CN103997487A - Safe network-surfing isolation method based on browser - Google Patents

Safe network-surfing isolation method based on browser Download PDF

Info

Publication number
CN103997487A
CN103997487A CN201410183713.6A CN201410183713A CN103997487A CN 103997487 A CN103997487 A CN 103997487A CN 201410183713 A CN201410183713 A CN 201410183713A CN 103997487 A CN103997487 A CN 103997487A
Authority
CN
China
Prior art keywords
server
user terminal
browser
internet
step
Prior art date
Application number
CN201410183713.6A
Other languages
Chinese (zh)
Inventor
张锡聪
Original Assignee
绿网天下(福建)网络科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 绿网天下(福建)网络科技有限公司 filed Critical 绿网天下(福建)网络科技有限公司
Priority to CN201410183713.6A priority Critical patent/CN103997487A/en
Publication of CN103997487A publication Critical patent/CN103997487A/en

Links

Abstract

The invention provides a safe network-surfing isolation method based on a browser. Network-surfing behaviors of all users are completed in a server in a unified manner. The server only transmits processed web page images and file data downloaded from the internet to a user terminal and the server only receives keyboard and mouse events, which are uploaded by the user terminal through the browser, so that a user can only access the server and connect the internet through the browser, or else the user is completely isolated from the internet. Because the server only returns the web page images to a corresponding browser, the user terminal is not infected with viruses which are arranged internally in web pages. And because the user terminal can only receive the web page images, other mail boxes cannot be logged in to upload files and thus leakage of enterprise confidential data is effectively prevented and a safely-isolated network-surfing environment is built for enterprises.

Description

一种基于浏览器的安全上网隔离方法 A secure Internet browser-based isolation

背景技术 Background technique

[0001] 互联网是一把双刃剑,为企业提供丰富资源的同时,也为漏泄企业机密打开方便之门。 [0001] The Internet is a double edged sword, providing rich resources, but also open the door to leak corporate secrets.

[0002] 传统的双机隔离方式虽然能保障了数据的安全,但基于这种方法的硬件成本和维护成本增加,同时也为员工的操作带来不便。 [0002] The traditional approach, while dual isolation to protect the security of data, but this method is based on hardware costs and maintenance costs, but also brought inconvenience to the operating staff. 基于远程桌面模式的系统,员工操作性上有所改善,但也会增加维护成本,例如有一个员工不小心下了个病毒,整个系统都会受到影响,同时如果有一个员工使用大量下载,也会影响到其它员工的上网行为。 Based System Remote Desktop mode, the operational staff has improved, but also increase maintenance costs, for example, an employee accidentally got a virus, the entire system will be affected, and if there is a large number of downloads employees will online behavior affects other employees.

发明内容 SUMMARY

[0003] 本发明涉及一种基于浏览器的安全上网隔离方法。 [0003] The present invention relates to an isolation method based on Internet security browser.

发明内容 SUMMARY

[0004] 本发明提供一种基于浏览器的安全上网隔离方法,可以为企业员工的上网行为带来便利的同时,能有效保护企业的机密数据,不会感染内置于网页中的病毒。 [0004] The present invention provides a secure Internet browser-based isolation methods, can bring convenience for the online behavior of employees, can effectively protect confidential business data, built-in web pages will not be infected virus.

[0005] 本发明一种基于浏览器的安全上网隔离方法,具体包括如下步骤: [0005] The present invention is a secure Internet browser-based isolation method, includes the following steps:

步骤1、包括一服务器,该服务器装设至少两个网卡,其中第一网卡可连接至互联网,另有第二网卡连接内网至少一个用户终端,该第二网卡仅接收用户终端通过浏览器发送过来的数据,所有其他数据均丢弃,该用户终端装设有具有浏览器功能的应用; Step 1, comprising a server, the server at least two network cards installed, wherein the first network adapter can be connected to the Internet, another network card connected to a second network at least one user terminal, the second card to receive only the user terminal transmits a browser over the data, all other data are discarded, the user terminal application mounted with having a browser function;

步骤2、启动用户终端的浏览器,通过浏览器上传URL地址到服务器; Step 2, the terminal user starts the browser, the URL address uploaded to the server through a browser;

步骤3、服务器对URL地址进行过滤,与数据库存储的应阻止的URL地址进行匹配,若匹配成功,则返回错误信息至用户终端,若不匹配,则进入互联网根据该URL地址请求对应网页,将互联网返回的网页进行图片生成,并将该网页图像返回给用户终端的浏览器显示;步骤4、该用户终端仅接收来自键盘和鼠标的事件,当用户终端接收到相应的事件后,把事件发生的位置坐标和事件代码传给服务器,服务器将事件发生的位置坐标和事件代码结合网页图像进行分析,直至用户终端上网请求结束; Step 3, the server URL address filtering, matched with the URL stored in the database should be blocked, if the matching is successful, an error message is returned to the user terminal, if not match, access to the Internet based on the request URL address corresponding to the page, the Internet web pages returned by image generation, and returns the image to the web browser to display the user terminal; a step 4, the user terminal receives events from keyboard and mouse, when the user terminal receives the corresponding event, the event position coordinates and event code to the server, the server and the position coordinates of the binding events event code page image is analyzed, until a user requests access terminal end;

步骤5、当服务器分析到是执行原网页打开下一层网页的请求时,通过浏览器上传事件发生的位置获取对应的URL地址,并返回步骤3 ; Step 5, when the location server analyzes to be performed at the original page request to open one page, the browser uploading event corresponding to the acquired URL address, and returns to step 3;

步骤6、当服务器分析到是下载文件的请求时,服务器会把互联网对应的文件下载到服务器内,待下载完成后,再籍由用户终端与服务器的会话,单向传递给相应的用户终端,然后返回步骤4。 Step 6, when the server analyzes the request is to download a file, the server will download the file to the Internet corresponding to the server, until the download is complete, then the session membership by the user terminal and the server, one-way transmission to the corresponding user terminal, then returns to step 4.

[0006] 采用本发明的方法后,所有用户的上网行为都统一在服务器内完成,服务器向用户终端只传输处理后的网页图像和从互联网下载的文件数据,并且服务器只接受用户终端通过浏览器上传的键盘和鼠标事件,使得用户仅能通过浏览器访问服务器并连接至互联网,否则与互联网完全隔离;由于服务器仅返回网页图像至对应的浏览器,使得用户终端不会感染内置于网页中的病毒;并且由于用户终端只能接收网页图像,这样就无法登录其他的邮箱上传文件,有效地防止企业机密数据的外泄,为企业营造一个安全隔离的上网环境。 [0006] With the method according to the present invention, Internet behavior of all users are unified within the server, and the server to the user terminal only transmits the page image processing and file data downloaded from the Internet, and the server only accepts the user terminal through the browser Upload your keyboard and mouse events, and only allows users to access the server through a browser connected to the Internet, or the Internet completely isolated; because the server returns only pages corresponding to the image browser that does not infect the user terminal built in web pages viruses; and because the user terminal can only receive the page image, so you can not log in to another mailbox upload files, effectively preventing the leakage of confidential corporate data, for enterprises to create a secure environment isolated from the Internet. 附图说明 BRIEF DESCRIPTION

[0007] 图1为本发明的工作原理示意图。 [0007] FIG. 1 is a schematic view of the working principle of the present invention.

[0008] 以下结合附图和具体实施例对本发明做进一步详述。 [0008] The following Examples in conjunction with the accompanying drawings and specific embodiments of the present invention is further described in detail.

具体实施方式 Detailed ways

[0009] 如图1所示,本发明一种基于浏览器的安全上网隔离方法,具体包括如下步骤: 步骤1、包括一服务器,该服务器装设至少两个网卡,其中第一网卡可连接至互联网,另 [0009] As shown, the present invention provides a secure internet browser-based isolation method specifically comprises the following steps 1: Step 1, comprising a server, the server at least two network cards installed, which may be connected to the first card Internet, other

有第二网卡连接内网至少一个用户终端,该第二网卡仅接收用户终端通过浏览器发送过来的数据,所有其他数据均丢弃,该用户终端装设有具有浏览器功能的应用; A second card connected to the at least one user terminal network, the second card to receive only the data sent from the user terminal through the browser, all other data are discarded, the user terminal application mounted with having a browser function;

