CN103067203B - policy consistency auditing method, device and equipment - Google Patents

policy consistency auditing method, device and equipment Download PDF

Info

Publication number
CN103067203B
CN103067203B CN201210572440.5A CN201210572440A CN103067203B CN 103067203 B CN103067203 B CN 103067203B CN 201210572440 A CN201210572440 A CN 201210572440A CN 103067203 B CN103067203 B CN 103067203B
Authority
CN
China
Prior art keywords
policy data
equipment
server
crc value
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210572440.5A
Other languages
Chinese (zh)
Other versions
CN103067203A (en
Inventor
顾传彪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Gaohang Intellectual Property Operation Co ltd
Haining hi tech Zone Science and Innovation Center Co.,Ltd.
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201210572440.5A priority Critical patent/CN103067203B/en
Publication of CN103067203A publication Critical patent/CN103067203A/en
Application granted granted Critical
Publication of CN103067203B publication Critical patent/CN103067203B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a kind of policy consistency auditing method, device and equipment, belong to field of terminal equipment.Described method comprises: the characteristic value calculating the policy data of NM server and equipment respectively, and the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.The present invention is compared by the characteristic value of the policy data to NM server and equipment, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, accelerate the speed compared, improve audit efficiency.

Description

Policy consistency auditing method, device and equipment
Technical field
The present invention relates to field of terminal equipment, particularly a kind of policy consistency auditing method, device and equipment.
Background technology
Current internet application is increasing, and the problem of the harm enterprise such as virus, wooden horse and personal user information safety is also more and more outstanding, and network security has been a great concern.Because the security protection of outer net and the access control policy of Intranet get more and more, so the configuration of security strategy and operation maintenance demand are also increasingly strong, the management of strategy becomes and becomes increasingly complex.Strategy refers to the strategy configuration of Firewall Network, can filter and content safety detection according to five-tuple (source address, source port, destination address, destination interface, agreement) to the packet through fire compartment wall.Whether the configuration of equipment is consistent with the strategy of NM server configuration, affects the normal guard of the Internet, and therefore, the consistency audit of strategy is particularly important.
In the prior art, consistency audit strictly compares the configuration variance of NM server and equipment by strategically sequence number, strategy sequence number is different, then think that strategy is different, and the character string of the object oriented needing comparison strategy further to quote for the strategy that sequence number is identical, if character string is identical, think that NM server is consistent with the strategy of equipment, if character string is different, think that the strategy of NM server and equipment is inconsistent.
Realizing in process of the present invention, inventor finds that prior art at least exists following problem:
The auditing method of prior art, when strategically sequence number compares, for the strategy that sequence number is identical, due to the scene that strategy repeatedly adds and deletes may be there is, and once the strategy of amendment multiplexing before tactful sequence number, sequence number is different and business tine is identical strategy can be caused to judge into inconsistent and auditing result mistake that is that cause by accident, and when using character string to compare further, when common object quantity is large, efficiency is lower, there will be the problem repeating to compare simultaneously, and owing to only comparing quoted object oriented, be not concerned about the content of the inside, name is not changed but content situation about changing more not out, cause auditing result inaccurate.
Summary of the invention
In order to solve, consistency audit efficiency is low, the inaccurate problem of auditing result, embodiments provides a kind of policy consistency auditing method, device and equipment.Described technical scheme is as follows:
On the one hand, provide a kind of policy consistency auditing method, described method comprises:
Calculate the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data;
The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.
The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result, comprising:
First CRC value of the policy data of NM server and equipment is compared, determines the first policy data;
When also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
First CRC value of the policy data of NM server and equipment is compared, determines the first policy data, comprising:
Respectively the characteristic value of the policy data of NM server and equipment is sorted according to configuration sequence;
Determine First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
More described First ray and the second sequence, be defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
Calculate the characteristic value of the policy data of NM server and equipment respectively, comprising:
Obtain the policy data of NM server and equipment respectively;
According to the common object that policy data and each policy data of described NM server and equipment are quoted, calculate the characteristic value of the policy data of described NM server and equipment.
According to the common object that policy data and each policy data of described NM server and equipment are quoted, calculate the characteristic value of the policy data of described NM server and equipment, comprising:
When described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
According to the common object that policy data and each policy data of described NM server and equipment are quoted, calculate the characteristic value of the policy data of described NM server and equipment, comprising:
According to the adduction relationship level of each policy data described and common object, successively calculate the first CRC value and the second CRC value of each policy data from bottom to top.
On the other hand, provide a kind of policy consistency audit device, described device comprises:
Computing module, for calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data;
Comparison module, the characteristic value for the policy data to NM server and equipment compares, and obtains auditing result.
Described comparison module comprises:
First comparing unit, the first CRC value for the policy data to NM server and equipment compares, and determines the first policy data;
Second comparing unit, when also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
Described first comparing unit comprises:
Sequencing unit, for sorting according to configuration sequence to the characteristic value of the policy data of NM server and equipment respectively;
Sequence determination unit, for determining First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
First policy determining unit, for more described First ray and the second sequence, is defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
Described computing module comprises:
Acquiring unit, for obtaining the policy data of NM server and equipment respectively;
Computing unit, for the common object quoted according to policy data and each policy data of described NM server and equipment, calculates the characteristic value of the policy data of described NM server and equipment.
Described computing unit is used for when described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
Described computing unit is used for the adduction relationship level according to each policy data described and common object, successively calculates the first CRC value and the second CRC value of each policy data from bottom to top.
Another aspect, provide a kind of policy consistency audit device, described equipment comprises: processor,
Described processor, for calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data;
Described processor, the characteristic value also for the policy data to NM server and equipment compares, and obtains auditing result.
Described processor, the first CRC value for the policy data to NM server and equipment compares, and determines the first policy data; When also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
Described processor, for sorting according to configuration sequence to the characteristic value of the policy data of NM server and equipment respectively;
Described processor, for determining First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
Described processor, for more described First ray and the second sequence, is defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
Described processor, also for obtaining the policy data of NM server and equipment respectively;
Described processor, the common object also for quoting according to policy data and each policy data of described NM server and equipment, calculates the characteristic value of the policy data of described NM server and equipment.
Described processor, for when described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
Described processor, for the adduction relationship level according to each policy data described and common object, successively calculates the first CRC value and the second CRC value of each policy data from bottom to top.
A kind of policy consistency auditing method, device and equipment that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 a is a kind of policy consistency auditing method flow chart provided in the embodiment of the present invention;
Fig. 1 b is a kind of policy consistency audit configuration diagram provided in the embodiment of the present invention;
Fig. 2 a is a kind of policy consistency auditing method flow chart provided in the embodiment of the present invention;
Fig. 2 b is a kind of policy consistency audit schematic diagram provided in the embodiment of the present invention;
Fig. 3 is a kind of policy consistency audit device structural representation provided in the embodiment of the present invention;
Fig. 4 is a kind of policy consistency audit device structural representation provided in the embodiment of the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
Fig. 1 a is a kind of policy consistency auditing method flow chart that the embodiment of the present invention provides, and the executive agent in the present embodiment is NM server, and see Fig. 1 a, the method flow process comprises:
101: the characteristic value calculating the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data;
Wherein, each CRC value calculates according to data itself and Cyclic Redundancy Algorithms.
102: the characteristic value of the policy data of NM server and equipment is compared, obtain auditing result.
The method that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.
Optionally, on the basis of the technical scheme of Fig. 1 a illustrated embodiment, this step 102 " compares the characteristic value of the policy data of NM server and equipment, obtains auditing result ", comprises the following steps:
102A: the first CRC value of the policy data of NM server and equipment is compared, determines the first policy data;
Wherein, first CRC value calculates according to the business tine of the policy data of NM server, therefore the first CRC value and tactful physical meaning one_to_one corresponding, and include the content of the object quoted of strategy and common object due to this business tine, therefore, by comparing the first CRC value of the policy data of NM server and equipment, just can determine that whether NM server is consistent with the business tine of the policy data of equipment, when NM server is identical with the first CRC value of the policy data of equipment, then think that NM server is consistent with the policy data of equipment, first policy data is then for the first CRC between NM server and the policy data of equipment is worth identical policy data.
102B: when also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
When comprising the All Policies data in NM server and equipment when the first policy data, do not need to compare the second policy data, now, there is not the second policy data, namely NM server is consistent with the policy data in equipment, does not need to compare further; When not comprising the All Policies data in NM server and equipment when the first policy data, policy data in NM server and equipment is inconsistent, using the data in the All Policies data in NM server and equipment except the first policy data as the second policy data, need the second CRC value compared further in the NM server in the second policy data and the policy data in equipment.
Second CRC value contains the CRC value of the content of multiple common object quoted, by comparing the second CRC value, concrete difference between the common object that the policy data can finding out NM server and equipment is quoted, also just have found the concrete difference of the policy data of NM server and equipment.
The method that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.Further, by respectively to the comparison of the first cyclic check code and the second cyclic check code, can the consistency auditing result of quick obtaining NM server and equipment.
Further alternative, on the basis of the technical scheme of Fig. 1 a illustrated embodiment, this step 102A " compares the characteristic value of the policy data of NM server and equipment, obtains auditing result ", comprises step:
(1) respectively the characteristic value of the policy data of NM server and equipment is sorted according to configuration sequence;
According to the order that the policy data of NM server and equipment configures, respectively the characteristic value of the policy data of NM server and equipment is sorted, the policy data comparison procedure of NM server and equipment can be carried out in order.
(2) First ray and the second sequence is determined, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment.
When with the policy data of NM server for benchmark time, according to the order of the policy data of NM server, the first CRC value in the policy data of NM server is compared with the first CRC value of the policy data of equipment one by one, particularly, first find out in a device and be worth identical policy data with the first CRC of the policy data of first in the policy data of NM server, if have found the policy data with the first identical CRC value in a device, record the order of this policy data in the policy data of NM server and the policy data of equipment and position, then, search under the position of the policy data of record in a device and be worth identical policy data with the first CRC of the policy data of second in the policy data of NM server, there is the first identical CRC be worth identical policy data if do not found in a device, search at the policy data of equipment and be worth identical policy data with the first CRC of the policy data of second in the policy data of NM server.In the policy data of equipment, the policy data with the first identical CRC value is searched according to the mode of searching of first policy data, until all policy data traversals in NM server have been searched, all policy data one_to_one corresponding with the first identical CRC value.
When with the policy data of equipment for benchmark time, according to the order of the policy data of equipment, the first CRC value in the policy data of equipment is compared with the first CRC value of the policy data of NM server one by one, particularly, first find out in NM server and be worth identical policy data with the first CRC of the policy data of first in the policy data of equipment, if have found the policy data with the first identical CRC value in NM server, record the order of this policy data in the policy data of equipment and the policy data of NM server and position, then, search under the position of the policy data of the record in NM server and be worth identical policy data with the first CRC of the policy data of second in the policy data of equipment, there is the first identical CRC be worth identical policy data if do not found in NM server, search at the policy data of NM server and be worth identical policy data with the first CRC of the policy data of second in the policy data of equipment.In the policy data of NM server, the policy data with the first identical CRC value is searched according to the mode of searching of first policy data, until all policy data traversals in equipment have been searched, all policy data one_to_one corresponding with the first identical CRC value.
(3) more described First ray and the second sequence, is defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
Due in the process obtaining First ray and the second sequence, have employed NM server and equipment respectively as benchmark, so the quantity with the policy data of the first identical CRC value in the First ray obtained and the second sequence is likely different, the policy data in sequences many for the policy data with the first identical CRC value is defined as the first policy data.When not comprising the All Policies data in NM server and equipment when the first policy data, using the policy data beyond the first policy data as the second policy data.
The method that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.Further, by respectively to the comparison of the first cyclic check code and the second cyclic check code, can the consistency auditing result of quick obtaining NM server and equipment.Further, by obtaining the first policy data, the consistent policy data in NM server and equipment can be known.
Alternatively, on the basis of the technical scheme of Fig. 1 a illustrated embodiment, step 101 " calculate the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data ", comprising:
101A: the policy data obtaining NM server and equipment respectively;
Wherein, policy data comprises strategy and the tactful common object quoted.Wherein, common object includes but not limited to: address set, time period, services set etc.After NM server receives the audit request that equipment sends, send a request message to NM server according to the device id number in audit request, NM server returns according to the ID in request message the policy data that this equipment configures on NM server; Meanwhile, NM server sends a request message to this equipment, makes this equipment after receiving request message, and the order line echo data that strategy configures are returned to NM server, and wherein, the order line echo data of this strategy configuration comprise the policy data of equipment.
101B: the common object quoted according to policy data and each policy data of described NM server and equipment, calculates the characteristic value of the policy data of described NM server and equipment.
Policy data both can comprise various reference object, also the common object quoted can be comprised, for the object quoted, as address ip, service http etc. directly can calculate its CRC value, for the common object quoted, then need to calculate the CRC value of common object name and the CRC value of common object content.For a strategy, the superiors are this strategy, lower floor can be the substrategy of this strategy, the common object that can quote for this substrategy of lower floor again, if this common object refer to other object, so can also have lower data, each strategy can be divided into different levels according to the adduction relationship of self.When calculating the characteristic value of policy data of NM server and equipment, need calculating two category feature value, the first kind is the first CRC value, and Equations of The Second Kind is the second CRC value.Wherein, the characteristic value of a policy data comprises the first CRC value that has multiple CRC value, and this characteristic value can also comprise at least one second CRC value, the number of the common object that the number of the second CRC value that the characteristic value of policy data comprises is quoted by each policy data determines, at least one second CRC value may be had in a characteristic value, the second CRC value may do not had yet, but, a first CRC value is only comprised in the characteristic value of policy data, first cyclic check code is the CRC value of the strategy of these policy data the superiors.
The method that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.Further, by respectively to the comparison of the first cyclic check code and the second cyclic check code, can the consistency auditing result of quick obtaining NM server and equipment.By the calculating to the first cyclic check code and the second cyclic check code, the time that comparison of coherence is used can be shortened.
Further alternative, on the basis of the technical scheme of Fig. 1 a illustrated embodiment, in this step 101B " according to the common object that policy data and each policy data of described NM server and equipment are quoted, calculate the characteristic value of the policy data of described NM server and equipment ", comprise: when described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
NM server is in consistency audit process, and what get from equipment is the order line echo data of strategy configuration, and wherein, the order line echo data that this strategy configures comprise the policy data of equipment.When described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.Particularly, after NM server receives the policy data of equipment transmission, judge that whether NM server is identical with the form of the policy data of equipment, if so, directly calculate the characteristic value of the policy data of NM server and equipment; If not, according to the order line echo data of the policy data configuration that equipment sends, policy data is carried out to the parsing of order line, change into the form of the policy data of NM server, then calculate the characteristic value of the policy data of NM server and equipment.
Further alternative, on the basis of the technical scheme of Fig. 1 a illustrated embodiment, " according to the common object that policy data and each policy data of described NM server and equipment are quoted; calculate the characteristic value of the policy data of described NM server and equipment " in this step 101B, comprise: according to the adduction relationship level of each policy data described and common object, successively calculate the first CRC value and the second CRC value of each policy data from bottom to top.
Particularly, according to the adduction relationship level of each policy data described and common object, the CRC value of the common object that each policy data that first calculating is in lower floor is quoted is as the second CRC value, again according to hierarchical logic relation, the object quote upper strata and business datum calculate, using the second CRC value and the CRC value of upper layer policy data that calculates as the first CRC value, first CRC value comprises at least one second CRC value, the business implication of the first CRC value got and the actual representative of policy data is one to one.When calculating first CRC value, as long as calculate according to configuration sequence, for the object directly quoted, calculate the CRC value of its correspondence, for the common object quoted, then need to calculate the CRC value of common object name and the CRC value of common object content.Such as, strategy only refer to common object, then the form of the first CRC value of strategy is:
The CRC value of the content of the common object 1 that the CRC value+policy data of the name of the common object 1 that policy data is quoted is quoted+... the CRC value of the content of the common object N that the CRC value+policy data of the name of the common object N that+policy data is quoted is quoted.
Wherein, the CRC value of CRC value and the common object of the name of each common object in the first CRC value of strategy is adjacent, and the CRC value of the name of each common object and the CRC value of common object calculate by the sequencing of their configurations in strategy.
Such as, strategy both refer to common object, directly refer to again object as IP and service, then the form of the first CRC value of strategy is:
The CRC value of the content of the common object 1 that the CRC value+policy data of the name of the common object 1 that policy data is quoted is quoted+... the CRC value of the CRC value+service of the CRC value+IP of the content of the common object N that the CRC value+policy data of the name of the common object N that+policy data is quoted is quoted.
The CRC value of CRC value and the common object of the name of each common object in the second CRC value of strategy is adjacent, and the CRC value of the name of each common object and the CRC value of common object, the CRC value of IP, the CRC value of service calculate by the sequencing of their configurations in strategy.
Fig. 1 b is a kind of policy consistency audit configuration diagram provided in the embodiment of the present invention, see Fig. 1 b, in Fig. 1 b, in the audit preparatory stage, after getting the policy data of NM server and equipment, the policy data of equipment is resolved, convert the data consistent with the form of the policy data of NM server to, then the CRC value of common object is calculated, i.e. the second CRC value, services set as illustrated in the drawing, address set and other collection, then according to adduction relationship, calculate the CRC value of the strategy on upper strata, i.e. the first CRC value.In audit process, first carry out the comparison of the first CRC value, obtain the first policy data, when the first CRC value, relatively the second CRC value of common object, first compares the second CRC value of the name of services set, address set and other collection, finds out the set that the second CRC value is different, and then the second CRC value of the content of this set, obtain concrete inconsistent data.
Fig. 2 a is a kind of policy consistency auditing method flow chart that the embodiment of the present invention provides, and the executive agent in the present embodiment is NM server, and see Fig. 2 a, method flow comprises:
201: NM server obtains the policy data of NM server and equipment respectively;
202: the form by the formal transformation of the policy data of described equipment being the policy data of described NM server;
The embodiment of the present invention is not only all example with the form of the policy data of the policy data of NM server and equipment and is described.
203: the common object quoted according to policy data and each policy data of described NM server and equipment, calculates the characteristic value of the policy data of described NM server and equipment;
According to the adduction relationship level of each policy data described and common object, successively calculate the first CRC value and the second CRC value of each policy data from bottom to top.The characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data.
In order to make the characteristic value computational process of those skilled in the art's comprehension strategy data better, illustrate below.As, the form of a policy data is:
Policy100sourceaddress-setaddrset002destinationaddrset_serverservicehttpftp
addrset002
item12.2.2.0/24
item23.3.3.0/24
addrset_server
item15.5.5.0/24
item25.5.6.0/24
Wherein, 100 is sequence numbers of this strategy, addrset002 is the source address services set that this strategy is quoted, addrset_server is the destination address services set that this strategy is quoted, httpftp is the service that this agreement uses, 2.2.2.0/24 be the address contents in the source address services set quoted of this strategy with 3.3.3.0/24,5.5.5.0/24 and 5.5.6.0/24 is the address contents in the destination address services set quoted of this strategy.
Because this strategy refer to two common objects, i.e. addrset002 and addrset_server, so two the second CRC values can be obtained.When calculating the second CRC value of this strategy, need the CRC value first calculating 2.2.2.0/24 and 3.3.3.0/24 respectively, then the value of the two is added, as the second CRC value of the content of addrset002, in like manner, need the CRC value first calculating 5.5.5.0/24 and 5.5.6.0/24 respectively, then the value of the two is added, as the second CRC value of the content of addrset_server.After having calculated the second CRC value, then calculate the first CRC value of this strategy, consisting of of the first CRC value of this strategy:
The CRC value of the CRC value+httpftp of the content of the CRC value+addrset_server of the name of the CRC value+addrset_server of the content of the CRC value+addrset002 of the name of addrset002.
204: respectively the characteristic value of the policy data of NM server and equipment is sorted according to configuration sequence;
According to the order that the policy data of NM server and equipment configures, respectively the characteristic value of the policy data of NM server and equipment is sorted, the policy data comparison procedure of NM server and equipment can be carried out in order.
205: determine First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
In the process determining First ray and the second sequence, need respectively with the policy data of NM server and equipment for benchmark, by comparing one by one the policy data of NM server and equipment, until all policy data one_to_one corresponding with the first identical CRC value, obtain the first CRC and be worth identical policy data sequence.
Such as, policy data in NM server is EABC, policy data in equipment is CABD, then with the policy data of NM server for benchmark, from the policy data NM server, take out tactful E, obtain the first CRC value of E, and the first CRC value in policy data in equipment compares, by more known, the E in the policy data of network does not have corresponding strategy in the policy data of equipment.After the E of completeer NM server, obtain the first CRC value of the next one strategy A of NM server, compare with the first CRC value in each policy data in equipment, when comparing the A in equipment, have found the strategy with identical first CRC value, the order of the tactful A that record has an identical first CRC value in NM server and equipment and position.Obtain the first CRC value of the B in NM server, compare with the policy data of below the A in equipment, can the tactful B with identical first CRC value in acquisition equipment, the order of the tactful B that record has an identical first CRC value in NM server and equipment and position.Finally, obtain the first CRC value of the C in NM server, and the policy data of below B in equipment compares, by more known, the C in the policy data of network does not have corresponding strategy in the policy data of equipment.Relatively, will have the tactful one_to_one corresponding of the first identical CRC value, the data obtained are as shown in table 1:
Table 1
NM server Equipment
E C
A A
B B
C D
As can be seen from Table 1, First ray is made up of the A of NM server and the B of the A of equipment, the B of NM server and equipment.
With the policy data of equipment for benchmark, policy data in compare facilities and the policy data in NM server one by one, mode and the aforesaid way of comparison are similar, here repeat no more, relatively, to have the tactful one_to_one corresponding of the first identical CRC value, the data obtained are as shown in table 2:
Table 2
Equipment NM server
N/A E
N/A A
N/A B
C C
A N/A
B N/A
D N/A
As can be seen from Table 2, the second sequence is made up of the C of equipment and the C of NM server, and wherein, N/A represents empty.
206: more described First ray and the second sequence, the policy data comprised in the many sequences of the policy data with the first identical CRC value is defined as the first policy data;
In example in step 205, as can be seen from Table 1, the quantity with the policy data of the first identical CRC value in First ray is 2, and namely the A in NM server and the A in equipment is corresponding, and the B in NM server and the B in equipment is corresponding.As can be seen from Table 2, the quantity with the policy data of the first identical CRC value in second sequence is 1, namely the C in equipment and the C in NM server is corresponding, by comparing, the quantity in First ray with the policy data of the first identical CRC value is more, so, using each policy data in First ray all as the first policy data.
Step 204-206 compares the first CRC value of the policy data of NM server and equipment, determines the process of the first policy data.
207: when also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
When comprising the All Policies data in NM server and equipment when the first policy data, do not need to compare the second policy data, now, there is not the second policy data, namely NM server is consistent with the policy data in equipment, does not need to compare further; When not comprising the All Policies data in NM server and equipment when the first policy data, policy data in NM server and equipment is inconsistent, using the data beyond the first policy data in the All Policies data in NM server and equipment as the second policy data, need the second CRC value compared further in the NM server in the second policy data and the policy data in equipment.
On the basis of step 206 example, the All Policies data in NM server and equipment are not comprised due to the first policy data, then need to compare the second policy data, so using the data in the All Policies data in NM server and equipment except the first policy data as the second policy data.As can be seen from Table 1, the second policy data is made up of the E of NM server and the D of the C of equipment, the C of NM server and equipment.After acquisition second policy data, for the policy data of the NM server and equipment that there is corresponding relation, also need the second CRC value comparing the E of NM server and the C of equipment further, and the second CRC value of the C of NM server and the D of equipment, find out the difference in the policy data in NM server and equipment, for the policy data of the NM server and equipment that there is not corresponding relation, as the 2nd in table 2, 3, 4, 6, 7, 8 provisional capitals are that a policy data is to the situation of sky, so without the need to comparing, directly using this policy data as variance data.
Step 203-207 compares the characteristic value of the policy data of NM server and equipment, obtains the process of auditing result.
Fig. 2 b is a kind of policy consistency audit schematic diagram that the embodiment of the present invention provides, see Fig. 2 b, in figure, tactful adduction relationship is divided into three levels, ground floor is strategy, the second layer is substrategy (service substrategy (fwpolicy) as shown in figure 2b, procotol substrategy (ipspolicy) and resolution level strategy (dpipolicy)), and third layer is common object (source address as shown in Figure 2 b, destination address, service, time period, exception signature, signature collection, application protocol collection etc.).The common object of this third layer can also have the common object (self-defined signature as shown in Figure 2 b) quoted, relatively time, first compare the first cyclic redundancy check (CRC) code value of the ground floor strategy of NM server and equipment, when the first cyclic redundancy check (CRC) code value is different, compare the second CRC value of the substrategy of the second layer of NM server and equipment again, if the second CRC value of the substrategy of the second layer is identical, then do not compare further, if the second CRC value of the substrategy of the second layer is different, find out the substrategy that the second CRC value is different, relatively the second CRC value of the common object of the third layer that this substrategy of NM server and equipment is corresponding, find out the common object that the second CRC value is different.
The method that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.
Fig. 3 is a kind of policy consistency audit device provided in the embodiment of the present invention, and see Fig. 3, this device comprises:
Computing module 301, for calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data;
Comparison module 302, the characteristic value for the policy data to NM server and equipment compares, and obtains auditing result.
Described comparison module 302 comprises:
First comparing unit, the first CRC value for the policy data to NM server and equipment compares, and determines the first policy data;
Second comparing unit, when also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
Described first comparing unit comprises:
Sequencing unit, for sorting according to configuration sequence to the characteristic value of the policy data of NM server and equipment respectively;
Sequence determination unit, for determining First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
First policy determining unit, for more described First ray and the second sequence, is defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
Described computing module 301 comprises:
Acquiring unit, for obtaining the policy data of NM server and equipment respectively;
Computing unit, for the common object quoted according to policy data and each policy data of described NM server and equipment, calculates the characteristic value of the policy data of described NM server and equipment.
Described computing unit is used for when described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
Described computing unit is used for the adduction relationship level according to each policy data described and common object, successively calculates the first CRC value and the second CRC value of each policy data from bottom to top.
The device that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.
Fig. 4 is a kind of policy consistency audit device provided in the embodiment of the present invention, and see Fig. 4, this equipment comprises: processor,
Described processor 401, for calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data;
Described processor 401, the characteristic value also for the policy data to NM server and equipment compares, and obtains auditing result.
Described processor 401, the first CRC value for the policy data to NM server and equipment compares, and determines the first policy data; When also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
Described processor 401, for sorting according to configuration sequence to the characteristic value of the policy data of NM server and equipment respectively;
Described processor 401, for determining First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
Described processor 401, for more described First ray and the second sequence, is defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
Described processor 401, also for obtaining the policy data of NM server and equipment respectively;
Described processor 401, the common object also for quoting according to policy data and each policy data of described NM server and equipment, calculates the characteristic value of the policy data of described NM server and equipment.
Described processor 401, for when described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
Described processor 401, for the adduction relationship level according to each policy data described and common object, successively calculates the first CRC value and the second CRC value of each policy data from bottom to top.
The equipment that the embodiment of the present invention provides, by calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, the CRC value of the common object that described second CRC value is quoted for this policy data; The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result.Adopt the technical scheme that the embodiment of the present invention provides, sequence number is different and business tine is identical strategy can be avoided to judge into inconsistent and auditing result mistake that is that cause by accident, improve the accuracy of consistency auditing result, simultaneously by the comparison to characteristic value, accelerate the speed compared, improve audit efficiency.
It should be noted that: the policy consistency audit device that above-described embodiment provides is when policy consistency is audited, only be illustrated with the division of above-mentioned each functional module, in practical application, can distribute as required and by above-mentioned functions and be completed by different functional modules, internal structure by equipment is divided into different functional modules, to complete all or part of function described above.In addition, the policy consistency audit device that above-described embodiment provides and policy consistency auditing method embodiment belong to same design, and its specific implementation process refers to embodiment of the method, repeats no more here.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can have been come by hardware, the hardware that also can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (12)

1. a policy consistency auditing method, is characterized in that, described method comprises:
Calculate the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, described first CRC value calculates according to the business tine of policy data, the CRC value of the common object that described second CRC value is quoted for this policy data, described second CRC value comprises the CRC value of the content of multiple common object quoted;
The characteristic value of the policy data of NM server and equipment is compared, obtains auditing result;
The described characteristic value calculating the policy data of NM server and equipment respectively, comprising:
Obtain the policy data of NM server and equipment respectively;
According to the common object that policy data and each policy data of described NM server and equipment are quoted, calculate the characteristic value of the policy data of described NM server and equipment;
The characteristic value of the described policy data to NM server and equipment compares, and obtains auditing result, comprising:
First CRC value of the policy data of NM server and equipment is compared, determines the first policy data;
When also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
2. method according to claim 1, is characterized in that, compares, determine the first policy data, comprising the first CRC value of the policy data of NM server and equipment:
Respectively the characteristic value of the policy data of NM server and equipment is sorted according to configuration sequence;
Determine First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
More described First ray and the second sequence, be defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
3. method according to claim 1, is characterized in that, according to the common object that policy data and each policy data of described NM server and equipment are quoted, calculates the characteristic value of the policy data of described NM server and equipment, comprising:
When described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
4. method according to claim 1, is characterized in that, according to the common object that policy data and each policy data of described NM server and equipment are quoted, calculates the characteristic value of the policy data of described NM server and equipment, comprising:
According to the adduction relationship level of each policy data described and common object, successively calculate the first CRC value and the second CRC value of each policy data from bottom to top.
5. a policy consistency audit device, is characterized in that, described device comprises:
Computing module, for calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, described first CRC value calculates according to the business tine of policy data, the CRC value of the common object that described second CRC value is quoted for this policy data, described second CRC value comprises the CRC value of the content of multiple common object quoted;
Comparison module, the characteristic value for the policy data to NM server and equipment compares, and obtains auditing result;
Described computing module comprises:
Acquiring unit, for obtaining the policy data of NM server and equipment respectively;
Computing unit, for the common object quoted according to policy data and each policy data of described NM server and equipment, calculates the characteristic value of the policy data of described NM server and equipment;
Described comparison module comprises:
First comparing unit, the first CRC value for the policy data to NM server and equipment compares, and determines the first policy data;
Second comparing unit, when also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
6. device according to claim 5, is characterized in that, described first comparing unit comprises:
Sequencing unit, for sorting according to configuration sequence to the characteristic value of the policy data of NM server and equipment respectively;
Sequence determination unit, for determining First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
First policy determining unit, for more described First ray and the second sequence, is defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
7. device according to claim 5, it is characterized in that, described computing unit is used for when described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
8. device according to claim 5, it is characterized in that, described computing unit is used for the adduction relationship level according to each policy data described and common object, successively calculates the first CRC value and the second CRC value of each policy data from bottom to top.
9. a policy consistency audit device, is characterized in that, described equipment comprises: processor,
Described processor, for calculating the characteristic value of the policy data of NM server and equipment respectively, the characteristic value of each policy data comprises the first CRC value and the second CRC value; Described first CRC value is the CRC value of this policy data, described first CRC value calculates according to the business tine of policy data, the CRC value of the common object that described second CRC value is quoted for this policy data, described second CRC value comprises the CRC value of the content of multiple common object quoted;
Described processor, the characteristic value also for the policy data to NM server and equipment compares, and obtains auditing result;
Described processor, also for obtaining the policy data of NM server and equipment respectively; According to the common object that policy data and each policy data of described NM server and equipment are quoted, calculate the characteristic value of the policy data of described NM server and equipment;
Described processor, the first CRC value also for the policy data to NM server and equipment compares, and determines the first policy data; When also comprising the second policy data through comparing the policy data determining described NM server and equipment, second CRC value of the second policy data of described NM server and the second policy data of equipment is compared, obtains the difference between the second policy data of described NM server and the second policy data of equipment.
10. equipment according to claim 9, is characterized in that, described processor, for sorting according to configuration sequence to the characteristic value of the policy data of NM server and equipment respectively;
Described processor, for determining First ray and the second sequence, described First ray is with the policy data of NM server for determined first CRC of benchmark is worth identical policy data sequence, and described second sequence is for determined first CRC of benchmark is worth identical policy data sequence with the policy data of equipment;
Described processor, for more described First ray and the second sequence, is defined as the first policy data by the policy data comprised in the many sequences of the policy data with the first identical CRC value.
11. equipment according to claim 9, it is characterized in that, described processor, for when described NM server is different with the form of the policy data of equipment, it is the form of the policy data of described NM server by the formal transformation of the policy data of described equipment, according to described NM server and the policy data of equipment and the adduction relationship of each policy data common object, calculate the characteristic value of the policy data of described NM server and equipment.
12. equipment according to claim 9, it is characterized in that, described processor, for the adduction relationship level according to each policy data described and common object, successively calculates the first CRC value and the second CRC value of each policy data from bottom to top.
CN201210572440.5A 2012-12-25 2012-12-25 policy consistency auditing method, device and equipment Active CN103067203B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210572440.5A CN103067203B (en) 2012-12-25 2012-12-25 policy consistency auditing method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210572440.5A CN103067203B (en) 2012-12-25 2012-12-25 policy consistency auditing method, device and equipment

Publications (2)

Publication Number Publication Date
CN103067203A CN103067203A (en) 2013-04-24
CN103067203B true CN103067203B (en) 2016-03-02

Family

ID=48109673

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210572440.5A Active CN103067203B (en) 2012-12-25 2012-12-25 policy consistency auditing method, device and equipment

Country Status (1)

Country Link
CN (1) CN103067203B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104519030B (en) * 2013-09-30 2018-07-17 西门子公司 A kind of method and apparatus for safety detection
CN106844565B (en) * 2016-12-30 2020-07-07 上海帝联信息科技股份有限公司 Character comparison method and device between data lines

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102255924A (en) * 2011-08-29 2011-11-23 浙江中烟工业有限责任公司 Multi-stage security interconnection platform based on trusted computing and processing flow thereof
CN102307197A (en) * 2011-08-29 2012-01-04 浙江中烟工业有限责任公司 Trusted enhancement subsystem of multilevel security intercommunication platform

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7916775B2 (en) * 2006-06-16 2011-03-29 Lg Electronics Inc. Encoding uplink acknowledgments to downlink transmissions

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102255924A (en) * 2011-08-29 2011-11-23 浙江中烟工业有限责任公司 Multi-stage security interconnection platform based on trusted computing and processing flow thereof
CN102307197A (en) * 2011-08-29 2012-01-04 浙江中烟工业有限责任公司 Trusted enhancement subsystem of multilevel security intercommunication platform

Also Published As

Publication number Publication date
CN103067203A (en) 2013-04-24

Similar Documents

Publication Publication Date Title
US10305776B2 (en) Network verification
CN102104635B (en) Method and device for updating Internet protocol (IP) address base
CN101267313B (en) Flooding attack detection method and detection device
CN106856434A (en) The method and apparatus of access request conversion
US10567384B2 (en) Verifying whether connectivity in a composed policy graph reflects a corresponding policy in input policy graphs
CN105024969A (en) Method and device for realizing malicious domain name identification
CN103825837A (en) Node load distributed CDN global scheduling method
CN104468107B (en) Verify data processing method and processing device
CN102831167B (en) XML (extensive makeup language) processing method and device for graph structure
KR102061833B1 (en) Apparatus and method for investigating cyber incidents
CN109951393B (en) Network segment searching method and device
CN105869057A (en) Comment storage device, comment reading method and apparatus, and comment writing method and apparatus
CN105426375A (en) Relationship network calculation method and apparatus
CN103067203B (en) policy consistency auditing method, device and equipment
CN109510800A (en) A kind of network request processing method, device, electronic equipment and storage medium
CN108257014B (en) Method and device for creating underwriting flow
CN103888481B (en) A kind of LAN DHCP packet filtering method
CN106911649A (en) A kind of method and apparatus for detecting network attack
CN107807976A (en) IP attribution inquiry methods and device
CN105812204A (en) Recursion domain name server online identification method based on connectivity estimation
CN114567613A (en) Real IP identification method, device, electronic equipment and storage medium
CN106610899A (en) Test case generation method and device
CN113687852A (en) Automatic generation method and device for log collection configuration file
CN103763320B (en) Method and system for merging flow records
CN103023864B (en) A kind of domain name method for blocking and equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20191220

Address after: 314400 No.11, Weisan Road, Nongfa District, Chang'an Town, Haining City, Jiaxing City, Zhejiang Province

Patentee after: Haining hi tech Zone Science and Innovation Center Co.,Ltd.

Address before: 510000 unit 2414-2416, building, No. five, No. 371, Tianhe District, Guangdong, China

Patentee before: GUANGDONG GAOHANG INTELLECTUAL PROPERTY OPERATION Co.,Ltd.

Effective date of registration: 20191220

Address after: 510000 unit 2414-2416, building, No. five, No. 371, Tianhe District, Guangdong, China

Patentee after: GUANGDONG GAOHANG INTELLECTUAL PROPERTY OPERATION Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.