CN104378228B - Network data security manages system and method - Google Patents

Network data security manages system and method Download PDF

Info

Publication number
CN104378228B
CN104378228B CN201410522225.3A CN201410522225A CN104378228B CN 104378228 B CN104378228 B CN 104378228B CN 201410522225 A CN201410522225 A CN 201410522225A CN 104378228 B CN104378228 B CN 104378228B
Authority
CN
China
Prior art keywords
data packet
user
network
database
operation behavior
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410522225.3A
Other languages
Chinese (zh)
Other versions
CN104378228A (en
Inventor
陈中祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHANGHAI BINJIE INFORMATION TECHNOLOGY Co Ltd
Original Assignee
SHANGHAI BINJIE INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHANGHAI BINJIE INFORMATION TECHNOLOGY Co Ltd filed Critical SHANGHAI BINJIE INFORMATION TECHNOLOGY Co Ltd
Priority to CN201410522225.3A priority Critical patent/CN104378228B/en
Publication of CN104378228A publication Critical patent/CN104378228A/en
Application granted granted Critical
Publication of CN104378228B publication Critical patent/CN104378228B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of network data securities to manage system and method, and system includes:One management object setup module, the IP address and port numbers for choosing server are as management object;One packet capture module, for bypassing the data packet in acquisition network;One data packet analysis module, for carrying out unpacking processing to data packet, and analyze its destination address whether be choose server IP address, if so, data packet is stored into database, if it is not, making packet loss processing to data packet;One data packet sorting module obtains user key according to the destination address of data packet, the current operation behavior of user is parsed from the data after unpacking for being arranged to the data packet in database;One monitoring module, for judging whether current operation behavior exceeds the identity authority range of user, if then sending out alarm and blocking current operation behavior.The present invention can ensure that user will not get over limiting operation, ensure the safety of network system.

Description

Network data security manages system and method
Technical field
The present invention relates to a kind of network data securities to manage system and method.
Background technology
Existing network safety system be proposed that sensitive data to be protected is needed to implement protection in network system by user, but It is often after network system bulky complex, it is that sensitive data or user may be straight which data user, which can not specifically provide, It connects and assert that all data are all sensitive datas, network system can not just be managed well at this time, the developer of system, dimension Shield personnel, temporary technique support the operation of modification system or database, and you can't get effectively manage.
Invention content
The technical problem to be solved by the present invention is in order to overcome the nothing after network system excessively bulky complex in the prior art The defect that method manages the safety of network data well provides a kind of network data security management system and method.
The present invention is to solve above-mentioned technical problem by following technical proposals:
The present invention provides a kind of network data securities to manage system, and feature is, including:
One management object setup module, for (being interconnected between network from the IP for choosing at least one server in network Agreement) address and port numbers are as management object;
One packet capture module, for acquiring data packet all in network in bypass mode, each data packet is used In characterizing the user's operation behavior in network;
One data packet analysis module carries out unpacking processing for each data packet to acquisition, and analyzes the data packet Destination address whether be it is described management object setup module choose server IP address, if so, by the data packet It stores into database, if it is not, then making packet loss processing to the data packet;
One data packet sorting module, for being arranged to the data packet in the database, according to the data packet Destination address obtains user key, the unique identities of the user of current operation behavior is executed with identification, and from the data after unpacking In parse the current operation behavior of user;
One monitoring module, for judge user current operation behavior whether exceed user identity authority range, and Alarm is sent out when being judged as YES and blocks the current operation behavior of user.
Wherein, different user identity has different operating right ranges, can specifically be made by system according to actual conditions User carries out self-defined.
Preferably, the packet capture module is used to (divide by the Port Mirroring function of the network switch or using TAP Road device) shunt the mode gathered data packet monitored.
Preferably, the database be oracle database, Microsoft SQL Server databases, DB2 database, Sybase database, informix database or MySQL database (above-mentioned is the specific type and title of existing database).
Goodly, the data packet sorting module be used for according in data packet field characterize source address, destination address, make The current operation behavior of user is parsed with program name, operation table name, operation content, mode of operation.
Preferably, the network data security management system further includes a display module, for by internal queries or outside Portion's interface visually shows the monitored results of the monitoring module, and automatically generates the statistical report form of characterization monitored results.
It is an object of the invention to additionally provide a kind of network data security management method, feature is, utilizes upper The network data security management system stated is realized, is included the following steps:
S1, choose from network at least one server IP address and port numbers as management object;
S2, acquire all data packet in network in bypass mode, each data packet is used to the user in characterization network Operation behavior;
S3, unpacking processing is carried out to each data packet of acquisition, and whether the destination address for analyzing the data packet is step Rapid S1The IP address of the server of middle selection, if so, the data packet is stored into database, if it is not, then to the number Make packet loss processing according to packet;
S4, the data packet in the database is arranged, according to the destination address of the data packet obtain user it is close Key, the unique identities of the user of current operation behavior are executed with identification, and the current of user is parsed from the data after unpacking Operation behavior;
S5, judge whether the current operation behavior of user exceeds the identity authority range of user, and sent out when being judged as YES Go out alarm and blocks the current operation behavior of user.
Preferably, step S2In the Port Mirroring function of the network switch or using TAP shunting monitor by way of adopt Collect data packet.
Preferably, the database be oracle database, Microsoft SQL Server databases, DB2 database, Sybase database, informix database or MySQL database.
Preferably, step S4The middle source address characterized according to field in data packet, uses program name, operation at destination address Table name, operation content, mode of operation parse the current operation behavior of user.
Preferably, the network data security management system further includes a display module, step S5Further include a step later Rapid S6, the display module by internal queries or external interface by step S5In monitored results visually show, and it is automatic Generate the statistical report form of characterization monitored results.
The positive effect of the present invention is that:The present invention can carry out safety management to the network system of bulky complex, Ensure that user will not get over limiting operation, to ensure the safety of whole network system, ensures all business of network system all Normal operation.
Description of the drawings
Fig. 1 is a preferred embodiment of the present invention the module diagram of network data security management system.
Fig. 2 is a preferred embodiment of the present invention the flow chart of network data security management method.
Specific implementation mode
It is further illustrated the present invention below by the mode of embodiment, but does not therefore limit the present invention to the reality It applies among a range.
As shown in Figure 1, the network data security management system of the present invention includes a management object setup module 1, a data Packet acquisition module 2, a data packet analysis module 3, a data packet sorting module 4, a database 5, a monitoring module 6 and one are aobvious Show module 7.
The IP address of at least one server is chosen from network for the management object setup module 1 and port numbers are used as pipe Object is managed, to formulate safeguard rule as needed, determines the server ip for needing to supervise, port number information.The data packet Acquisition module 2 is real-time in the mode of bypass by the Port Mirroring function of the network switch or using modes such as TAP shunting monitorings Data packet all in network is acquired, each data packet characterizes the user's operation behavior in network, to enable the system to Know user's all operation behaviors that service server and database server interact in a network.In the present invention, for user Server involved when operation behavior is executed, this system can be converted into specifically according to the IP address of server Actual name, and actual name is shown so that system user can intuitively check the clothes involved by user's operation Business device title.Such as the server of the source message characterized in some operation behavior is " Intranet website application server ", target The server of message is " asset database server ", then will show above-mentioned specific name when system is particularly shown Claim, rather than the simply IP address of display server.
The data packet analysis module 3 then carries out unpacking processing to each data packet of acquisition, and analyzes the mesh of data packet Whether mark address is the IP address for the server that the management object setup module 1 is chosen, if so, think that its is eligible, The data packet is stored into the database 5, if it is not, then making packet loss processing to the data packet.The data packet arranges Module 4 then arranges the data packet in the database 5, and user key is obtained according to the destination address of the data packet (usbkey, private key and digital certificate for storing user), to identify the unique body for the user for executing current operation behavior Part, and the current operation behavior of user is parsed from the data after unpacking, the data packet sorting module 4 is with specific reference to data Field characterizes in packet source address, destination address are parsed using program name, operation table name, operation content, mode of operation etc. The current operation behavior of user.
Specifically, the present invention can determine the unique identities of user according to user key, and for executing operation behavior User directly displays its specific name, to intuitively show the User Detail of each operation behavior.In addition, from each The address name of each operation behavior can be completely parsed in data packet, the operating time, operate place, operation behavior, behaviour Make the information such as process, and the flow of complete set can be ranked up based on temporal information, so as to clearly illustrate stream The specifying information and sequencing of each operation behavior in journey, it is convenient to trace to the source operation behavior.Such as some volume Degree payment application event, completely flow is successively:User A carries out unit budget and executes review operation, user's B progress unit volumes Degree payment application operation, then the system of the present invention can show the name and its operation behavior of user A successively in chronological order, And face shows the name and its operation behavior of user B behind.
The then real-time monitoring data of the monitoring module 6, judges whether the current operation behavior of user exceeds the identity of user Extent of competence illustrates that user's operation behavior violates setting rule if being judged as YES, then sends out alarm and block that user's is current Operation behavior.Wherein, different user identity has different operating right ranges, the operation for limiting different identity user Behavior, can specifically be carried out by system user according to actual conditions it is self-defined, as identity A may only carry out read-only behaviour to database Make, identity B can then modify to database operation etc..
The display module 7 then can by the real time monitoring result of the monitoring module 6 by internal queries or external interface User depending on changing is showed, and according to user setting, automatically generates the statistical report form of characterization monitored results.By by user setting The management operating right range of database and operation system, this system monitors all operation settings according to the setting, to permission model Operation in enclosing is let pass, and the operation gone beyond one's commission is blocked, alerts and recorded.
Wherein, the database 5 can be oracle database, Microsoft SQL Server databases, DB2 data Library, sybase database, informix database or MySQL database.
In concrete practice, following functions may be implemented using the network data security management system of the present invention:
Financial operation key operation is audited:The each operation for accurately identifying business personnel, according to user-defined audit plan Design slightly, restores key business operation, application, review operation such as budget fund, and corresponding data field has the amount of money, behaviour Make people, operating time etc., business form data show auditing result according to the customary way of business personnel, and provide more Kind data query mode, also can be best understood by and use even without the business personnel of training, financial operation manager's energy The operating condition of operation system is enough understood by auditing by third party system.
Financial operation whole process is audited:The time of analysis operation system user login operation, place, operation system, operation The information such as content, and by the logical relation of operation system, the operation of user is associated, finally by the full life of business form The life period is restored, and is allowed manager to understand data original appearance of each business form in handling human hand and (including is handled specific Time, place, result etc.), it plays a key effect for the confirmation of responsibility of accident.
Financial operation critical data intelligently compares:The back-end data comparison engine of innovation, can while business operation, Automatically payment list is compared with bank's actual delivery list (including the amount of money, shroff account number, payee's name etc.), once Occur to compare exception, warning information is sent out by remote alarm interface, effectively prevents abnormal traffic data outflow financial system.
Operating audit and control:Judge whether user is logged in using usbkey, can be logged in if using usbkey and be System, if preventing to log in without if.
Database audit and control:According to the permission of currently logged on user, detect time of user's operation, place, account, Whether usbkey, operating right violate security strategy mandate, are blocked if with no authorized, if there is unauthorized operation row Also to be blocked.
Easy empowerment management mode:By unified mandate, certification, audit design, by cumbersome unordered rights management Job simplification, methodization, and the access rights such as developer, O&M service provider, maintenance personnel are finally determined by user, really do To outsourcing work without wrapped steel joint function.
Be free from risk deployment:With bypass mode, monitored by the Port Mirroring function of the network switch or using TAP shuntings etc. Mode is deployed in grid, does not influence network structure and performance, will not influence business audit device breaks down The normal operation of system, online technique are supported, provide remote technology guidance and maintenance work in real time.
As shown in Fig. 2, the network data security that the present invention is realized using the network data security management system of the present embodiment Management method includes the following steps:
Step 101, the IP address that at least one server is chosen from network and port numbers are as management object.
Step 102 acquires data packet all in network in bypass mode, and each data packet is used in characterization network User's operation behavior.
Step 103 carries out unpacking processing to each data packet of acquisition, and analyze the data packet destination address whether IP address for the server chosen in step 101, if so, the data packet is stored into database, if it is not, then to institute It states data packet and makees packet loss processing.
Step 104 arranges the data packet in the database, is obtained and is used according to the destination address of the data packet Family key, the unique identities of the user of current operation behavior are executed with identification, and parse user's from the data after unpacking Current operation behavior.
Step 105 judges whether the current operation behavior of user exceeds the identity authority range of user, and is being judged as YES When send out alarm and block the current operation behavior of user.
Step 106 visually shown the monitored results in step 105 by internal queries or external interface, and from The dynamic statistical report form for generating characterization monitored results.
Although specific embodiments of the present invention have been described above, it will be appreciated by those of skill in the art that these It is merely illustrative of, protection scope of the present invention is defined by the appended claims.Those skilled in the art is not carrying on the back Under the premise of from the principle and substance of the present invention, many changes and modifications may be made, but these are changed Protection scope of the present invention is each fallen with modification.

