A (en) | Method for realizing network isolation in environments of computer and virtual machine | |
| CN104468504B (en) | Virtualize the monitoring method and system of network dynamic information safety | |
| CN109861972B (en) | Safety architecture system of industrial information control integrated platform | |
| CN105592016B (en) | The protective device of virtual machine under a kind of cloud environment of power information system | |
| CN110505212B (en) | Internet of things virtual safety equipment based on Middlebox | |
| Yu et al. | A faramework for cyber–physical system security situation awareness | |
| CN110278185A (en) | A kind of isolation of network security and data exchange electric power networks application system | |
| CN111262815A (en) | Virtual host management system | |
| CN108809935A (en) | A kind of cloud environment or the safety access control method under virtual environment and device | |
| Saqib | Comparison Of Different Firewalls Performance In A Virtual For Cloud Data Center | |
| Rajkumar et al. | Software-Defined Networking's Study with Impact on Network Security | |
| KR20220070875A (en) | Smart home network system based on sdn/nfv | |
| Yuan et al. | Design and implementation of enterprise network security system based on firewall | |
| Mukhanov et al. | “Common Criteria” and Software-Defined Network (SDN) Security | |
| Nan | Virtualization safety problem analysis | |
| Kiuchi et al. | Security technologies, usage and guidelines in SCADA system networks | |
| CN202679411U (en) | Campus network intrusion prevention system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150311 Termination date: 20200725 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |