CN102984141A - Method for improving safety of intranet linux server - Google Patents
Method for improving safety of intranet linux server Download PDFInfo
- Publication number
- CN102984141A CN102984141A CN201210474564XA CN201210474564A CN102984141A CN 102984141 A CN102984141 A CN 102984141A CN 201210474564X A CN201210474564X A CN 201210474564XA CN 201210474564 A CN201210474564 A CN 201210474564A CN 102984141 A CN102984141 A CN 102984141A
- Authority
- CN
- China
- Prior art keywords
- user
- intranet
- linux server
- keeper
- improves
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a method for improving safety of an intranet linux server. In the intranet, corresponding permissions are distributed to a user through tools and commands of the linux server, the whole process from logging in to logging out is real-timely monitored and recorded, the operation of the user is analyzed and reported, and corresponding safety measures are taken. Compared with methods for improving safety of the intranet linux server in prior art, the method for improving safety of the intranet linux server has the advantages that the method is specific to certain malicious users, internal users can be effectively controlled through real-time monitoring, command analysis, corresponding strategies and complete logs, risks can be effectively prevented, and the safety of a system is improved to a certain degree.
Description
Technical field
The present invention relates to the computer security technique field, be specifically related to a kind of method that improves Intranet LINUX server security.
Background technology
In today of computer development, safety problem always all is much-talked-about topic.Especially along with the propagation at full speed of the Internet, safety problem is ubiquitous, and is all-pervasive.Walk crosswise from wreaking havoc of " Panda burning incense ", to again spreading unchecked of " grey pigeon ", the madness when several hundred million computers have been experienced viral attacking, also experience has arrived the fragility of operating system.
In order to seek relative safety, many enterprises begin to abandon Windows operating system, and this is known as the operating system that is perfectly safe to use Linux instead.Yet in actual applications, people have experienced the one side of linux system fragility again after having experienced Windows embarrassment filled with flaws.
The security attack event that security firm of Britain occured certain year January is investigated, and in the security attack of success, has approximately 80% to be successfully to have attacked the Linux server.The existing hacker's remote manual of these attacks is attacked, and the attack of starting by virus, worm or other rogue programs is also arranged.
Except the assault from the outside, from the misoperation of Intranet user and virus is propagated and malicious attack also so that the LINUX system is dangerous.The user has a mind to or brings unintentionally risk into, and has caused very large trouble to enterprise equally for the copy leakage of data.Although there is the history instrument in system itself, it is not real-time, just can see its record after the user publishes.Simultaneously can't the Real-Time Monitoring user behavior, also just can't make prevention to possible harm, the control that can't lose.Therefore the strick precaution for the intranet security risk seems especially important.
Summary of the invention
Technical assignment of the present invention is in the deficiencies in the prior art, and a kind of method that improves Intranet LINUX server security is provided.
Technical scheme of the present invention realizes in the following manner, this a kind of method that improves Intranet LINUX server security, and its specific implementation process is:
1) in Intranet, the instrument by LINUX server itself and order are to the corresponding authority of user assignment;
2) it is logined process and judge prompting;
3) the whole process of publishing of logining is carried out Real Time Monitoring and record, its operation is analyzed and reported, take corresponding safety measure;
4) after the user publishes system, with the filing of its Operation Log and send to the he or she.
In the Intranet in the technique scheme, instrument by LINUX server itself and order are to the corresponding authority of user assignment, it is logined the whole process of publishing carry out Real Time Monitoring and record, its operation is analyzed and reported, and take corresponding safety measure, it is the internal authentication user mainly for object, and its security consideration is taken precautions against mainly for the characteristics of Intranet user operation, mainly is that some of user are not intended to or the deliberate operation that may work the mischief to system.
This type of server OS is LINUX operating system and supports the relevant explanation devices such as sh, bash, and relevant interface is installed, and can carry out related command and operation.
The specific implementation step of described step 1) is: the system manager gives authority of each user preset, and the operation that can carry out comprising the user and the data that can access are set the lower corresponding strategy of different hidden danger operations according to the characteristics of system simultaneously.
Described step 2) specific implementation step is: the keeper judges the user logins, if whether the continuous mistake of password is then sent and reminded its inspection to login in person; If not login in person, the keeper blocks MAC Address and searches corresponding a suspect and carry out subsequent treatment; If forget Password in person, then apply for the password modification to the keeper.
The specific implementation step of described step 3) is: the operation of keeper's Real Time Monitoring, if the user logins the rear authority that automatically reads, and in the extent of competence of regulation, carry out reasonable operation, the data that access has been authorized, administrator records user's operation; If order and the data of user beyond authorizing are attempted, then it is given a warning and behind certain number of times, automatically it is kicked out of system, freeze account, notify the keeper.
In the technique scheme, server carries out real-time monitoring and detailed log recording by certain instrument and program to the user, if the default risks such as improper login and abnormal operation are arranged, then according to the strategy of the setting assurance security of system that takes appropriate measures.
The beneficial effect that the present invention compared with prior art produces is:
A kind of method that improves Intranet LINUX server security of the present invention, utilize interface that the LINUX server self provides and instrument etc., authorize the user corresponding authority, and complete monitoring and its activity of record, in the action of causing danger, make corresponding measure and guarantee security of system, in real time, efficiently, the very first time is avoided the generation of accident, and the simultaneously detailed analysis that is recorded as in the future provides foundation.
Embodiment
The below is described in detail below a kind of method that improves Intranet LINUX server security provided by the present invention.
In order to eliminate the hidden danger from Intranet; mainly be having a mind to or the unintentionally malicious attack of misoperation and some unauthorized users of local area network (LAN) internal authorization user; improve to a certain extent the fail safe of LINUX server; we need a kind of effective and feasible method to carry out safeguard protection; thereby allow the healthy and strong operation of server energy; a kind of method that improves Intranet LINUX server security now is provided; method provided by the invention is for the not successful user who logins; if it constantly attempts logining with the password of mistake; then the end message that it is corresponding is sent out mail it is checked whether I am at continuous logon attempt, in order to avoid other people usurp its username and password to user reminding.User for the success login, then carry out authorizing of authority according to corresponding setting, control from aspects such as operation and data, monitor from aspects such as program and orders, and with the operation time and the input and output of object and screen carry out detailed log recording, send immediately mail if any rogue program and violation operation and inform that the keeper warns it simultaneously, repeatedly remind and then by force it is kicked out of system after invalid, freeze account number.
The specific implementation step of the method is:
1) system manager gives authority of each user preset, the operation that can carry out comprising the user and the data that can access, set the lower corresponding strategy of different hidden danger operations according to the characteristics of system simultaneously, comprise warning, the user is kicked out of system etc.
2) if certain user ceaselessly attempts with certain user name accessing system, but password mistake always, then IP address and the information of correspondence are sent out mail to personnel corresponding to this user name, remind it to check whether I login, if not I in time inform the keeper at login, this MAC Address is blocked, search corresponding a suspect and carry out follow-up processing.If forget Password in person, then apply for the password modification to the keeper.This content can be carried out the information scratching analytic record by the network-management tool that system provides, and then makes corresponding action.
3) automatically read authority after the user logins, its operating environment of initialization, and this authority can not oneself the change, can file an application to the keeper if needed.The user need carry out rational operational order within the limits prescribed, the data that access has been authorized.Accomplish reasonably to use and control by the meticulous management that system itself provides.
4) from user's accessing system, system begins Real Time Monitoring and its all operation of record, comprise the time of logining and publishing, the modification of password, order and the program carried out, the data of access, input and output of screen etc., and corresponding time of corresponding record all, so that checking and analyzing in the future.
5) if the user always authorizes order in addition and data access to attempt, then it is given a warning and notify simultaneously the keeper, surpass certain number of times and automatically it is kicked out of system afterwards, freeze account number, need to explain the situation to the keeper.The setting of authority has just simply been done by a lot of systems, but does not have further customer analysis, can scent a hidden danger in advance by this process of monitoring record, guarantees the safety of server.
6) user publishes after the system, then its Operation Log is preserved on server automatically and is sent to him by mail simultaneously, makes things convenient for it that whole operating process is looked back and record.
The characteristics of this method are to combine characteristic and the instrument of server self, and more detailed and intelligent processing is about the problem of system safety aspect.
Claims (5)
1. method that improves Intranet LINUX server security is characterized in that its specific implementation process is:
1) in Intranet, the instrument by LINUX server itself and order are to the corresponding authority of user assignment;
2) it is logined process and judge prompting;
3) the whole process of publishing of logining is carried out Real Time Monitoring and record, its operation is analyzed and reported, take corresponding safety measure;
4) after the user publishes system, with the filing of its Operation Log and send to the he or she.
2. a kind of method that improves Intranet LINUX server security according to claim 1, it is characterized in that: the specific implementation step of described step 1) is: the system manager gives authority of each user preset, the operation that can carry out comprising the user and the data that can access are set the lower corresponding strategy of different hidden danger operations according to the characteristics of system simultaneously.
3. a kind of method that improves Intranet LINUX server security according to claim 1 and 2, it is characterized in that: specific implementation step described step 2) is: the keeper judges the user logins, if whether the continuous mistake of password is then sent and is reminded its inspection to login in person; If not login in person, the keeper blocks MAC Address and searches corresponding a suspect and carry out subsequent treatment; If forget Password in person, then apply for the password modification to the keeper.
4. a kind of method that improves Intranet LINUX server security according to claim 1, it is characterized in that: the specific implementation step of described step 3) is: the operation of keeper's Real Time Monitoring, if the user logins the rear authority that automatically reads, and in the extent of competence of regulation, carry out reasonable operation, the data that access has been authorized, administrator records user's operation; If order and the data of user beyond authorizing are attempted, then it is given a warning and behind certain number of times, automatically it is kicked out of system, freeze account, notify the keeper.
5. a kind of method that improves Intranet LINUX server security according to claim 3, it is characterized in that: the specific implementation step of described step 3) is: the operation of keeper's Real Time Monitoring, if the user logins the rear authority that automatically reads, and in the extent of competence of regulation, carry out reasonable operation, the data that access has been authorized, administrator records user's operation; If order and the data of user beyond authorizing are attempted, then it is given a warning and behind certain number of times, automatically it is kicked out of system, freeze account, notify the keeper.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210474564XA CN102984141A (en) | 2012-11-21 | 2012-11-21 | Method for improving safety of intranet linux server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210474564XA CN102984141A (en) | 2012-11-21 | 2012-11-21 | Method for improving safety of intranet linux server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102984141A true CN102984141A (en) | 2013-03-20 |
Family
ID=47857887
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210474564XA Pending CN102984141A (en) | 2012-11-21 | 2012-11-21 | Method for improving safety of intranet linux server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102984141A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104102878A (en) * | 2013-04-10 | 2014-10-15 | 中国科学院计算技术研究所 | Malicious code analysis method and system under Linux platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6349238B1 (en) * | 1998-09-16 | 2002-02-19 | Mci Worldcom, Inc. | System and method for managing the workflow for processing service orders among a variety of organizations within a telecommunications company |
| CN101072102A (en) * | 2007-03-23 | 2007-11-14 | 南京联创网络科技有限公司 | Information leakage preventing technology based on safety desktop for network environment |
| CN102333090A (en) * | 2011-09-28 | 2012-01-25 | 辽宁国兴科技有限公司 | Internal control bastion host and security access method of internal network resources |
| CN102609789A (en) * | 2012-02-21 | 2012-07-25 | 复旦大学 | Information monitoring and abnormality predicting system for library |
-
2012
- 2012-11-21 CN CN201210474564XA patent/CN102984141A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6349238B1 (en) * | 1998-09-16 | 2002-02-19 | Mci Worldcom, Inc. | System and method for managing the workflow for processing service orders among a variety of organizations within a telecommunications company |
| CN101072102A (en) * | 2007-03-23 | 2007-11-14 | 南京联创网络科技有限公司 | Information leakage preventing technology based on safety desktop for network environment |
| CN102333090A (en) * | 2011-09-28 | 2012-01-25 | 辽宁国兴科技有限公司 | Internal control bastion host and security access method of internal network resources |
| CN102609789A (en) * | 2012-02-21 | 2012-07-25 | 复旦大学 | Information monitoring and abnormality predicting system for library |
Non-Patent Citations (1)
| Title |
|---|
| 周阳: "内网管理系统关键技术研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》, 15 May 2011 (2011-05-15) * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104102878A (en) * | 2013-04-10 | 2014-10-15 | 中国科学院计算技术研究所 | Malicious code analysis method and system under Linux platform |
| CN104102878B (en) * | 2013-04-10 | 2017-02-08 | 中国科学院计算技术研究所 | Malicious code analysis method and system under Linux platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Miller et al. | A survey SCADA of and critical infrastructure incidents | |
| Elmrabit et al. | Insider threats in information security categories and approaches | |
| US20140068786A1 (en) | Securing Operating System/Web Server Systems and Methods | |
| Buch et al. | World of cyber security and cybercrime | |
| CN114003943A (en) | Safe double-control management platform for computer room trusteeship management | |
| Kovacevic et al. | Cyber attacks on critical infrastructure: Review and challenges | |
| CN108965305A (en) | A kind of internet security monitoring system and its monitoring method | |
| CN105893376A (en) | Database access supervision method | |
| CN102984141A (en) | Method for improving safety of intranet linux server | |
| Li | Study on security and prevention strategies of computer network | |
| Murthy et al. | Database Forensics and Security Measures to Defend from Cyber Threats | |
| Anand | Overview of root causes of software vulnerabilities-technical and user-side perspectives | |
| Miloslavskaya et al. | Taxonomy for unsecure digital information processing | |
| Guo et al. | Research on network information security protection technology based on big data | |
| Patil et al. | Secured cloud computing with decoy documents | |
| Miller | Application intrusion detection | |
| Baranchikov et al. | The Characteristics of the Information Protection Systems Design for Corporate Information Systems | |
| Fan et al. | Analysis of power network behavior security analysis technology | |
| Quanxiu et al. | Research of security audit of enterprise group accounting information system under internet environment | |
| Feng | The security mechanism of network database | |
| ullah Qureshi | Cyber Security Analysis Using Policies & Procedures | |
| Kubarskiy et al. | Importance of Information Security in Organizations | |
| Dumpa | AMp2biB; iBQM BMiQ J2i? Q/b 7Q. 2i2+ AMD2+ iBQM h2+? MQHQ; v | |
| Fonseca et al. | Monitoring database application behavior for intrusion detection | |
| Huang et al. | Security Policy on Logistics Management Information System Based on Web |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130320 |