步骤2、启动用户终端的浏览器,通过浏览器上传URL地址到服务器; Step 2, the terminal user starts the browser, the URL address uploaded to the server through a browser;

步骤3、服务器对URL地址进行过滤,与数据库存储的应阻止的URL地址进行匹配,若匹配成功,则返回错误信息至用户终端,若不匹配,则进入互联网根据该URL地址请求对应网页,将互联网返回的网页进行图片生成,并将该网页图像返回给用户终端的浏览器显示;步骤4、该用户终端仅接收来自键盘和鼠标的事件,当用户终端接收到相应的事件后,把事件发生的位置坐标和事件代码传给服务器,服务器将事件发生的位置坐标和事件代码结合网页图像进行分析,直至用户终端上网请求结束; Step 3, the server URL address filtering, matched with the URL stored in the database should be blocked, if the matching is successful, an error message is returned to the user terminal, if not match, access to the Internet based on the request URL address corresponding to the page, the Internet web pages returned by image generation, and returns the image to the web browser to display the user terminal; a step 4, the user terminal receives events from keyboard and mouse, when the user terminal receives the corresponding event, the event position coordinates and event code to the server, the server and the position coordinates of the binding events event code page image is analyzed, until a user requests access terminal end;

步骤5、当服务器分析到是执行原网页打开下一层网页的请求时,通过浏览器上传事件发生的位置获取对应的URL地址,并返回步骤3 ; Step 5, when the location server analyzes to be performed at the original page request to open one page, the browser uploading event corresponding to the acquired URL address, and returns to step 3;

步骤6、当服务器分析到是下载文件的请求时,服务器会把互联网对应的文件下载到服务器内,待下载完成后,再籍由用户终端与服务器的会话,单向传递给相应的用户终端,然后返回步骤4。 Step 6, when the server analyzes the request is to download a file, the server will download the file to the Internet corresponding to the server, until the download is complete, then the session membership by the user terminal and the server, one-way transmission to the corresponding user terminal, then returns to step 4.

[0010] 本发明的重点在于:所有用户的上网行为都统一在服务器内完成,服务器向用户终端只传输处理后的网页图像和从互联网下载的文件数据,并且服务器只接受用户终端通过浏览器上传的键盘和鼠标事件,使得用户仅能通过浏览器访问服务器并连接至互联网,否则与互联网完全隔离;由于服务器仅返回网页图像至对应的浏览器,使得用户终端不会感染内置于网页中的病毒;并且由于用户终端只能接收网页图像,这样就无法登录其他的邮箱上传文件,有效地防止企业机密数据的外泄,为企业营造一个安全隔离的上网环境。 [0010] The focus of this invention is: online behavior of all users are unified in the server, and the server to the user terminal only transmits the page image processing and file data downloaded from the Internet, and the server will only accept user terminal uploaded through a browser the keyboard and mouse events, and only allows users to access the server through a browser connected to the Internet, or the Internet completely isolated; because the server returns only pages corresponding to the image browser so that the user terminal is not built-in web pages infected with virus ; and because the user terminal can only receive the page image, so you can not log in to another mailbox upload files, effectively preventing the leakage of confidential corporate data, for enterprises to create a secure environment isolated from the Internet.

[0011] 以上所述,仅是本发明较佳实施例而已,并非对本发明的技术范围作任何限制,故凡是依据本发明的技术实质对以上实施例所作的任何细微修改、等同变化与修饰,均仍属于本发明技术方案的范围内。 [0011] In the above, only the preferred embodiments of the present invention it is not any limit to the technical scope of the present invention, it is usually based on the technical essence any slight modification of the above embodiment of the present invention is made of embodiments, modifications and equivalents, It falls within the scope of the present invention.

Claims (1)

1.一种基于浏览器的安全上网隔离方法,其特征在于包括如下步骤: 步骤1、包括一服务器,该服务器装设至少两个网卡,其中第一网卡可连接至互联网,另有第二网卡连接内网至少一个用户终端,该第二网卡仅接收用户终端通过浏览器发送过来的数据,所有其他数据均丢弃,该用户终端装设有具有浏览器功能的应用; 步骤2、启动用户终端的浏览器,通过浏览器上传URL地址到服务器; 步骤3、服务器对URL地址进行过滤,与数据库存储的应阻止的URL地址进行匹配,若匹配成功,则返回错误信息至用户终端,若不匹配,则进入互联网根据该URL地址请求对应网页,将互联网返回的网页进行图片生成,并将该网页图像返回给用户终端的浏览器显示;步骤4、该用户终端仅接收来自键盘和鼠标的事件,当用户终端接收到相应的事件后,把事件发生的位置坐标和事 A secure Internet browser-based isolation method, comprising the following steps: Step 1, comprising a server, the server at least two network cards installed, wherein the first network adapter can be connected to the Internet, while the second NIC connecting at least one user terminal network, the second card to receive only the data sent from the user terminal through the browser, all other data are discarded, the user terminal application mounted with having a browser function; step 2, the user terminal starts browser, the browser URL address uploaded to the server; step 3, the server URL address filtering, matched with the URL stored in the database should be blocked, if the matching is successful, an error message is returned to the user terminal, if not matching, the access to the Internet address request to the corresponding web page according to the URL, the web page returned by the image generation Internet, and returns the image to the web browser to display the user terminal; a step 4, the user terminal receives events from keyboard and mouse, when after the user terminal receives the corresponding event, the position coordinate events and events 件代码传给服务器,服务器将事件发生的位置坐标和事件代码结合网页图像进行分析,直至用户终端上网请求结束; 步骤5、当服务器分析到是执行原网页打开下一层网页的请求时,通过浏览器上传事件发生的位置获取对应的URL地址,并返回步骤3 ; 步骤6、当服务器分析到是下载文件的请求时,服务器会把互联网对应的文件下载到服务器内,待下载完成后,再籍由用户终端与服务器的会话,单向传递给相应的用户终端,然后返回步骤4。 The code member to the server, the server and the position coordinates of the binding events event code page image is analyzed, until a user requests access terminal end; Step 5, when the server is to perform analysis of the original web page request to open one by location browser upload events to obtain the corresponding URL address, and return to step 3; step 6, when the server is to analyze a request to download a file, the server will download the file to the Internet in the corresponding server, until the download is complete, then membership by the session the user terminal and a server, one-way transmission to the corresponding user terminal, then returns to step 4.
CN201410183713.6A 2014-05-04 2014-05-04 Safe network-surfing isolation method based on browser CN103997487A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410183713.6A CN103997487A (en) 2014-05-04 2014-05-04 Safe network-surfing isolation method based on browser

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410183713.6A CN103997487A (en) 2014-05-04 2014-05-04 Safe network-surfing isolation method based on browser

Publications (1)

Publication Number Publication Date
CN103997487A true CN103997487A (en) 2014-08-20

Family

ID=51311494

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410183713.6A CN103997487A (en) 2014-05-04 2014-05-04 Safe network-surfing isolation method based on browser

Country Status (1)

Country Link
CN (1) CN103997487A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610791A (en) * 2015-01-06 2016-05-25 北京志翔科技股份有限公司 Network access method and device
CN106446617A (en) * 2016-09-21 2017-02-22 河南科技大学 Static webpage access method with active file protection function

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1494429A2 (en) * 2003-06-30 2005-01-05 Nokia Corporation Method for implementing secure corporate communication
CN101083607A (en) * 2006-05-30 2007-12-05 倪海生 Internet accessing server for inside and outside network isolation and its processing method
CN101477364A (en) * 2008-12-29 2009-07-08 上海昊沧系统控制技术有限责任公司 Forwarding data system between system databases
CN101626368A (en) * 2008-07-11 2010-01-13 中联绿盟信息技术(北京)有限公司 Device, method and system for preventing web page from being distorted
US20100217520A1 (en) * 2001-07-31 2010-08-26 Roger Maria Stenbock Process For Generating Computer Flight Plans on the Internet
CN101854335A (en) * 2009-03-30 2010-10-06 华为技术有限公司 Method, system and network device for filtration
CN102402620A (en) * 2011-12-26 2012-04-04 余姚市供电局 Method and system for defending malicious webpage
CN202261380U (en) * 2011-09-23 2012-05-30 Tcl集团股份有限公司 Network security system
CN103209414A (en) * 2012-01-13 2013-07-17 腾讯科技(深圳)有限公司 Method, device and mobile terminal for web access control
WO2013112931A1 (en) * 2012-01-27 2013-08-01 Google Inc. Fraud protection for online and nfc purchases
CN103414716A (en) * 2013-08-09 2013-11-27 厦门天锐科技有限公司 Method for restricting website visiting of browser

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100217520A1 (en) * 2001-07-31 2010-08-26 Roger Maria Stenbock Process For Generating Computer Flight Plans on the Internet
EP1494429A2 (en) * 2003-06-30 2005-01-05 Nokia Corporation Method for implementing secure corporate communication
CN101083607A (en) * 2006-05-30 2007-12-05 倪海生 Internet accessing server for inside and outside network isolation and its processing method
CN101626368A (en) * 2008-07-11 2010-01-13 中联绿盟信息技术(北京)有限公司 Device, method and system for preventing web page from being distorted
CN101477364A (en) * 2008-12-29 2009-07-08 上海昊沧系统控制技术有限责任公司 Forwarding data system between system databases
CN101854335A (en) * 2009-03-30 2010-10-06 华为技术有限公司 Method, system and network device for filtration
CN202261380U (en) * 2011-09-23 2012-05-30 Tcl集团股份有限公司 Network security system
CN102402620A (en) * 2011-12-26 2012-04-04 余姚市供电局 Method and system for defending malicious webpage
CN103209414A (en) * 2012-01-13 2013-07-17 腾讯科技(深圳)有限公司 Method, device and mobile terminal for web access control
WO2013112931A1 (en) * 2012-01-27 2013-08-01 Google Inc. Fraud protection for online and nfc purchases
CN103414716A (en) * 2013-08-09 2013-11-27 厦门天锐科技有限公司 Method for restricting website visiting of browser

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610791A (en) * 2015-01-06 2016-05-25 北京志翔科技股份有限公司 Network access method and device
CN106446617A (en) * 2016-09-21 2017-02-22 河南科技大学 Static webpage access method with active file protection function

Similar Documents

Publication Publication Date Title
US8739265B2 (en) System and method of sort-order preserving tokenization
Quick et al. Cloud storage forensics
US20110083181A1 (en) Comprehensive password management arrangment facilitating security
Garfinkel Digital media triage with bulk data analysis and bulk_extractor
CN102546576B (en) One kind of pages linked to horse detection and prevention methods, systems, and corresponding code extraction method
Zairis et al. 835-6 The effect of a calcium sensitizer or an inotrope or none in chronic low output decompensated heart failure: Results from the calcium sensitizer or inotrope or none in low output heart failure study (CASINO)
US20130275579A1 (en) Service compliance enforcement using user activity monitoring and work request verification
Hope et al. Web security testing cookbook: Systematic techniques to find problems fast
US8856874B2 (en) Method and apparatus for serving content elements of a markup language document protected against cross-site scripting attack
JP5063258B2 (en) System, method and computer program for recording operation log
US9160756B2 (en) Method and apparatus for protecting markup language document against cross-site scripting attack
CN102918533A (en) Claim based content reputation service
US9213837B2 (en) System and method for detecting malware in documents
CN103701805B (en) The method of detecting weak password and network device
CN102724044A (en) Electronic evidence verification and preservation method
Castiglione et al. Security and privacy issues in the Portable Document Format
Joseph Aspergillosis in raptors
CN105117624A (en) Recognition system and method of user system based on face recognition
Razowski Tortricidae (Lepidoptera) from South Africa. 6: Chorisstoneura Hubner and Procrica Diakonoff
Bascom et al. Magnetic field management considerations for underground cable duct bank
Anderson et al. Seven deadliest USB attacks
Arivoli et al. Larvicidal efficacy of Cleistanthus collinus (Roxb.)(Euphorbiaceae) leaf extracts against vector mosquitoes (Diptera: Culicidae)
Chen A modified cockroach swarm optimization
Ward et al. Accountability and dignity: Ethical issues in forensic and correctional practice
Chang Is your computer secure?

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
WD01