Claims (6)

1. a kind of network data security manages system, which is characterized in that including:
One management object setup module, the IP address and port numbers for choosing at least one server from network are as management Object;
One packet capture module, the packet capture module is by the Port Mirroring function of the network switch or using TAP The mode gathered data packet monitored is shunted, for acquiring data packet all in network in bypass mode, each data packet is used In characterizing the user's operation behavior in network;
One data packet analysis module carries out unpacking processing for each data packet to acquisition, and analyzes the mesh of the data packet Whether mark address is the IP address for managing the server that object setup module is chosen, if so, the data packet is stored Into database, if it is not, then making packet loss processing to the data packet;
One data packet sorting module, for being arranged to the data packet in the database, according to the target of the data packet Address obtains user key, and the unique identities of the user of current operation behavior are executed with identification, and display executes current operation behavior User specific name, and according in data packet field characterize source address, destination address, using program name, operation table name, Operation content, mode of operation parse the current operation behavior of user, the also operation based on user from the data after unpacking The temporal information of behavior is ranked up the flow of complete set;
One monitoring module for judging whether the current operation behavior of user exceeds the identity authority range of user, and is judging Alarm is sent out when to be and blocks the current operation behavior of user, wherein different user identity has different operating rights Range, the operation behavior for limiting different identity user.
2. network data security as described in claim 1 manages system, which is characterized in that the database is Oracle data Library, Microsoft SQL Server databases, DB2 database, sybase database, informix database or MySQL numbers According to library.
3. network data security as claimed in claim 1 or 2 manages system, which is characterized in that the network data security pipe Reason system further includes a display module, for by internal queries or external interface that the monitored results of the monitoring module are visual Change ground displaying, and automatically generates the statistical report form of characterization monitored results.
4. a kind of network data security management method, which is characterized in that it utilizes network data security as described in claim 1 Management system is realized, is included the following steps:
S1, choose from network at least one server IP address and port numbers as management object;
S2, acquire all data packet in network in bypass mode, each data packet is used to the user's operation row in characterization network For step S2In the Port Mirroring function of the network switch or using TAP shunting monitor by way of gathered data packet;
S3, unpacking processing is carried out to each data packet of acquisition, and whether the destination address for analyzing the data packet is step S1In The IP address of the server of selection, if so, the data packet is stored into database, if it is not, then making to the data packet Packet loss processing;
S4, the data packet in the database is arranged, according to the destination address of the data packet obtain user key, with Identification executes the unique identities of the user of current operation behavior, and display executes the specific name of the user of current operation behavior, and According in data packet field characterize source address, destination address, using program name, operation table name, operation content, mode of operation come The current operation behavior of user is parsed from the data after unpacking, also the temporal information of the operation behavior based on user is come to one Complete flow is covered to be ranked up;
S5, judge whether the current operation behavior of user exceeds the identity authority range of user, and alarm is sent out when being judged as YES And block the current operation behavior of user, wherein different user identity has different operating right ranges, for limiting not With the operation behavior of identity user.
5. network data security management method as claimed in claim 4, which is characterized in that the database is Oracle data Library, Microsoft SQL Server databases, DB2 database, sybase database, informix database or MySQL numbers According to library.
6. network data security management method as described in claim 4 or 5, which is characterized in that the network data security pipe Reason system further includes a display module, step S5Further include a step S later6, the display module pass through internal queries or outside Interface is by step S5In monitored results visually show, and automatically generate characterization monitored results statistical report form.
CN201410522225.3A 2014-09-30 2014-09-30 Network data security manages system and method Active CN104378228B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410522225.3A CN104378228B (en) 2014-09-30 2014-09-30 Network data security manages system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410522225.3A CN104378228B (en) 2014-09-30 2014-09-30 Network data security manages system and method

Publications (2)

Publication Number Publication Date
CN104378228A CN104378228A (en) 2015-02-25
CN104378228B true CN104378228B (en) 2018-07-13

Family

ID=52556906

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410522225.3A Active CN104378228B (en) 2014-09-30 2014-09-30 Network data security manages system and method

Country Status (1)

Country Link
CN (1) CN104378228B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105429779B (en) * 2015-10-28 2019-05-03 上海熙菱信息技术有限公司 A kind of network service data automatic identification system and method
CN106921631B (en) * 2015-12-25 2020-11-06 北京奇虎科技有限公司 Data display method and device
CN105704153B (en) * 2016-03-30 2020-02-07 中国联合网络通信集团有限公司 Method and system for tracking network access information in real time
CN107920033B (en) * 2016-10-07 2021-11-02 现代自动车株式会社 Method for operating a communication node for mirroring in a vehicle network and communication node
CN108563404B (en) * 2018-04-17 2021-07-27 四川神琥科技有限公司 Data packet capturing and storing method and equipment
CN108628236A (en) * 2018-06-07 2018-10-09 苏州市智水环境科研技术有限公司 Intelligent environment monitoring system
CN110188517B (en) * 2018-12-14 2021-12-28 浙江宇视科技有限公司 User account login method and device based on role mode
CN110426971B (en) * 2019-06-26 2021-07-20 北京全路通信信号研究设计院集团有限公司 Rail transit control network data acquisition and management method and system
CN116886406B (en) * 2023-08-04 2024-01-30 广州市博立信息科技有限公司 Computer network data safety intelligent protection system

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100495975C (en) * 2003-12-30 2009-06-03 上海交通大学 Network message safety comprehensive management method based on safety application servicer
CN101388763B (en) * 2007-09-12 2011-02-02 北京启明星辰信息技术股份有限公司 SQL injection attack detection system supporting multiple database types
CN101639879B (en) * 2008-07-28 2012-06-20 成都市华为赛门铁克科技有限公司 Database security monitoring method, device and system
CN101296256B (en) * 2008-06-19 2012-07-04 中国电信股份有限公司 Method and system for implementing accurate information propelling by internet
US9264443B2 (en) * 2008-08-25 2016-02-16 International Business Machines Corporation Browser based method of assessing web application vulnerability
CN101431434B (en) * 2008-12-17 2012-03-21 中国移动通信集团四川有限公司 Content monitoring and plugging system and method based on WAP
CN101442449A (en) * 2008-12-18 2009-05-27 中国移动通信集团浙江有限公司 Method for completely auditing user behaviors under centralization access mode
CN102053970B (en) * 2009-10-30 2013-04-03 中国移动通信集团广西有限公司 Database auditing method and system
CN101729602B (en) * 2009-12-11 2012-10-24 北京工业大学 Method for acquiring P2P (peer-to-peer) video system program information
CN102542478A (en) * 2010-12-31 2012-07-04 北京安码科技有限公司 Electronic business user public access track extracting method and device
CN102868738A (en) * 2012-08-30 2013-01-09 福建富士通信息软件有限公司 Hyper text transfer protocol (HTTP)/hypertext transfer protocol secure (HTTPS) behavior management and control auditing method based on Web proxy

Also Published As

Publication number Publication date
CN104378228A (en) 2015-02-25

Similar Documents

Publication Publication Date Title
CN104378228B (en) Network data security manages system and method
US10437831B2 (en) Identifying insider-threat security incidents via recursive anomaly detection of user behavior
US9189634B2 (en) System and method for information risk management
CN110443048A (en) Data center looks into number system
CN104486346B (en) A kind of springboard machine system
CN105681298A (en) Data security abnormity monitoring method and system in public information platform
CN105573291B (en) A kind of threat detection method and safety device based on key parameter fusion verification
CN103166794A (en) Information security management method with integration security control function
CN103400226A (en) Integrated tobacco industry information security, operation and maintenance application platform system
TW200530805A (en) Database user behavior monitor system and method
CN106383768A (en) Mobile device operation behavior-based supervision analysis system and method
CN110708316A (en) Method and system architecture for enterprise network security operation management
CN108537243B (en) Violation warning method and device
CN103365963B (en) Database audit system compliance method for quickly detecting
CN109992961A (en) Detection system and method for the anti-hacker attacks of Database Systems
CN106254096A (en) A kind of processing means of Linux daily record
CN115378711A (en) Industrial control network intrusion detection method and system
CN106407836B (en) A kind of method and device that the behavior of data illegal modifications detects automatically
CN110119629A (en) Private data management and data safety unified platform
US11170449B2 (en) Signals-based data syndication and collaboration
US20130041796A1 (en) Application governance process and tool
KR20060058186A (en) Information technology risk management system and method the same
CN108334961A (en) A kind of patrolling method and server
CN116680147A (en) Operation monitoring method and device of LED display screen and electronic equipment
CN110378120A (en) Application programming interfaces attack detection method, device and readable storage medium storing program for executing

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant