CN102932363A - Control method and device of intranet computer (PC) to access outer net - Google Patents
Control method and device of intranet computer (PC) to access outer net Download PDFInfo
- Publication number
- CN102932363A CN102932363A CN2012104481336A CN201210448133A CN102932363A CN 102932363 A CN102932363 A CN 102932363A CN 2012104481336 A CN2012104481336 A CN 2012104481336A CN 201210448133 A CN201210448133 A CN 201210448133A CN 102932363 A CN102932363 A CN 102932363A
- Authority
- CN
- China
- Prior art keywords
- intranet
- address
- outer net
- interface card
- network interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a control method and a device of an internet computer (PC) to access an outer net and belongs to the technical field of network communication. The control method includes that a user is authenticated in identity according to an authentication request message when the authentication request message which is sent through the internet PC is received. When authentication is passed, a media access control (MAC) address and an internet protocol (IP) address of the internet PC are recorded in a network card drive. A data message to access the outer net is sent by a user through the internet PC and received to judge whether the MAC address and the IP address which correspond to the internet PC exist in the network card drive. When the MAC address and the IP address which correspond to the Internet PC exist in the net card drive, the data message is transferred to the outer net. When the MAC address and the IP address which correspond to the Internet PC do not exist in the net card drive, the data message is discarded. The control method and the device of the internet PC to access the outer net are capable of improving security of the internet.
Description
Technical field
The present invention relates to network communications technology field, relate in particular to a kind of control method and device of Intranet pc access outer net.
Background technology
Progress along with science and technology, increasing enterprise comes to realise Intranet PC(Personal Computer, personal computer) illegal external connection brings serious potential safety hazard to enterprise, thereby stops illegal external connection with various methods, prevents trouble before it happens.
A kind of method wherein is for to be configured in the network equipments such as switch or fire compartment wall, i.e. configuration can be accessed the PC tabulation of outer net or limiting access outer net, like this, when the data message of pc access outer net arrives this network equipment, according to this PC of described configuration determination whether authority access outer net is arranged, if then data message is sent to outer net, otherwise, lose this data message.
But there is potential safety hazard in said method, and after user's login of not accessing the outer net authority had the Intranet PC of access outer net authority, this user just can pass through this Intranet pc access outer net.
Summary of the invention
In view of this, the purpose of this invention is to provide a kind of control method and device of Intranet pc access outer net, the fail safe that can improve Intranet.
For achieving the above object, it is as follows to the invention provides technical scheme:
A kind of control method of Intranet pc access outer net, on the network equipment that is applied to be connected with Intranet PC, described control method comprises:
When receiving the authentication request packet that the user sends by Intranet PC, according to described authentication request packet the user is carried out authentication, authentication by the time in network interface card drives MAC Address and the IP address of the described Intranet PC of record;
When receiving the data message of the access outer net that the user sends by Intranet PC, judge in the network interface card driving whether have the MAC Address corresponding with described Intranet PC and IP address;
When in network interface card drives, having the MAC Address corresponding with described Intranet PC and IP address, described data message forwarding is arrived outer net.
Above-mentioned control method wherein, also comprises:
When in network interface card drives, not having the MAC Address corresponding with described Intranet PC and IP address, abandon described data message.
Above-mentioned control method wherein, also comprises:
When the user withdraws from, MAC Address and the IP address of the described Intranet PC of deletion in described network interface card drives.
A kind of control device of Intranet pc access outer net, on the network equipment that is applied to be connected with Intranet PC, described control device comprises:
Authentication ' unit when being used for receiving the authentication request packet that the user sends by Intranet PC, is carried out authentication according to described authentication request packet to the user, authentication by the time in network interface card drives MAC Address and the IP address of the described Intranet PC of record;
Judging unit when being used for receiving the data message of the access outer net that the user sends by Intranet PC, judges in the network interface card driving whether have the MAC Address corresponding with described Intranet PC and IP address;
Retransmission unit is used for when network interface card drives the existence MAC Address corresponding with described Intranet PC and IP address described data message forwarding being arrived outer net.
Above-mentioned control device wherein, also comprises:
Discarding unit is used for abandoning described data message when the network interface card driving does not exist the MAC Address corresponding with described Intranet PC and IP address.
Above-mentioned control device, wherein, described authentication ' unit also is used for:
When the user withdraws from, MAC Address and the IP address of the described Intranet PC of deletion in described network interface card drives.
The present invention carries out authentication to attempting by the user of Intranet pc access outer net, when authentication is passed through, MAC Address and the IP address of this Intranet of record PC in network interface card drives, like this, when receiving the data message of Intranet pc access outer net, whether exist corresponding MAC Address and IP address to determine whether this data message forwarding is arrived outer net in just can driving according to network interface card, thus the fail safe that has improved Intranet.
Description of drawings
Fig. 1 is the network environment schematic diagram in the embodiment of the invention;
Fig. 2 is the control method flow chart of the Intranet pc access outer net of the embodiment of the invention.
Embodiment
Describe the present invention below in conjunction with accompanying drawing.
Fig. 1 is the network environment schematic diagram in the embodiment of the invention.With reference to Fig. 1, in Intranet, there are a plurality of PC, only illustrate two among the figure, i.e. PC1 and PC2, described a plurality of PC all are connected to the network equipment, and the described network equipment can be fire compartment wall, switch or router etc., and the described network equipment is connected with outer net.
Fig. 2 is the control method flow chart of the Intranet pc access outer net of the embodiment of the invention.With reference to Fig. 2, on the network equipment that described control method is applied to be connected with Intranet PC, described control method can comprise the steps:
Particularly, the user can in Intranet PC, Authentication Client be set, certificate server is set in network equipment, when need to pass through Intranet pc access outer net, start described Authentication Client, send authentication request packet to described certificate server by described Authentication Client.
When the certificate server in the network equipment receives the authentication request packet of Authentication Client transmission, the user is carried out authentication.Wherein, according to the difference of user identity or access way, multiple different authentication mode can be arranged.For example, the username and password that can directly input based on the user authenticates, and also can authenticate based on the mode of key.Concrete which kind of authentication mode that adopts, those skilled in the art can select as required, and the present invention does not limit this,
Behind authentication success, the unique identification that the MAC Address of the corresponding Intranet PC of authentication request packet and IP address become this user identity, these information can be put in the network interface card driving of the network equipment, the network equipment can be set up a legal passage for this user, and the user of authentication success can pass through this legal channel access outer net.
For example, the PC1 among Fig. 1 has passed through authentication, records MAC Address and the IP address of PC1 during then the network interface card of the network equipment drives, if the PC2 among Fig. 1 does not authenticate, and MAC Address and the IP address of then not recording PC2 in the driving of the network interface card of the network equipment.
For example, when the data message of the access outer net that sends from PC1 arrives the network equipment, because network interface card exists MAC Address and the IP address corresponding with PC1 in driving, thereby described data message forwarding can be arrived outer net, realize the access of PC1 to outer net.
For example, when the data message of the access outer net that sends from PC2 arrives the network equipment, because network interface card does not exist the MAC Address corresponding with PC2 and IP address in driving, thereby abandon described data message, thereby realized the restriction to PC2 access outer net.
Further, described control method can also comprise: when the user withdraws from, and MAC Address and the IP address of the described Intranet PC of deletion in described network interface card drives.Particularly, when the user withdraws from, send exit message to the webserver by Authentication Client, when the webserver is received this exit message, just can in described network interface card drives, delete MAC Address and the IP address of described Intranet PC.
Said method according to the embodiment of the invention, has any pc access outer net that the user of access outer net authority can be from Intranet, and the user who does not have access outer net authority can not access outer net by which platform Intranet PC, thereby has improved the fail safe of Intranet and the flexibility that the user accesses outer net.
Corresponding to said method, the present invention also provides a kind of control device of Intranet pc access outer net, and on the network equipment that is applied to be connected with Intranet PC, described control device can comprise:
Authentication ' unit when being used for receiving the authentication request packet that the user sends by Intranet PC, is carried out authentication according to described authentication request packet to the user, authentication by the time in network interface card drives MAC Address and the IP address of the described Intranet PC of record;
Judging unit when being used for receiving the data message of the access outer net that the user sends by Intranet PC, judges in the network interface card driving whether have the MAC Address corresponding with described Intranet PC and IP address;
Retransmission unit is used for when network interface card drives the existence MAC Address corresponding with described Intranet PC and IP address described data message forwarding being arrived outer net.
Further, described control device can also comprise: discarding unit is used for abandoning described data message when the network interface card driving does not exist the MAC Address corresponding with described Intranet PC and IP address.In addition, described authentication ' unit can also be used for: when the user withdraws from, and MAC Address and the IP address of the described Intranet PC of deletion in described network interface card drives.
In sum, the present invention carries out authentication to attempting by the user of Intranet pc access outer net, when authentication is passed through, MAC Address and the IP address of this Intranet of record PC in network interface card drives, like this, when receiving the data message of Intranet pc access outer net, whether exist corresponding MAC Address and IP address to determine whether this data message forwarding is arrived outer net in just can driving according to network interface card, thus the fail safe that has improved Intranet.
The above only is preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of making, is equal to replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (6)
1. the control method of an Intranet pc access outer net on the network equipment that is applied to be connected with Intranet PC, is characterized in that described control method comprises:
When receiving the authentication request packet that the user sends by Intranet PC, according to described authentication request packet the user is carried out authentication, authentication by the time in network interface card drives MAC Address and the IP address of the described Intranet PC of record;
When receiving the data message of the access outer net that the user sends by Intranet PC, judge in the network interface card driving whether have the MAC Address corresponding with described Intranet PC and IP address;
When in network interface card drives, having the MAC Address corresponding with described Intranet PC and IP address, described data message forwarding is arrived outer net.
2. control method as claimed in claim 1 is characterized in that, also comprises:
When in network interface card drives, not having the MAC Address corresponding with described Intranet PC and IP address, abandon described data message.
3. control method as claimed in claim 1 or 2 is characterized in that, also comprises:
When the user withdraws from, MAC Address and the IP address of the described Intranet PC of deletion in described network interface card drives.
4. the control device of an Intranet pc access outer net on the network equipment that is applied to be connected with Intranet PC, is characterized in that described control device comprises:
Authentication ' unit when being used for receiving the authentication request packet that the user sends by Intranet PC, is carried out authentication according to described authentication request packet to the user, authentication by the time in network interface card drives MAC Address and the IP address of the described Intranet PC of record;
Judging unit when being used for receiving the data message of the access outer net that the user sends by Intranet PC, judges in the network interface card driving whether have the MAC Address corresponding with described Intranet PC and IP address;
Retransmission unit is used for when network interface card drives the existence MAC Address corresponding with described Intranet PC and IP address described data message forwarding being arrived outer net.
5. control device as claimed in claim 4 is characterized in that, also comprises:
Discarding unit is used for abandoning described data message when the network interface card driving does not exist the MAC Address corresponding with described Intranet PC and IP address.
6. such as claim 4 or 5 described control device, it is characterized in that described authentication ' unit also is used for:
When the user withdraws from, MAC Address and the IP address of the described Intranet PC of deletion in described network interface card drives.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104481336A CN102932363A (en) | 2012-11-08 | 2012-11-08 | Control method and device of intranet computer (PC) to access outer net |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104481336A CN102932363A (en) | 2012-11-08 | 2012-11-08 | Control method and device of intranet computer (PC) to access outer net |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102932363A true CN102932363A (en) | 2013-02-13 |
Family
ID=47647065
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012104481336A Pending CN102932363A (en) | 2012-11-08 | 2012-11-08 | Control method and device of intranet computer (PC) to access outer net |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102932363A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219077A (en) * | 2013-06-04 | 2014-12-17 | 成都睿恒科技有限公司 | Information management system for middle and small-sized enterprises |
| CN106209815A (en) * | 2016-07-04 | 2016-12-07 | 安徽天达网络科技有限公司 | A kind of Multi net voting connects authentication method |
| CN107360184A (en) * | 2017-08-14 | 2017-11-17 | 杭州迪普科技股份有限公司 | terminal device authentication method and device |
| CN113132295A (en) * | 2019-12-30 | 2021-07-16 | 北京懿医云科技有限公司 | Method and device for accessing extranet by cluster intranet, storage medium and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101087187A (en) * | 2007-05-22 | 2007-12-12 | 网御神州科技(北京)有限公司 | A method and device for secure access control based on user |
| CN101197785A (en) * | 2008-01-04 | 2008-06-11 | 杭州华三通信技术有限公司 | MAC authentication method and apparatus |
| CN101277308A (en) * | 2008-05-23 | 2008-10-01 | 杭州华三通信技术有限公司 | Method for insulating inside and outside networks, authentication server and access switch |
-
2012
- 2012-11-08 CN CN2012104481336A patent/CN102932363A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101087187A (en) * | 2007-05-22 | 2007-12-12 | 网御神州科技(北京)有限公司 | A method and device for secure access control based on user |
| CN101197785A (en) * | 2008-01-04 | 2008-06-11 | 杭州华三通信技术有限公司 | MAC authentication method and apparatus |
| CN101277308A (en) * | 2008-05-23 | 2008-10-01 | 杭州华三通信技术有限公司 | Method for insulating inside and outside networks, authentication server and access switch |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219077A (en) * | 2013-06-04 | 2014-12-17 | 成都睿恒科技有限公司 | Information management system for middle and small-sized enterprises |
| CN106209815A (en) * | 2016-07-04 | 2016-12-07 | 安徽天达网络科技有限公司 | A kind of Multi net voting connects authentication method |
| CN107360184A (en) * | 2017-08-14 | 2017-11-17 | 杭州迪普科技股份有限公司 | terminal device authentication method and device |
| CN107360184B (en) * | 2017-08-14 | 2020-09-08 | 杭州迪普科技股份有限公司 | Terminal equipment authentication method and device |
| US10944744B2 (en) | 2017-08-14 | 2021-03-09 | Hangzhou Dptech Technologies Co., Ltd. | Verifying terminal device |
| CN113132295A (en) * | 2019-12-30 | 2021-07-16 | 北京懿医云科技有限公司 | Method and device for accessing extranet by cluster intranet, storage medium and electronic equipment |
| CN113132295B (en) * | 2019-12-30 | 2023-04-28 | 北京懿医云科技有限公司 | Method and device for accessing extranet through intranet of cluster, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7565547B2 (en) | Trust inheritance in network authentication | |
| US7624437B1 (en) | Methods and apparatus for user authentication and interactive unit authentication | |
| CN101227468B (en) | Method, device and system for authenticating user to network | |
| JP5029701B2 (en) | Virtual machine execution program, user authentication program, and information processing apparatus | |
| CN106034104B (en) | Verification method, device and system for network application access | |
| US20170048260A1 (en) | Method and system for network resource attack detection using a client identifier | |
| US8201221B2 (en) | Data transmission control on network | |
| CN104202338B (en) | A kind of safety access method being applicable to enterprise-level Mobile solution | |
| US11451959B2 (en) | Authenticating client devices in a wireless communication network with client-specific pre-shared keys | |
| CN101436934A (en) | Method, system and equipment for controlling user upper wire | |
| CN101488951A (en) | Method, equipment and communication network for preventing from address resolution protocol attack | |
| CN108924122B (en) | Network friend or foe identification method and system | |
| CN102438028A (en) | Method, device and system for preventing fraud of dynamic host configuration protocol (DHCP) server | |
| JP2008181310A (en) | Authentication server and authentication program | |
| CN105392137A (en) | Household WIFI embezzlement preventing method, wireless router and terminal equipment | |
| CN101986598A (en) | Authentication method, server and system | |
| CN108900484A (en) | A kind of generation method and device of access authority information | |
| CN102932363A (en) | Control method and device of intranet computer (PC) to access outer net | |
| CN106559785A (en) | Authentication method, equipment and system and access device and terminal | |
| CN101188558B (en) | Access control method, unit and network device | |
| CN101697550A (en) | Method and system for controlling access authority of double-protocol-stack network | |
| CN1783780B (en) | Method and device for realizing domain authorization and network authority authorization | |
| CN105812338A (en) | Data access management and control method and network management equipment | |
| CN101938428B (en) | Message transmission method and equipment | |
| US10298588B2 (en) | Secure communication system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130213 |