CN104079575A

CN104079575A - Home network security management method and device and system

Info

Publication number: CN104079575A
Application number: CN201410313151.2A
Authority: CN
Inventors: 宁敢
Original assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Priority date: 2014-07-02
Filing date: 2014-07-02
Publication date: 2014-10-01

Abstract

The invention relates to a home network security management method and device and a system. The method includes the steps of conducting security scanning on a home network so as to obtain network connection information of all terminals in the home network and network configuration information of gateway devices, confirming whether unknown terminals have access to the home network or no according to the network connection information of all the terminals, conducting security management configuration on the unknown terminals if the unknown terminals have access to the home network so that the unknown terminals can be allowed or refused to have access to the home network, detecting the network configuration information to obtain a detection result, and conducting security set operation on the gateway devices according to the detection result. According to the technical scheme, security vulnerabilities can be effectively checked, resource occupancy and/or security threats caused when unknown devices have access to the network can be effectively avoided, and the security defense capacity of the home network is improved.

Description

Home network security management method, Apparatus and system

Technical field

The present invention relates to a kind of computer realm, particularly relate to a kind of home network security management method, Apparatus and system.

Background technology

Home network refers to by gateway device the function and application of public network is extended to family, construct wired or wireless environment, connect various terminals (as household electrical appliances, mobile phone, panel computer, desktop computer etc.), realize in family multi-section calculating, control, monitoring and communication equipment and be connected with integrated, reach the information circulation between portion's terminal and external public network and household internal terminal and shared within the family.Because home network is connected with external public network, people are having benefited from life that home network brings simultaneously easily, and home network also can be subject to the security threat of external public network.I.e. popularizing and development along with fail-safe software, lawless person does evil and becomes more and more difficult on common computer, therefore a lot of lawless persons transfer sight to invest the family expenses WiFi in home network (WIreless-Fidelity, Wireless Fidelity) router.In recent years, the attack in force event for family expenses WiFi router both domestic and external emerges in an endless stream.Such as certain year, certain state-owned millions of router is infected.And in recent years occur in domestic extensive router attack, had at least DNS (Do main Name System, the i.e. domain name analysis system) setting of ten million platform WiFi router to be tampered.

In prior art, be generally that user carries out autonomous security configuration to the gateway device in home network, take precautions against gateway device and be broken or occur rubbing net phenomenon, user can take precautions against by the access pin that logs in the wireless network in password and/or access home network of frequent replacing gateway device.Existing this by the autonomous safety precaution scheme of user, user very easily forgets autonomous security configuration in actual applications, causes home network security defence capability lower, can not effectively ensure the safety in utilization of home network.

Summary of the invention

In view of the above problems, propose the present invention so that a kind of home network security management method, Apparatus and system that overcomes the problems referred to above or address the above problem is at least in part provided, be convenient to the safety management of home network, improved the fail safe of home network.

According to first aspect of the present invention, a kind of home network security management method is provided, comprising:

Home network is carried out to security sweep, obtain the network connection information of each terminal and the network configuration information of gateway device in described home network, wherein, the one or more described terminal that described home network comprises one or more described gateway devices and is connected with each described gateway device;

According to the network connection information of described each terminal, determine in described home network, whether to have access to unknown terminal;

If have access to unknown terminal in described home network, described unknown terminal is carried out to safety management configuration, to allow or to refuse described unknown terminal and access described home network;

Described network configuration information is detected, draw testing result;

According to described testing result, described gateway device is carried out to safe setting operation.

Optionally, aforesaid home network security management method, wherein, described network configuration information comprises: any one or more in DNS setting, administrator password, wireless network access pin, far-end WEB administration configuration and the configuration of isolated area host services that the domain name analysis system DNS of wide area network wan interface arranges, DynamicHost arranges protocol DHCP; Accordingly,

Described described network configuration information is detected, draws testing result, comprising:

The DNS of described wan interface is arranged and detected, show that the DNS of described wan interface arranges the testing result whether being tampered; And/or

The DNS of described DHCP is arranged and detected, show that the DNS of described DHCP arranges the testing result whether being tampered; And/or

Described administrator password is detected, show whether described administrator password is the testing result of the weak password that level of security is low; And/or

Wireless network access pin is detected, show whether described wireless network access pin is the testing result of the weak password that level of security is low; And/or

Far-end WEB administration configuration is detected, draw the testing result of whether having opened far-end WEB management; And/or

Described isolated area host services configuration is detected, draw the testing result of whether having opened isolated area host services.

Optionally, aforesaid home network security management method, wherein, described according to described testing result, described gateway device is carried out to safe setting operation, be specially:

The testing result being tampered is set according to the DNS of described wan interface, the DNS of the described wan interface being tampered is arranged and repairs operation; And/or

The testing result being tampered is set according to the DNS of described DHCP, the DNS of the described DHCP being tampered is arranged and repairs operation; And/or

Be the testing result of the weak password that level of security is low according to described administrator password, again described administrator password arranged, be set to described administrator password the strong cipher that level of security is high; And/or

The testing result that is the weak password that level of security is low according to described wireless network access pin, arranges described wireless network access pin again, is set to described wireless network access pin the strong cipher that level of security is high; And/or

According to described testing result of opening far-end WEB management, close described far-end WEB management; And/or

According to described testing result of opening isolated area host services, close isolated area host services.

Optionally, aforesaid home network security management method, wherein, describedly carries out safety management configuration to described unknown terminal, comprising:

Generate unknown terminal access prompting, so that user triggers corresponding operational order according to described unknown terminal access prompting;

The operational order triggering according to the described user who receives, disconnects the described unknown terminal of the described home network of access or allows described unknown terminal to maintain current network connection status.

Optionally, aforesaid home network security management method, also comprises:

Monitor the networking speed information of each terminal in described home network, and generate the network speed presentation information of the networking speed information of each terminal and correspondence.

Optionally, aforesaid home network security management method, also comprises:

Receive the first data message that in described home network, arbitrary described terminal is uploaded;

Described the first data message is stored, so that the other-end in described home network reads or downloads.

Optionally, aforesaid home network security management method, also comprises:

Download and/or the reading times of each first data message of statistics storage;

According to statistics number, described the first data message is sorted, and generate the seniority among brothers and sisters presentation information that includes described the first data message mark and corresponding sequence.

Optionally, aforesaid home network security management method, also comprises:

Receive the second data message that arbitrary described terminal in described home network is sent to another terminal in described home network, wherein, in described the second data message, carry the mark of described another terminal;

Described the second data message is forwarded to terminal corresponding to described mark.

Optionally, aforesaid home network security management method, also comprises:

The accessible wireless network of search, and obtain the wireless network name searching;

Polling of radio network access pin storehouse, if find the access pin of wireless network corresponding to described wireless network name in described wireless network access pin storehouse, generate the network insertion password presentation information of described wireless network name and corresponding access pin;

Wherein, in described wireless network access pin storehouse, store the access pin of the wireless network of wireless network name and correspondence, the access pin of the wireless network of described wireless network name and correspondence is reported and is stored in by network by user in described wireless network access pin storehouse.

According to second aspect of the present invention, a kind of home network security management devices is provided, comprising:

Acquisition module, for home network is carried out to security sweep, obtain the network connection information of each terminal and the network configuration information of gateway device in described home network, wherein, the one or more described terminal that described home network comprises one or more described gateway devices and is connected with each described gateway device;

Determination module, for according to the network connection information of described each terminal, determines in described home network, whether to have access to unknown terminal;

Safety management configuration module, in the time that described home network has access to unknown terminal, carries out safety management configuration to described unknown terminal, to allow or to refuse described unknown terminal and access described home network;

Detection module, for described network configuration information is detected, draws testing result;

Safety arranges module, for according to described testing result, described gateway device is carried out to safe setting operation.

Optionally, aforesaid home network security management devices, wherein, described network configuration information comprises: any one or more in DNS setting, administrator password, wireless network access pin, far-end WEB administration configuration and the configuration of isolated area host services that the domain name analysis system DNS of wide area network wan interface arranges, DynamicHost arranges protocol DHCP; Accordingly,

Described detection module specifically for:

Optionally, aforesaid home network security management devices, wherein, described safety arranges module, specifically for:

Optionally, aforesaid home network security management devices, wherein, described safety management configuration module, comprising:

Generation unit, in the time that described home network has access to unknown terminal, generates unknown terminal access prompting, so that user triggers corresponding operational order according to described unknown terminal access prompting;

Security configuration performance element, for the operational order triggering according to the described user who receives, disconnects the described unknown terminal of the described home network of access or allows described unknown terminal to maintain current network connection status.

Optionally, aforesaid home network security management devices, also comprises:

Monitoring modular, for monitoring the networking speed information of the each terminal of described home network, and generates the network speed presentation information of each terminal and corresponding networking speed information.

Optionally, aforesaid home network security management devices, also comprises:

The first receiver module, the first data message of uploading for receiving the arbitrary described terminal of described home network;

Memory module, for storing described the first data message, so that the other-end in described home network reads or downloads.

Optionally, aforesaid home network security management devices, also comprises:

Statistical module, for adding up download and/or the reading times of each the first data message of storage;

Order module, for according to statistics number, sorts to described the first data message, and generates the sequence presentation information that includes described the first data message mark and corresponding sequence.

Optionally, aforesaid home network security management devices, also comprises:

The second receiver module, is sent to the second data message of another terminal in described home network for receiving the arbitrary described terminal of described home network, wherein, carry the mark of described another terminal in described the second data message;

Forwarding module, for being forwarded to terminal corresponding to described mark by described the second data message.

Optionally, aforesaid home network security management devices, also comprises:

Search module, for searching for accessible wireless network, and obtains the wireless network name searching;

Enquiry module, for polling of radio network access pin storehouse, when find the access pin of wireless network corresponding to described wireless network name in described wireless network access pin storehouse time, generate the network insertion password presentation information of described wireless network name and corresponding access pin;

According to the 3rd aspect of the present invention, a kind of domestic network system is provided, comprising: one or more described gateway devices, the one or more described terminal and the home network security management devices that are connected with each described gateway device;

Wherein, described home network security management devices, comprising:

By technique scheme, the technical scheme that the embodiment of the present invention provides at least has following advantages:

Technical scheme provided by the invention is obtained the network connection information of each terminal and the encrypted message of the network equipment in home network by scanning, can obtain the connection status of each accessing terminal to network in home network, can also determine simultaneously and in home network, whether have access to unknown terminal, be convenient to the safety management of home network, and can effectively avoid the resource occupation and/or the security threat that in unknown device access home network, bring, not only realize the comprehensive health check-up that home network is carried out, also realize the monitoring of the each terminal connection state to whole home network, and then effectively prevent hacker attacks home network and the information leakage that causes, steal the generation of the situations such as brush Net silver, in addition, by the network configuration information of gateway device is carried out to fail safe detection, can monitor the safe facilities of gateway device, can effectively investigate security breaches, for user provides the safety of gateway device, function is set, has further improved the Prevention-Security ability of home network.

Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to better understand technological means of the present invention, and can be implemented according to the content of specification, below with preferred embodiment of the present invention and coordinate accompanying drawing to be described in detail as follows.

Brief description of the drawings

By reading below detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skill in the art.Accompanying drawing is only for the object of preferred implementation is shown, and do not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:

Fig. 1 shows the schematic flow sheet of the home network security management method that the embodiment of the present invention one provides;

Fig. 2 shows in the home network security management method that the embodiment of the present invention one provides and realizes the shared method flow schematic diagram of inter-terminal data;

Fig. 3 shows a kind of structural representation of realizing of the home network security management devices that the embodiment of the present invention two provides;

Fig. 4 shows the structural representation of safety management configuration module in the home network security management devices that the embodiment of the present invention two provides;

Fig. 5 shows the structural representation that the another kind of the home network security management devices that the embodiment of the present invention two provides is realized;

Fig. 6 shows the structural representation of the domestic network system that the embodiment of the present invention two provides.

Embodiment

For making object, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.

The schematic flow sheet of the home network security management method that as shown in Figure 1, the embodiment of the present invention one provides.The described home network security management method that the present embodiment one provides, comprising:

Step 101, home network is carried out to security sweep, obtain the network connection information of each terminal and the network configuration information of gateway device in described home network.

Wherein, the one or more described terminal that described home network comprises one or more described gateway devices and is connected with each described gateway device.In actual applications, the majority of the gateway device in described home network is router.Accordingly, the described encrypted message of described gateway device comprises the access pin that enters the administrator password of described router management interface and/or access the wireless network that described router provides.

The network configuration information of the gateway device in home network comprises: WAN (Wide Area Network, wide area network) DNS of DNS, DHCP (Dynamic Host Configuration Protocol, DynamicHost arranges agreement) of interface; Described network configuration information also can comprise following one of at least: whether administrator password is that whether weak password, the far-end WEB management that level of security is low opens, whether isolated area host services opens, wireless network secure configuration parameter.Wherein, wireless network secure configuration parameter comprises: the mode that whether wireless network is opened, whether wireless network password arranges, wireless network is opened.

The present embodiment, by obtaining the network connection information of each terminal in described home network, can obtain the annexation of each terminal in home network, and the access state of access home network, is convenient to the follow-up safety management to home network; In addition, the present embodiment can adopt existing security sweep technology to obtain the network configuration information of gateway device in described home network, the object of obtaining network configuration information is to detect for the follow-up potential safety hazard that gateway device is existed, with the fail safe that helps user to improve gateway device in home network, further strengthen the difficulty of breaking through of gateway device.

Step 102, according to the network connection information of described each terminal, determine in described home network, whether to have access to unknown terminal.

When specific embodiment, the present embodiment can be by judging whether the terminal iidentification carrying in described network connection information has access to unknown terminal in whether determining described home network in trust end message storehouse.For example:

Judge that terminal iidentification that the network connection information of described each terminal carries is whether all in described trust end message storehouse;

If there is the not terminal iidentification in described trust end message storehouse, determine and in described home network, have access unknown terminal, and terminal corresponding to terminal iidentification in described trust end message storehouse is not unknown terminal;

If all in described trust end message storehouse, determine and in described home network, do not access unknown terminal.

Wherein, in described trust end message storehouse, store the terminal iidentification that is set to trust terminal.

If have access to unknown terminal in the described home network of step 103, described unknown terminal is carried out to safety management configuration, to allow or to refuse described unknown terminal and access described home network.

In the time of specific implementation, this step can adopt following steps to realize:

First, if having access to unknown terminal in described home network, generate unknown terminal access prompting, so that user triggers corresponding operational order according to described unknown terminal access prompting.

For example, described unknown terminal access prompting, except including unknown terminal access prompting message, also includes corresponding operational order button.User can trigger corresponding operational order button by man-machine interaction circle interface, so that described unknown terminal is carried out to corresponding security configuration.As, described operational order button comprises: trust the first button of this unknown terminal, and distrust the second button of this unknown terminal.

Then, the operational order triggering according to the described user who receives, disconnects the described unknown terminal of the described home network of access or allows described unknown terminal to maintain current network connection status.

For example, in the time that user triggers " trusting the first button of this unknown terminal ", allow described unknown terminal to maintain current network connection status; In the time that user triggers " distrusting the second button of this unknown terminal ", disconnect the described unknown terminal of the described home network of access.

Step 104, described network configuration information is detected, draw testing result.

Wherein, described network configuration information comprises: any one or more in DNS setting, administrator password, wireless network access pin, far-end WEB administration configuration and the configuration of isolated area host services that the domain name analysis system DNS of wide area network wan interface arranges, DynamicHost arranges protocol DHCP.

In specific implementation, after the DNS of wan interface and the DNS of DHCP are tampered, can cause very large potential safety hazard, below factor also may affect wireless network secure:

(1) administrator password of network access device is the weak password that level of security is low, if the password default (default username and the password of for example TP-link are admin) that administrator password uses network access device production firm to provide, or use the weak password that the level of security that is easily cracked is low (for example 123456,000000 etc.), once hacker has cracked the administrator password of network access device, the DNS of possibility changed network connection device arranges.

(2) open distal end web-based management if network access device has been opened far-end web-based management, just can be accessed this network access device on public network, and the DNS that the IP address of hacker by far-end can changed network connection device arranges.

(3) open isolated area host services, the machine of public network generally cannot connect the machine of Intranet under normal circumstances, if but open isolated area (demilitarized zone, DMZ) after host services, be set to after DMZ main frame by a machine in Intranet, the machine of public network also can connect the machine of Intranet, thereby by externally opening the machine of serving as springboard, attacks Intranet.

(4) wireless network secure configuration parameter arrange a little less than, if wireless network connection device has been opened wireless network, but password is not set, or use unsafe cipher authentication mode, for example cipher authentication mode is that WEP encrypts (wired equivalent privacy, Wired Equivalent Privacy), wireless network ratio is easier to stolen.

Therefore, this step specifically comprises:

Wherein, in above-mentioned steps, whether detection management password and wireless network access pin are that the method for the weak password that level of security is low can realize originally by all test specimens that comprise in contrast preset password Sample Storehouse.For example adopt with the following method and realize:

According to preset password Sample Storehouse, use successively test sample book in described password Sample Storehouse and described administrator password or wireless network access pin to compare, wherein, in described password Sample Storehouse, include at least one test sample book;

If include the test sample book identical with described administrator password or wireless network access pin in described password Sample Storehouse, described administrator password or wireless network access pin are the weak password that level of security is low.

Certainly, while not including the test sample book identical with described administrator password or wireless network access pin in described password Sample Storehouse in actual applications, the safe class of described administrator password or wireless network access pin can also be divided into multiple grades (as, in safe class, middle height, height, the highest etc.).For example: in the time not including the test sample book identical with described administrator password or wireless network access pin in described password Sample Storehouse, adopt default safe class to detect the complexity value cracking of the rule described administrator password of calculating or wireless network access pin, and according to the degree value that is difficult to drawing, generate corresponding testing result.Wherein, described default safe class detection rule can be that people is being made up of multiple logic determining programs of writing.

Or the present embodiment also can not adopt above-mentioned steps to realize, directly adopt default safe class to detect rule described administrator password or wireless network access pin are detected.

Step 105, according to described testing result, described gateway device is carried out to safe setting operation.

Wherein, this step is specially:

Here it should be noted that: above-mentioned according to described testing result, described gateway device is carried out to the step of safe setting operation except adopting above-mentioned obtaining automatically described gateway setting to be carried out safe setting operation after testing result, also can adopt the security breaches that gateway device exists described in the mode reminding user that presents information, so that user manually carries out safe setting to described gateway device, or user triggers the corresponding button of repairing on User Interface according to the described information that presents, one key triggers described gateway setting is carried out to corresponding safety setting.For example, method described in above-described embodiment, also comprises the steps:

According to described testing result, generate the safety instruction information that carries described testing result;

Receive the safety reparation instruction that user triggers according to described safety instruction information, and repair instruction to existing the configuration item of security breaches to repair operation according to described safety.

Wherein, described configuration item is the DNS setting that domain name analysis system DNS arranges, DynamicHost arranges protocol DHCP, administrator password, wireless network access pin, far-end WEB administration configuration or the configuration of isolated area host services of the wide area network wan interface that described in above-described embodiment, network configuration information comprises.

This step, by increasing above-mentioned steps, has realized the key repair function to gateway device, helps user's one key to solve gateway device (being wireless router) safety problem is set, and has easily made safe home network environment.

The technical scheme that the present embodiment provides is obtained the network connection information of each terminal and the encrypted message of the network equipment in home network by scanning, can obtain the connection status of each accessing terminal to network in home network, can also determine simultaneously and in home network, whether have access to unknown terminal, be convenient to the safety management of home network, and can effectively avoid the resource occupation (the net behavior of rubbing being commonly called as) and/or the security threat that in unknown device access home network, bring, not only realize the comprehensive health check-up that home network is carried out, also realize the monitoring of the each terminal connection state to whole home network, and then effectively prevent hacker attacks home network and the information leakage that causes, steal the generation of the situations such as brush Net silver, in addition, by the network configuration information of gateway device is carried out to fail safe detection, can monitor the safe facilities of gateway device, can effectively investigate security breaches, for user provides the safety of gateway device, function is set, has further improved the Prevention-Security ability of home network.

Further, in order more fully to manage home network, with the surf the Net information of shared network speed of each terminal in home network of observing that allows user can be real-time, the described method that above-described embodiment provides also can comprise the steps:

Further, carry out data sharing in order to facilitate in home network between each terminal, the described method that above-described embodiment provides can also comprise the steps, as shown in Figure 2:

Pass through above-mentioned steps, the present embodiment can be realized the data sharing between each terminal in home network, for example, user can upload the video information on the notebook computer in home network, other-end in home network, as intelligent TV set, can download or read this video information and play on intelligent TV set.

Further, the described method that the present embodiment provides also can comprise the steps, as shown in Figure 2:

The number of times that the present embodiment is downloaded and/or is read by the first data message of adding up each terminal and uploading, generates the seniority among brothers and sisters presentation information for presenting, to be pushed to user.

Further, the described method that above-described embodiment one provides, also comprises:

Pass through above-mentioned steps, the present embodiment can be realized the communication of two terminal rooms in home network, for example, in home network, use two users of different terminals can realize the mutual biography of information, and without using external the Internet network, increase the fail safe of communication, and then avoided the attack of rogue program in external the Internet.

By above-mentioned steps, the present embodiment can be realized the prompting function of wireless network access pin, and for example, the free wireless network that has the businessman that can access to provide around, can offer user by the access pin of this free wireless network timely by above-mentioned steps.Here it should be noted that: the access pin of these free wireless networks can be that user is uploaded and shared by network.

It should be noted that: for aforesaid each embodiment of the method, for simple description, therefore it is all expressed as to a series of combination of actions, but those skilled in the art should know, the present invention is not subject to the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and related action and module might not be that the present invention is necessary.

The structural representation of the home network security management devices that as shown in Figure 3, the embodiment of the present invention two provides.The described home network security management devices that the present embodiment two provides can be realized the described method that above-described embodiment one provides.Wherein, the home network security management devices described in the present embodiment two comprises: acquisition module 1, determination module 2, safety management configuration module 3, detection module 4 and safety arrange module 5.Wherein, described acquisition module 1 is for carrying out security sweep to home network, obtain the network connection information of each terminal and the network configuration information of gateway device in described home network, wherein, the one or more described terminal that described home network comprises one or more described gateway devices and is connected with each described gateway device.Described determination module 2 is for according to the network connection information of described each terminal, determines in described home network, whether to have access to unknown terminal.Described safety management configuration module 3, in the time that described home network has access to unknown terminal, carries out safety management configuration to described unknown terminal, to allow or to refuse described unknown terminal and access described home network.Described detection module 4, for described network configuration information is detected, draws testing result.Described safety arranges module 5 for according to described testing result, and described gateway device is carried out to safe setting operation.

The technical scheme that the present embodiment provides is obtained the network connection information of each terminal and the encrypted message of the network equipment in home network by scanning, can obtain the connection status of each accessing terminal to network in home network, can also determine simultaneously and in home network, whether have access to unknown terminal, be convenient to the safety management of home network, and can effectively avoid the resource occupation and/or the security threat that in unknown device access home network, bring, not only realize the comprehensive health check-up that home network is carried out, also realize the monitoring of the each terminal connection state to whole home network, and then effectively prevent hacker attacks home network and the information leakage that causes, steal the generation of the situations such as brush Net silver, in addition, by the network configuration information of gateway device is carried out to fail safe detection, can monitor the safe facilities of gateway device, can effectively investigate security breaches, for user provides the safety of gateway device, function is set, has further improved the Prevention-Security ability of home network.

Further, described in above-described embodiment two, network configuration information comprises: any one or more in DNS setting, administrator password, wireless network access pin, far-end WEB administration configuration and the configuration of isolated area host services that the domain name analysis system DNS of wide area network wan interface arranges, DynamicHost arranges protocol DHCP.Accordingly, the detection module described in above-described embodiment two specifically for:

Further, the safety described in above-described embodiment arranges module, specifically for:

Safety management configuration module 3 described in above-described embodiment two can adopt the structure shown in Fig. 4 to realize.Concrete, described safety management configuration module 3 comprises: generation unit 31 and security configuration performance element 32.Wherein, described generation unit 31, in the time that described home network has access to unknown terminal, generates unknown terminal access prompting, so that user triggers corresponding operational order according to described unknown terminal access prompting.The operational order of described security configuration performance element 32 for triggering according to the described user who receives, disconnects the described unknown terminal of the described home network of access or allows described unknown terminal to maintain current network connection status.

Further, as shown in Figure 5, the described device that above-described embodiment two provides also comprises: monitoring modular 5.Described monitoring modular 5 is for monitoring the networking speed information of the each terminal of described home network, and generates the network speed presentation information of each terminal and corresponding networking speed information.

As shown in Figure 5, the described device that above-described embodiment two provides also comprises: the first receiver module 6 and memory module 7.The first data message that the first receiver module 6 is uploaded for receiving the arbitrary described terminal of described home network.Memory module 7 is for storing described the first data message, so that the other-end in described home network reads or downloads.

Further, described device also comprises: statistical module 8 and order module 9.Wherein, described statistical module 8 is for adding up download and/or the reading times of each the first data message of storage.Described order module 9, for according to statistics number, sorts to described the first data message, and generates the sequence presentation information that includes described the first data message mark and corresponding sequence.

Further, as shown in Figure 5, the device described in above-described embodiment also comprises: the second receiver module 10 and forwarding module 11.Wherein, the second receiver module 10 is sent to the second data message of another terminal in described home network for receiving the arbitrary described terminal of described home network, wherein, carries the mark of described another terminal in described the second data message.Described forwarding module 11 is for being forwarded to terminal corresponding to described mark by described the second data message.

Further, as shown in Figure 5, the device described in above-described embodiment also comprises: search module 12 and enquiry module 13.Wherein, described search module 12 is for searching for accessible wireless network, and obtains the wireless network name searching.Described enquiry module 13 is for polling of radio network access pin storehouse, when find the access pin of wireless network corresponding to described wireless network name in described wireless network access pin storehouse time, generate the network insertion password presentation information of described wireless network name and corresponding access pin.Wherein, in described wireless network access pin storehouse, store the access pin of the wireless network of wireless network name and correspondence, the access pin of the wireless network of described wireless network name and correspondence is reported and is stored in by network by user in described wireless network access pin storehouse.

The structural representation of the domestic network system that as shown in Figure 6, the embodiment of the present invention three provides.As shown in the figure, described domestic network system comprises: one or more described gateway devices 100, the one or more described terminal 200 and the home network security management devices that are connected with each described gateway device.Wherein, described gateway device 100 can be router.Described terminal 200 can be desktop computer, notebook computer, panel computer or mobile phone etc.Described home network security device can be hardware independently, if realize server of method described in above-described embodiment one etc.; Or described home network security device can be mounted in the application software in arbitrary one or more terminals in home network, as home network bodyguard etc.Concrete, the home network security device described in the present embodiment comprises: acquisition module, determination module, safety management configuration module, detection module and safety arrange module.Wherein, described acquisition module is for carrying out security sweep to home network, obtain the network connection information of each terminal and the network configuration information of gateway device in described home network, wherein, the one or more described terminal that described home network comprises one or more described gateway devices and is connected with each described gateway device.Described determination module is for according to the network connection information of described each terminal, determines in described home network, whether to have access to unknown terminal.Described safety management configuration module, in the time that described home network has access to unknown terminal, carries out safety management configuration to described unknown terminal, to allow or to refuse described unknown terminal and access described home network.Described detection module, for described network configuration information is detected, draws testing result.Described safety arranges module for according to described testing result, and described gateway device is carried out to safe setting operation.

The described home network security device that home network security device described in the present embodiment three can adopt above-described embodiment two to provide, specific implementation structure and principle can, referring to the related content in above-mentioned enforcement two, repeat no more herein.

The invention discloses A1, a kind of home network security management method, comprising:

Described network configuration information is detected, draw testing result;

A2, home network security management method as described in A1, described network configuration information comprises: any one or more in DNS setting, administrator password, wireless network access pin, far-end WEB administration configuration and the configuration of isolated area host services that the domain name analysis system DNS of wide area network wan interface arranges, DynamicHost arranges protocol DHCP; Accordingly,

A3, home network security management method as described in A2, described according to described testing result, described gateway device is carried out to safe setting operation, be specially:

A4, home network security management method as described in any one in A1～A3, describedly carry out safety management configuration to described unknown terminal, comprising:

A5, home network security management method as described in any one in A1～A3, also comprise:

A6, home network security management method as described in any one in A1～A3, also comprise:

A7, home network security management method as described in A6, also comprise:

A8, home network security management method as described in any one in A1～A3, also comprise:

A9, home network security management method as described in any one in A1～A3, also comprise:

The invention also discloses B1, a kind of home network security management devices, comprising:

B2, home network security management devices as described in B1, described network configuration information comprises: any one or more in DNS setting, administrator password, wireless network access pin, far-end WEB administration configuration and the configuration of isolated area host services that the domain name analysis system DNS of wide area network wan interface arranges, DynamicHost arranges protocol DHCP; Accordingly,

Described detection module specifically for:

B3, home network security management devices as described in B2, wherein, described safety arranges module, specifically for:

B4, home network security management devices as described in any one in B1～B3, wherein, described safety management configuration module, comprising:

B5, home network security management devices as described in any one in B1～B3, also comprise:

B6, home network security management devices as described in any one in B1～B3, also comprise:

B7, home network security management devices as described in B6, also comprise:

B8, home network security management devices as described in any one in B1～B3, also comprise:

B9, home network security management devices as described in any one in B1～B3, also comprise:

The invention also discloses C1, a kind of domestic network system, comprising: one or more described gateway devices, the one or more described terminal being connected with each described gateway device and the home network security management devices as described in any one in above-mentioned B1～B9.

In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part of detailed description, can be referring to the associated description of other embodiment.

Be understandable that the reference mutually of the correlated characteristic in said method and switch.In addition, " first ", " second " etc. in above-described embodiment are for distinguishing each embodiment, and do not represent the quality of each embodiment.

Those skilled in the art can be well understood to, for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, can, with reference to the corresponding process in preceding method embodiment, not repeat them here.

The algorithm providing at this is intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with demonstration.Various general-purpose systems also can with based on using together with this teaching.According to description above, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.It should be understood that and can utilize various programming languages to realize content of the present invention described here, and the description of above language-specific being done is in order to disclose preferred forms of the present invention.

In the specification that provided herein, a large amount of details are described.But, can understand, embodiments of the invention can be put into practice in the situation that there is no these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.

Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the above in the description of exemplary embodiment of the present invention, each feature of the present invention is grouped together into single embodiment, figure or sometimes in its description.But, the method for the disclosure should be construed to the following intention of reflection: the present invention for required protection requires than the more feature of feature of clearly recording in each claim.Or rather, as reflected in claims below, inventive aspect is to be less than all features of disclosed single embodiment above.Therefore, claims of following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.

Those skilled in the art are appreciated that and can the module in the equipment in embodiment are adaptively changed and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and can put them in addition multiple submodules or subelement or sub-component.At least some in such feature and/or process or unit are mutually repelling, and can adopt any combination to combine all processes or the unit of disclosed all features in this specification (comprising claim, summary and the accompanying drawing followed) and disclosed any method like this or equipment.Unless clearly statement in addition, in this specification (comprising claim, summary and the accompanying drawing followed) disclosed each feature can be by providing identical, be equal to or the alternative features of similar object replaces.

In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature instead of further feature included in other embodiment, the combination of the feature of different embodiment means within scope of the present invention and forms different embodiment.For example, in the following claims, the one of any of embodiment required for protection can be used with compound mode arbitrarily.

All parts embodiment of the present invention can realize with hardware, or realizes with the software module of moving on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that and can use in practice microprocessor or digital signal processor (DSP) to realize according to the some or all functions of the some or all parts in the home network security management devices of the embodiment of the present invention.The present invention can also be embodied as part or all equipment or the device program (for example, computer program and computer program) for carrying out method as described herein.Realizing program of the present invention and can be stored on computer-readable medium like this, or can there is the form of one or more signal.Such signal can be downloaded and obtain from internet website, or provides on carrier signal, or provides with any other form.

It should be noted above-described embodiment the present invention will be described instead of limit the invention, and those skilled in the art can design alternative embodiment in the case of not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed as element or step in the claims.Being positioned at word " " before element or " one " does not get rid of and has multiple such elements.The present invention can be by means of including the hardware of some different elements and realizing by means of the computer of suitably programming.In the unit claim of having enumerated some devices, several in these devices can be to carry out imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title by these word explanations.

Claims

1. a home network security management method, is characterized in that, comprising:

Described network configuration information is detected, draw testing result;

2. method according to claim 1, it is characterized in that, described network configuration information comprises: any one or more in DNS setting, administrator password, wireless network access pin, far-end WEB administration configuration and the configuration of isolated area host services that the domain name analysis system DNS of wide area network wan interface arranges, DynamicHost arranges protocol DHCP; Accordingly,

3. method according to claim 1 and 2, is characterized in that, also comprises:

4. method according to claim 1 and 2, is characterized in that, also comprises:

Described the first data message is stored, so that the other-end in described home network reads or downloads;

5. method according to claim 1 and 2, is characterized in that, also comprises:

6. method according to claim 1 and 2, is characterized in that, also comprises:

7. a home network security management devices, is characterized in that, comprising:

8. device according to claim 7, it is characterized in that, described network configuration information comprises: any one or more in DNS setting, administrator password, wireless network access pin, far-end WEB administration configuration and the configuration of isolated area host services that the domain name analysis system DNS of wide area network wan interface arranges, DynamicHost arranges protocol DHCP; Accordingly,

Described detection module specifically for:

9. according to the device described in claim 7 or 8, it is characterized in that, also comprise:

10. a domestic network system, it is characterized in that, comprising: the home network security management devices in one or more described gateway devices, the one or more described terminal being connected with each described gateway device and the claims 7～9 described in any one.