CN104883340A - Method for preventing invasions and access equipment - Google Patents
Method for preventing invasions and access equipment Download PDFInfo
- Publication number
- CN104883340A CN104883340A CN201410070449.5A CN201410070449A CN104883340A CN 104883340 A CN104883340 A CN 104883340A CN 201410070449 A CN201410070449 A CN 201410070449A CN 104883340 A CN104883340 A CN 104883340A
- Authority
- CN
- China
- Prior art keywords
- access device
- interface
- mode
- message
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/082—Access security using revocation of authorisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
- Telephonic Communication Services (AREA)
- Small-Scale Networks (AREA)
Abstract
An embodiment of the invention provides a method for preventing invasions and access equipment. The access equipment comprises an interface. The method comprises the steps of: determining a fact that a triggering event is satisfied by the access equipment, and setting the operation mode of the interface to a locked mode for preventing accessing into a network with the access equipment by any terminal through the interface. The access equipment in the embodiment of the invention comprises at least one interface. For any interface of the interfaces of the access equipment, when the access equipment determines an invasion risk into the access equipment at the interface, the operation mode of the interface is set to the closed mode, and accessing into the network with the access equipment by any terminal through the interface can be prevented, thereby improving safety of the network with the access equipment. Furthermore, the access equipment performs the processing on each interface in the interfaces, thereby preventing communication between any terminal and the access equipment or upper network equipment of the access equipment. The method and access equipment can effectively prevent invasion of hackers and protects network safety.
Description
Technical field
The embodiment of the present invention relates to networking technology area, and more specifically, relates to a kind of method and access device of Intrusion prevention.
Background technology
Power business is divided into generating, transmission of electricity, power transformation, scheduling, distribution, the several link of electricity consumption, along with distribution business and electricity consumption business extend to roadside and building, and the heavy damage security capabilities of original power private network.Assailant is easy to touch distribution network and power utilization network, hacker can have optical network unit (Optical Network Unit by illegal means access, ONU) interface distribution network, there is the power utilization network of concentrator interface, thus invade and control distribution, power utilization network, even dispatch automated system, causes the ill effect such as security incident of serious distribution, electricity consumption, even electrical network.
Summary of the invention
The embodiment of the present invention provides a kind of method of Intrusion prevention, in order to improve the fail safe of network.
First aspect, provide a kind of method of Intrusion prevention, described method is applied to access device, described access device comprises interface, described interface is used for terminal accesses described access device place network by described interface, described method comprises: described access device is determined to meet trigger event, and described trigger event is for representing that access device exists invaded risk described in described interface; The mode of operation of described interface is set to non-blocking mode by described access device, and described non-blocking mode accesses the network at described access device place for stoping any terminal by described interface.
In conjunction with first aspect, in the first possible implementation of first aspect, described access device has interface status monitor function, when determining that described access device has opened described interface status monitor function, described trigger event comprises: the state of described interface becomes DOWN from UP, or the mode of operation of described interface is operational mode and the duration that described interface is in DOWN exceedes predetermined threshold value, or described access device is restarted; When described access device opens described interface status monitor function, described trigger event comprises: the state of described interface is DOWN.
In conjunction with the first possible implementation of first aspect or first aspect, in the implementation that the second of first aspect is possible, described method also comprises: described access device generates the first message, and the mode of operation that described first message is used to indicate described interface is non-blocking mode; Described first message is sent to network management system by described access device.
In conjunction with the implementation that the second of first aspect is possible, in the third possible implementation of first aspect, after described first message is sent to network management system by described access device, also comprise: described access device receives the second message that described network management system sends, and described second message is used to indicate described access device and the mode of operation of described interface is switched to operational mode; The mode of operation of described interface, according to described second message, is switched to operational mode by described access device.
In conjunction with any one possible implementation of first aspect or above-mentioned first aspect, in the 4th kind of possible implementation of first aspect, described method also comprises: described access device receives the 3rd message that described network management system sends, and described 3rd message is used to indicate described interface to be needed debugged; The mode of operation of described interface, according to described 3rd message, is switched to debugging mode by described access device.
Second aspect, provide a kind of access device, described access device comprises interface, described interface is used for terminal accesses described access device place network by described interface, described access device comprises: determining unit, meet trigger event for determining, described trigger event is for representing that access device exists invaded risk described in described interface; Setting unit, for the mode of operation of described interface is set to non-blocking mode, described non-blocking mode accesses the network at described access device place for stoping any terminal by described interface.
In conjunction with second aspect, in the first possible implementation of second aspect, described access device has interface status monitor function, when determining that described access device has opened described interface status monitor function, described trigger event comprises: the state of described interface becomes DOWN from UP, or the mode of operation of described interface is operational mode and the duration that described interface is in DOWN exceedes predetermined threshold value, or described access device is restarted; When described access device opens described interface status monitor function, described trigger event comprises: the state of described interface is DOWN.
In conjunction with the first possible implementation of second aspect or second aspect, in the implementation that the second of second aspect is possible, described access device also comprises: generation unit, and for generating the first message, the mode of operation that described first message is used to indicate described interface is non-blocking mode; Transmitting element, is sent to network management system for described first message generated by described generation unit.
In conjunction with the implementation that the second of second aspect is possible, in the third possible implementation of second aspect, described access device also comprises: receiving element, for receiving the second message that described network management system sends, described second message is used to indicate described access device and the mode of operation of described interface is switched to operational mode; Described setting unit, described second message also for receiving according to described receiving element, switches to operational mode by the mode of operation of described interface.
In conjunction with any one possible implementation of second aspect or above-mentioned second aspect, in the 4th kind of possible implementation of second aspect, described receiving element, also for receiving the 3rd message that described network management system sends, described 3rd message is used to indicate described interface to be needed debugged; Described setting unit, described 3rd message also for receiving according to described receiving element, switches to debugging mode by the mode of operation of described interface.
The third aspect, provide a kind of access device, described access device comprises interface, and this interface is used for terminal accesses this access device place network by this interface, described access device also comprises processor and memory, wherein: described memory is used for program code stored; Described processor, for reading the program code in memory, performs: determine to meet trigger event, and this trigger event exists invaded risk for representing at this interface access device.And the mode of operation of this interface is set to non-blocking mode, this non-blocking mode accesses the network at this access device place for stoping any terminal by this interface.
In conjunction with the third aspect, in the first possible implementation of the third aspect, access device has interface status monitor function, when determining that described access device has opened described interface status monitor function, described trigger event comprises: the state of described interface becomes DOWN from UP, or the mode of operation of described interface is operational mode and the duration that described interface is in DOWN exceedes predetermined threshold value, or described access device is restarted; When described access device opens described interface status monitor function, described trigger event comprises: the state of described interface is DOWN.
In conjunction with the first possible implementation of the third aspect or the third aspect, in the implementation that the second of the third aspect is possible, described access device also comprises transtation mission circuit, described transtation mission circuit is communicated with network management system by the port in described access device, described processor is also for generating the first message, and the mode of operation that described first message is used to indicate described interface is non-blocking mode; Described transtation mission circuit, is sent to described network management system for described first message generated by described processor.
In conjunction with the implementation that the second of the third aspect is possible, in the third possible implementation of the third aspect, described access device also comprises receiving circuit, described receiving circuit is communicated with described network management system by the port in described access device, the second message that described receiving circuit sends for receiving described network management system, described second message is used to indicate described access device and the mode of operation of described interface is switched to operational mode; Described processor, described second message also for receiving according to described receiving circuit, switches to operational mode by the mode of operation of described interface.
In conjunction with any one possible implementation of the third aspect or the above-mentioned third aspect, in the 4th kind of possible implementation of the third aspect, described receiving circuit, also for receiving the 3rd message that described network management system sends, described 3rd message is used to indicate described interface to be needed debugged; Described processor, described 3rd message also for receiving according to described receiving circuit, switches to debugging mode by the mode of operation of described interface.
Access device in the embodiment of the present invention comprises at least one interface, for any one interface wherein, when access device determines to there is the invaded risk of this access device at interface, the mode of operation of this interface is set to non-blocking mode, any terminal can be stoped to be linked into the network at this access device place by this interface, thus to improve the fail safe of the network at this access device place.Further; access device performs above-mentioned process to each interface at least one interface described; to stop any terminal to communicate with this access device or with the upper network equipment of this access device, the access of hacker effectively can be prevented, the safety of protecting network.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic diagram of a scene of the embodiment of the present invention.
Fig. 2 is the flow chart of the method for the Intrusion prevention of one embodiment of the invention.
Fig. 3 be the interface of one embodiment of the invention mode of operation between carry out the schematic diagram that switches.
Fig. 4 is the indicative flowchart of the method for the Intrusion prevention of one embodiment of the invention.
Fig. 5 is the block diagram of the access device of one embodiment of the invention.
Fig. 6 is the block diagram of the access device of another embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
In the embodiment of the present invention, access device can be the special communication equipment of electric power, such as ONU or concentrator.Access device also can be other communication equipment, such as switch or router or customer premises equipment, CPE (Customer Premises Equipment, CPE).Access device also can be other the access device be connected with terminal, and the present invention is not construed as limiting this.The terminal be connected with this access device can be user terminal, or also can be hub (Hub), or also can be the terminal of other types, and the present invention is not construed as limiting this.
Fig. 1 is the schematic diagram of a scene of the embodiment of the present invention.Scene graph shown in Fig. 1 comprises access device 100, and this access device 100 has multiple interface, and this access device 100 shown in Fig. 1 has 6 interfaces, respectively as 101-106 of Fig. 1.Meanwhile, also show in Fig. 1 and carry out by interface 106 and this access device the first terminal 110 that communicates.
It should be noted that the quantity of the embodiment of the present invention to the interface of access device is not construed as limiting, it is only schematic that the access device in Fig. 1 has 6 interfaces.
It should be noted that the access device in the embodiment of the present invention also has central processing unit, for the port be connected with network management system, and other parts etc., not shown in Fig. 1.The present invention is not construed as limiting this.
Fig. 2 is the flow chart of the method for the Intrusion prevention of one embodiment of the invention.Method shown in Fig. 2 is performed by access device, and this access device comprises interface, and this interface is used for terminal accesses this access device place network by this interface.The method of Fig. 2 comprises:
201, determining to meet trigger event, there is invaded risk for representing at this access device of this interface in this trigger event.
202, the mode of operation of this interface is set to non-blocking mode, and this non-blocking mode accesses the network at this access device place for stoping any terminal by this interface.
Access device in the embodiment of the present invention comprises at least one interface, for any one interface wherein, when access device determines to there is the invaded risk of this access device at interface, the mode of operation of this interface is set to non-blocking mode, any terminal can be stoped to be linked into the network at this access device place by this interface, thus to improve the fail safe of the network at this access device place.Further; access device performs above-mentioned process to each interface at least one interface described; to stop any terminal to communicate with this access device or with the upper network equipment of this access device, the access of hacker effectively can be prevented, the safety of protecting network.
In the embodiment of the present invention, access device comprises interface, and the state of interface is UP or DOWN.
The state of interface is UP, can be regarded as first terminal and has been undertaken being connected (link) by this interface and this access device, Serial Communication of going forward side by side.The state of interface is DOWN, can be regarded as this interface and is in the free time, be connected without any terminal by this interface with this access device.
It should be noted that said communication in the embodiment of the present invention, can be communicate with this access device, and also can be communicate with other the equipment in the network at this access device place, the present invention be not construed as limiting this.
The state of interface becomes DOWN from UP, and the relation that can be understood as over that interface between first terminal and this access device becomes off-state from connection status.The state of interface becomes UP from DOWN, can be understood as this interface and is initially located in idle condition, has first terminal to be connected with this access device by this interface subsequently, and communicates.
In the embodiment of the present invention, the mode of operation of interface is debugging mode, or operational mode, or non-blocking mode.As shown in Figure 3.
When the mode of operation of interface is operational mode, the state of this interface may be UP, also may be DOWN.Particularly, when the mode of operation of interface is operational mode and the state of this interface is DOWN, also can claim this interface can UP.Interface can UP, and can be understood as the current state of this interface is DOWN, and when the second terminal attempts being connected with this access device by this interface, and the network that this second terminal can be accessed by this access device place is gone forward side by side Serial Communication.Wherein, this second terminal can be first terminal, also can be other any terminal different from first terminal.
When the mode of operation of interface is non-blocking mode and the state of this interface is DOWN, also can claim this interface can not UP.Interface can not UP, and can be understood as the current state of this interface is DOWN, and when any terminal attempts being connected with this access device by this interface, this access device does not allow this any terminal to be communicated by this interface.
Also can be understood as, when the mode of operation of interface is non-blocking mode, even if a terminal is connected with this access device in form by this interface, also cannot communicate.
In the embodiment of the present invention, access device can have interface status monitor function, and access device unlock interface condition monitoring function can be used in the state variation of each interface monitoring this access device.
Access device may be in deployment phase or be in the operation phase.When access device is in deployment phase, the interface status monitor function of this access device is closed, like this can so that the existing network of this access device is disposed and debugging.When access device is in the operation phase, the interface status monitor function of this access device is opened.When access device switches to deployment phase from the operation phase, can the interface status monitor function of this access device be closed simultaneously.When access device switches to the operation phase from deployment phase, can the interface status monitor function of this access device be opened simultaneously.
Particularly, when access device is in deployment phase, the interface status monitor function of access device is closed, and the mode of operation of all interfaces of this access device is debugging mode.Particularly, when access device is in the operation phase, the interface status monitor function of access device is opened, and the mode of operation of the interface of this access device is operational mode or non-blocking mode.As shown in Figure 3, in the left side of dotted line, represent that access device is in deployment phase, the mode of operation of interface is debugging mode.On the right side of dotted line, represent that access device is in the operation phase, the mode of operation of interface is operational mode or non-blocking mode.This relation can be shown in Table 1.
Table 1
| The stage of access device | Interface status monitor function | The mode of operation of interface |
| Deployment phase | Interface status monitor function is closed | Debugging mode |
| Operation phase | Interface status monitor function is opened | Operational mode or non-blocking mode |
Alternatively, as an embodiment, when determine access device unlock interface condition monitoring function time, trigger event in 201 can be: the state of interface becomes DOWN from UP, or, the mode of operation of interface is operational mode and the duration that this interface is in DOWN exceedes predetermined threshold value, or this access device is restarted.
Wherein, trigger event is: the state of interface becomes DOWN from UP, and can be understood as when the mode of operation of this interface is operational mode, the state of this interface becomes DOWN from UP.
Wherein, trigger event is: this access device is restarted, and can be understood as arbitrary interface that interface is this access device.
Wherein, the size of the embodiment of the present invention to predetermined threshold value is not construed as limiting.Such as, this predetermined threshold value can be 10 minutes, or also can be 1 hour, or also can be other size, and the present invention does not limit this.
Can be understood as, 201 and 202 are in performed by the operation phase at this access device.Or can be understood as, 201 and 202 is performed when this access device unlock interface condition monitoring function.Now, in 202, the mode of operation of interface is set to non-blocking mode from operational mode according to trigger event by access device.As shown in 301 in Fig. 3.
Alternatively, as another embodiment, when access device unlock interface condition monitoring function, the trigger event in 201 also can be: the state of the interface of this access device is DOWN.
Also can be understood as, this trigger event is: when access device is switched to the operation phase from deployment phase, and the state of interface is DOWN.
Can be understood as, 201 and 202 is performed when this access device unlock interface condition monitoring function, and in other words, 201 and 202 is performed when this access device is switched to the operation phase from deployment phase.Now, the mode of operation of interface is switched to non-blocking mode from debugging mode by access device in 202.As shown in 302 in Fig. 3.
Alternatively, as an embodiment, this access device is after the mode of operation of interface is set to non-blocking mode by 202, also can generate the first message, or, access device also can generate the first message while the mode of operation of interface is set to non-blocking mode by 202, or access device also can generate the first message before 202.The present invention is not construed as limiting this.The mode of operation that this first message is used to indicate the interface of this access device is non-blocking mode.
This first message can be sent to network management system (NetworkManagement System) by further access device.
In the embodiment of the present invention, network management system can be the server being provided with the network management software, also can be the personal computer (Personal Computer, PC) being provided with the network management software, also can be that other have the equipment of Network Management Function, the present invention be not construed as limiting this.
Like this, network management system can know the change of the mode of operation of the interface of this access device, further processes according to the first message to make network management system.
Alternatively, the information indicated by this first message, after receiving the first message, can be presented to user by network management system.Such as, the interface number of this interface can be presented on the display interface of the server or PC that are provided with the network management software.
And the information that user can present according to this goes to check interface.If user confirms that this interface has suffered illegal invasion, then user does not make further unlocking operation, still keeps the mode of operation of this interface to be non-blocking mode.If user confirms that this interface can be in the state of DOWN for a long time and also normally access this access device without the need for any terminal by this interface within a period of time, then user also can not make further unlocking operation, still keeps the mode of operation of this interface to be non-blocking mode.The terminal of normal this access device of access mentioned here can refer to that this user can identify and permit to access the terminal of this access device.
If user is through investigation, determine that this interface is not by illegal invasion, then user can perform unlocking operation.
Particularly, the mode of operation of this interface can be switched to operational mode by network management system by user.
Such as, user can carry out the first input, and this second message according to the first input generation second message, and is sent to this access device by network management system.Further, the second message that this access device receiving network managing system sends, this second message is used to indicate this access device and the mode of operation of interface is switched to operational mode, and according to this second message, the mode of operation of the interface of this access device is switched to operational mode.As shown in 303 in Fig. 3.
Like this, user is when investigating interface and illegally not accessed, make access device that the mode of operation of interface is switched to operational mode in time by the second message, can ensure to connect proper communication between the terminal of this access device and this access device by this interface.
Or particularly, the mode of operation of this interface can be switched to debugging mode by network management system by user.
Such as, when user determines that the interface of this access device needs to debug, user can carry out the second input, and the 3rd message according to the second input generation the 3rd message, and is sent to this access device by network management system.Further, the 3rd message that this access device receiving network managing system sends, and according to the 3rd message, the mode of operation of this interface is switched to debugging mode.Wherein, the 3rd message be used to indicate this access device interface need debugged.
It should be noted that access device is while switching to debugging mode by the mode of operation of interface, the interface status monitor function of access device can be closed.
Should be understood that associative list 1, access device, while the mode of operation of interface is switched to debugging mode, is switched to deployment phase from the operation phase by access device, and the interface status monitor function of access device is closed.That is, the mode of operation of the total interface of this access device is all switched to debugging mode simultaneously.As shown in 304 in Fig. 3.
Like this, the mode of operation of interface just can be realized to switch to debugging mode from operational mode or non-blocking mode.
Further, after the debugging of the interface to this access device completes, this access device can open the interface status monitor function of this access device, and the mode of operation of this interface is switched to operational mode or non-blocking mode from debugging mode.
Particularly, after the debugging of the interface to this access device completes, user can carry out the 3rd input, and the 4th message according to the 3rd input generation the 4th message, and is sent to this access device by network management system.Further, the 4th message that this access device receiving network managing system sends, opens the interface status monitor function of this access device, and the mode of operation of this interface is switched to operational mode or non-blocking mode according to the 4th message.
Should be understood that access device is when unlock interface condition monitoring function, also switches to the operation phase by access device from deployment phase simultaneously.
Particularly, if when this access device opens the interface status monitor function of this access device after debugging, determine interface to meet trigger event be the state of this interface to be DOWN, when so this access device opens the interface status monitor function of this access device after debugging, the mode of operation of this interface is switched to non-blocking mode.As shown in 302 in Fig. 3.
Particularly, if when this access device opens the interface status monitor function of this access device after debugging, the state of interface is UP, namely there is user to identify at interface and permit to access the terminal access of this access device, when so this access device opens the interface status monitor function of this access device after debugging, the mode of operation of this interface is switched to operational mode.As shown in 305 in Fig. 3.
Like this, the mode of operation of interface just can be realized to switch to operational mode or non-blocking mode from debugging mode.
Like this, the embodiment of the present invention can realize the switching of mode of operation between operational mode, debugging mode, non-blocking mode of the interface of this access device.
Fig. 4 is the indicative flowchart of the method for the Intrusion prevention of one embodiment of the invention.Suppose that access device is in the operation phase, namely suppose this access device unlock interface condition monitoring function.Method shown in Fig. 4 comprises:
401, the state of access device determination interface becomes DOWN from UP.
Can be understood as the connection carrying out certain terminal and this access device communicated by this interface and this access device to disconnect.Or when the mode of operation that can be understood as this interface is operational mode, the state of this interface becomes DOWN from UP.Wherein, this interface can be any one interface of this access device.
Such as, see Fig. 1, when first terminal 110 and access device 100 be connected to interface 106 place disconnect time, access device 100 detects that the state of interface 106 becomes DOWN from UP.
402, the mode of operation of this interface is set to non-blocking mode by this access device.And perform 403.
Such as, see Fig. 1, the mode of operation of interface 106 is switched to non-blocking mode from operational mode by access device 100.
If in 401, it is because hacker wants to connect this access device by this interface that the state of interface becomes DOWN from UP, like this, just achieves anti-illegal-inbreak.
403, this access device generates the first message.And perform 404.
Particularly, this first message is used to indicate the mode of operation of this interface is non-blocking mode.
404, the first message that this access device generates 403 is sent to network management system.
405, the second message that access device receiving network managing system sends, this second message is used to indicate this access device and the mode of operation of this interface is switched to operational mode.And perform 406.
406, the mode of operation of this interface is switched to operational mode by access device.
Like this, when network management system gets rid of the possibility of illegal invasion, the mode of operation of interface is switched to operational mode from non-blocking mode, the normal use of this interface can be ensured.
409, anti-illegal-inbreak.
After 406, also 410 can be performed.
410, judging that interface is in the duration of UP state can exceed predetermined threshold value.If so, 402 are performed.
It should be noted that Fig. 4 is only one embodiment of the present of invention.Those skilled in the art on this embodiment basis without creative work other embodiment getable, all within scope.
Like this, access device detect there is invaded risk at interface time, the mode of operation of interface is set to non-blocking mode, can prevents by the illegal invasion of this interface to this access device, thus the safety of protecting network effectively.
For the access device 100 shown in Fig. 1, suppose that this access device 100 is initially in deployment phase, now the interface status monitor function of this access device 100 is closed, and now the mode of operation of interface 101 to the interface 106 of this access device 100 is debugging mode.Subsequently in the first moment, this access device 100 is switched to the operation phase from deployment phase, and when opening the interface status monitor function of access device 100 simultaneously, determine that the state of interface 101 to interface 105 is DOWN, just the mode of operation of interface 101 to interface 105 is all switched to non-blocking mode.Now the state of interface 106 is UP, just the mode of operation of interface 106 is switched to operational mode, like this, first terminal 110 communicates with this access device 100 by interface 106, also can communicate with the upper layer network equipment of this access device 100 further by interface 106.
In the second moment, when access device 100 is restarted, the mode of operation of interface 101-interface 106 all can be set to non-blocking mode by this access device 100.Particularly, in the second moment, access device 100 keeps the mode of operation of interface 101 to interface 105 to be non-blocking mode, and the mode of operation of interface 106 is switched to non-blocking mode from operational mode.Further, under the instruction of network management system, the mode of operation of interface 106 can be switched to operational mode by access device 100, so that the first terminal 110 being undertaken being connected by interface 106 and access device 100 can communicate normally with access device 100.
In the 3rd moment, the mode of operation of the one or more interfaces in interface 101 to interface 105 also under the instruction of network management system, can be switched to operational mode by access device 100.Such as, network management system can indicate access device 100 that the mode of operation of interface 103 is switched to operational mode, normally to access this access device through the second terminal of license.But, if after the mode of operation of interface 103 switches to operational mode by access device 100, through the duration of predetermined threshold value, the state of interface 103 is still DOWN, and the mode of operation of interface 103 can be switched to non-blocking mode by access device 100 again.Also can be understood as access device 100 by the state of interface 103 by can switching to of UP can not UP.
If in the 4th moment, access device 100 finds that first terminal 110 is disconnected by the connection of interface 106 with access device 100, and namely the state of interface 106 becomes DOWN from UP, and now the mode of operation of interface 106 is switched to non-blocking mode by access device 100.
Access device in the embodiment of the present invention comprises at least one interface, when there is the invaded risk of this access device in the interface that access device is determined at least one interface, the mode of operation of this interface is set to non-blocking mode, any terminal can be stoped to be linked into this access device by this interface, the any terminal of further prevention communicates with this access device or with the upper network equipment of this access device, effectively can prevent the invasion of hacker at physical layer.Further, the method for the embodiment of the present invention realizes in product side, and without the need to increasing extra equipment, can be effectively cost-saving.
Fig. 5 is the block diagram of the access device of one embodiment of the invention.Access device 500 shown in Fig. 5 comprises interface, and this interface is used for terminal accesses this access device 500 place network by this interface, and wherein access device 500 comprises determining unit 501 and setting unit 502.
Determining unit 501 meets trigger event for determining, this trigger event exists invaded risk for representing at this interface access device 500.If setting unit 502 is determined to meet trigger event for determining unit 501, the mode of operation of this interface is set to non-blocking mode, this non-blocking mode accesses the network at this access device 500 place for stoping any terminal by this interface.
Access device in the embodiment of the present invention comprises at least one interface, for any one interface wherein, when access device determines to there is the invaded risk of this access device at interface, the mode of operation of this interface is set to non-blocking mode, any terminal can be stoped to be linked into the network at this access device place by this interface, thus to improve the fail safe of the network at this access device place.Further; access device performs above-mentioned process to each interface at least one interface described; to stop any terminal to communicate with this access device or with the upper network equipment of this access device, the access of hacker effectively can be prevented, the safety of protecting network.
Alternatively, as an embodiment, access device 500 has interface status monitor function.
When determining that access device 500 has opened described interface status monitor function, trigger event comprises: the state of described interface becomes DOWN from UP, or, the mode of operation of described interface is operational mode and the duration that described interface is in DOWN exceedes predetermined threshold value, or described access device 500 is restarted.
When access device 500 opens described interface status monitor function, trigger event comprises: the state of described interface is DOWN.
Alternatively, as another embodiment, access device 500 also comprises generation unit 503 and transmitting element 504.Generation unit 503 is for generating the first message, and the mode of operation that described first message is used to indicate described interface is non-blocking mode.Transmitting element 504 is sent to network management system for described first message generated by generation unit 503.
Alternatively, as another embodiment, access device 500 also comprises receiving element 505.The second message that receiving element 505 sends for receiving network managing system, described second message is used to indicate access device 500 and the mode of operation of described interface is switched to operational mode.Described second message of setting unit 502 also for receiving according to receiving element 505, switches to operational mode by the mode of operation of described interface.
Alternatively, as another embodiment, receiving element 505 is also for receiving the 3rd message that described network management system sends, and described 3rd message is used to indicate described interface to be needed debugged.Described three message of setting unit 502 also for receiving according to receiving element 505, switches to debugging mode by the mode of operation of described interface.
Access device 500 can realize each process realized by access device in the embodiment of Fig. 2 and Fig. 4, for avoiding repetition, repeats no more here.
Fig. 6 is the block diagram of the access device of another embodiment of the present invention.Access device 600 in Fig. 6 comprises interface, and this interface is used for terminal accesses this access device 600 place network by this interface, and wherein access device 600 comprises processor 601, receiving circuit 602, transtation mission circuit 603 and memory 604.Wherein, receiving circuit 602 is communicated with network management system by the port in access device 600 with transtation mission circuit 603.
Memory 604 is for program code stored;
Processor 601, for reading the program code in memory 604, performs:
Determining to meet trigger event, there is invaded risk for representing at this interface access device 600 in this trigger event.And the mode of operation of this interface is set to non-blocking mode, this non-blocking mode accesses the network at this access device 600 place for stoping any terminal by this interface.
Access device in the embodiment of the present invention comprises at least one interface, for any one interface wherein, when access device determines to there is the invaded risk of this access device at interface, the mode of operation of this interface is set to non-blocking mode, any terminal can be stoped to be linked into the network at this access device place by this interface, thus to improve the fail safe of the network at this access device place.Further; access device performs above-mentioned process to each interface at least one interface described; to stop any terminal to communicate with this access device or with the upper network equipment of this access device, the access of hacker effectively can be prevented, the safety of protecting network.
Each assembly in access device 600 is coupled by bus system 605, and wherein bus system 605 is except comprising data/address bus, also comprises power bus, control bus and status signal bus in addition.But for the purpose of clearly demonstrating, in figure 6 various bus is all designated as bus system 605.
The method that the invention described above embodiment discloses can be applied in processor 601, or is realized by processor 601.Processor 601 may be a kind of integrated circuit (IC) chip, has the disposal ability of signal.In implementation procedure, each step of said method can be completed by the instruction of the integrated logic circuit of the hardware in processor 601 or software form.Above-mentioned processor 601 can be general processor, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (ASIC) (Application SpecificIntegrated Circuit, ASIC), ready-made programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic, discrete hardware components.Can realize or perform disclosed each method, step and the logic diagram in the embodiment of the present invention.The processor etc. of general processor can be microprocessor or this processor also can be any routine.Step in conjunction with the method disclosed in the embodiment of the present invention directly can be presented as that hardware decoding processor is complete, or combines complete by the hardware in decoding processor and software module.Software module can be positioned at random asccess memory (Random Access Memory, in the storage medium of RAM), this area maturation such as flash memory, read-only memory (Read-OnlyMemory, ROM), programmable read only memory or electrically erasable programmable memory, register.This storage medium is positioned at memory 604, and processor 601 reads the information in memory 604, completes the step of said method in conjunction with its hardware.
Alternatively, as an embodiment, access device 600 has interface status monitor function.
When determining that access device 600 has opened described interface status monitor function, trigger event comprises: the state of described interface becomes DOWN from UP, or, the mode of operation of described interface is operational mode and the duration that described interface is in DOWN exceedes predetermined threshold value, or described access device 600 is restarted.
When access device 600 opens described interface status monitor function, trigger event comprises: the state of described interface is DOWN.
Alternatively, as another embodiment, processor 601 is also for generating the first message, and the mode of operation that described first message is used to indicate described interface is non-blocking mode.Transtation mission circuit 603 is sent to network management system for described first message generated by processor 601.
Alternatively, as another embodiment, the second message that receiving circuit 602 sends for receiving network managing system, described second message is used to indicate access device 600 and the mode of operation of described interface is switched to operational mode.Described second message of processor 601 also for receiving according to receiving circuit 602,
The mode of operation of described interface is switched to operational mode.
Alternatively, as another embodiment, receiving circuit 602 is also for receiving the 3rd message that described network management system sends, and described 3rd message is used to indicate described interface to be needed debugged.Described three message of processor 601 also for receiving according to receiving circuit 602, switches to debugging mode by the mode of operation of described interface.
Access device 600 can realize each process realized by access device in the embodiment of Fig. 2 and Fig. 4, for avoiding repetition, repeats no more here.
Those of ordinary skill in the art can recognize, in conjunction with unit and the algorithm steps of each example of embodiment disclosed herein description, can realize with the combination of electronic hardware or computer software and electronic hardware.These functions perform with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can use distinct methods to realize described function to each specifically should being used for, but this realization should not thought and exceeds scope of the present invention.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the specific works process of the system of foregoing description, device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
In several embodiments that the application provides, should be understood that disclosed system, apparatus and method can realize by another way.Such as, device embodiment described above is only schematic, such as, the division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.
If described function using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part of the part that technical scheme of the present invention contributes to prior art in essence in other words or this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (10)
1. a method for Intrusion prevention, is characterized in that, described method is applied to access device, and described access device comprises interface, and described interface is used for terminal accesses described access device place network by described interface, and described method comprises:
Described access device is determined to meet trigger event, and described trigger event is for representing that access device exists invaded risk described in described interface;
The mode of operation of described interface is set to non-blocking mode by described access device, and described non-blocking mode accesses the network at described access device place for stoping any terminal by described interface.
2. method according to claim 1, is characterized in that, described access device has interface status monitor function,
When determining that described access device has opened described interface status monitor function, described trigger event comprises: the state of described interface becomes DOWN from UP, or, the mode of operation of described interface is operational mode and the duration that described interface is in DOWN exceedes predetermined threshold value, or described access device is restarted;
When described access device is opening described interface status monitor function, described trigger event is comprising: the state of described interface is DOWN.
3. method according to claim 1 and 2, is characterized in that, described method also comprises:
Described access device generates the first message, and the mode of operation that described first message is used to indicate described interface is non-blocking mode;
Described first message is sent to network management system by described access device.
4. method according to claim 3, is characterized in that, after described first message is sent to network management system by described access device, also comprises:
Described access device receives the second message that described network management system sends, and described second message is used to indicate described access device and the mode of operation of described interface is switched to operational mode;
The mode of operation of described interface, according to described second message, is switched to operational mode by described access device.
5. the method according to any one of Claims 1-4, is characterized in that, described method also comprises:
Described access device receives the 3rd message that described network management system sends, and described 3rd message is used to indicate described interface to be needed debugged;
The mode of operation of described interface, according to described 3rd message, is switched to debugging mode by described access device.
6. an access device, is characterized in that, described access device comprises interface, and described interface is used for terminal accesses described access device place network by described interface, and described access device comprises:
Determining unit, meets trigger event for determining, described trigger event is for representing that access device exists invaded risk described in described interface;
Setting unit, if determine to meet trigger event for described determining unit, is set to non-blocking mode by the mode of operation of described interface, and described non-blocking mode accesses the network at described access device place for stoping any terminal by described interface.
7. access device according to claim 6, is characterized in that, described access device has interface status monitor function,
When determining that described access device has opened described interface status monitor function, described trigger event comprises: the state of described interface becomes DOWN from UP, or, the mode of operation of described interface is operational mode and the duration that described interface is in DOWN exceedes predetermined threshold value, or described access device is restarted;
When described access device is opening described interface status monitor function, described trigger event is comprising: the state of described interface is DOWN.
8. the access device according to claim 6 or 7, described access device also comprises:
Generation unit, for generating the first message, the mode of operation that described first message is used to indicate described interface is non-blocking mode;
Transmitting element, is sent to network management system for described first message generated by described generation unit.
9. access device according to claim 8, is characterized in that, described access device also comprises:
Receiving element, for receiving the second message that described network management system sends, described second message is used to indicate described access device and the mode of operation of described interface is switched to operational mode;
Described setting unit, described second message also for receiving according to described receiving element, switches to operational mode by the mode of operation of described interface.
10., according to the access device described in claim 6 to 9, it is characterized in that,
Described receiving element, also for receiving the 3rd message that described network management system sends, described 3rd message is used to indicate described interface to be needed debugged;
Described setting unit, described 3rd message also for receiving according to described receiving element, switches to debugging mode by the mode of operation of described interface.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410070449.5A CN104883340B (en) | 2014-02-28 | 2014-02-28 | The method and access device of Intrusion prevention |
| PCT/CN2015/070371 WO2015127831A1 (en) | 2014-02-28 | 2015-01-08 | Anti-intrusion method and access device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410070449.5A CN104883340B (en) | 2014-02-28 | 2014-02-28 | The method and access device of Intrusion prevention |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104883340A true CN104883340A (en) | 2015-09-02 |
| CN104883340B CN104883340B (en) | 2018-10-12 |
Family
ID=53950675
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410070449.5A Active CN104883340B (en) | 2014-02-28 | 2014-02-28 | The method and access device of Intrusion prevention |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104883340B (en) |
| WO (1) | WO2015127831A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105610588A (en) * | 2015-12-18 | 2016-05-25 | 福建星网锐捷网络有限公司 | Control method and device for dummy equipment |
| CN113347511A (en) * | 2021-05-24 | 2021-09-03 | 广西电网有限责任公司 | Method, device and system for defending hop-by-hop attack in optical transmission network |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111835332B (en) * | 2020-06-08 | 2024-06-18 | 上海美仁半导体有限公司 | Programmable chip, unlocking method and household appliance |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1764158A (en) * | 2004-10-06 | 2006-04-26 | 三星电子株式会社 | Differentiated intrusion detection in the network |
| CN101340240A (en) * | 2008-08-26 | 2009-01-07 | 中兴通讯股份有限公司 | Method and system for remote controlling status of optical module in optical network |
| CN101895543A (en) * | 2010-07-12 | 2010-11-24 | 江苏华丽网络工程有限公司 | Method for effectively defending flood attack based on network switching equipment |
| CN102523348A (en) * | 2011-12-19 | 2012-06-27 | 广东步步高电子工业有限公司 | Device and method for unlocking mobile terminal |
-
2014
- 2014-02-28 CN CN201410070449.5A patent/CN104883340B/en active Active
-
2015
- 2015-01-08 WO PCT/CN2015/070371 patent/WO2015127831A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1764158A (en) * | 2004-10-06 | 2006-04-26 | 三星电子株式会社 | Differentiated intrusion detection in the network |
| CN101340240A (en) * | 2008-08-26 | 2009-01-07 | 中兴通讯股份有限公司 | Method and system for remote controlling status of optical module in optical network |
| CN101895543A (en) * | 2010-07-12 | 2010-11-24 | 江苏华丽网络工程有限公司 | Method for effectively defending flood attack based on network switching equipment |
| CN102523348A (en) * | 2011-12-19 | 2012-06-27 | 广东步步高电子工业有限公司 | Device and method for unlocking mobile terminal |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105610588A (en) * | 2015-12-18 | 2016-05-25 | 福建星网锐捷网络有限公司 | Control method and device for dummy equipment |
| CN113347511A (en) * | 2021-05-24 | 2021-09-03 | 广西电网有限责任公司 | Method, device and system for defending hop-by-hop attack in optical transmission network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104883340B (en) | 2018-10-12 |
| WO2015127831A1 (en) | 2015-09-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10055582B1 (en) | Automated detection and remediation of ransomware attacks involving a storage device of a computer network | |
| US10033814B2 (en) | Vehicle security network device and design method therefor | |
| CN111274583A (en) | Big data computer network safety protection device and control method thereof | |
| CN105453102B (en) | The system and method for the private cipher key leaked for identification | |
| CN109155774B (en) | System and method for detecting security threats | |
| CN104662517A (en) | Techniques for detecting a security vulnerability | |
| KR101727678B1 (en) | One-time programmable integrated circuit security | |
| US9075927B2 (en) | Asserting physical presence to a trusted platform module by physically connecting or disconnecting a hot pluggable device | |
| EP3547190A1 (en) | Attack detection device, attack detection method, and attack detection program | |
| CN102130808A (en) | Enhanced mixed physical isolation method | |
| CN106502814A (en) | A kind of method and device of record PCIE device error message | |
| CN104809046A (en) | Application program networking control method and application program networking control device | |
| CN104883340A (en) | Method for preventing invasions and access equipment | |
| CN113821411A (en) | Method and system for protecting secret-involved intranet by preventing illegal external connection of terminal computer | |
| CN111027046A (en) | Access control method and device for USB network equipment | |
| CN108959917A (en) | A kind of method, apparatus, equipment and the readable storage medium storing program for executing of Email detection | |
| US20230123046A1 (en) | Malware propagation forecasting | |
| CN111159718B (en) | Method and device for bug repair and household appliance | |
| CN109462617B (en) | Method and device for detecting communication behavior of equipment in local area network | |
| Agrawal et al. | Threat/hazard analysis and risk assessment: a framework to align the functional safety and security process in automotive domain | |
| KR101719698B1 (en) | Apparatus and method for detecting intrusion of smart-grid | |
| KR101606090B1 (en) | Apparatus and method for protecting network | |
| CN108846281A (en) | Root authority acquisition methods, device, terminal device and storage medium | |
| CN110362983B (en) | Method and device for ensuring consistency of dual-domain system and electronic equipment | |
| KR20190020523A (en) | Apparatus and method for detecting attack by using log analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |