CN105471857A - Power grid terminal invalid external connection monitoring blocking method - Google Patents
Power grid terminal invalid external connection monitoring blocking method Download PDFInfo
- Publication number
- CN105471857A CN105471857A CN201510802325.6A CN201510802325A CN105471857A CN 105471857 A CN105471857 A CN 105471857A CN 201510802325 A CN201510802325 A CN 201510802325A CN 105471857 A CN105471857 A CN 105471857A
- Authority
- CN
- China
- Prior art keywords
- terminal
- user
- external connection
- address
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a power grid terminal invalid external connection monitoring blocking method. The power grid terminal invalid external connection monitoring blocking method comprises steps of, establishing a power grid terminal invalid external connection monitoring blocking device, wherein the device comprises a health inspection module, an ID authentication module, a user binding module and a terminal access module; compliance check; ID verification; user binding and terminal access. The power grid terminal invalid external connection monitoring blocking method is advantaged in that, safety protection and monitoring on office terminals can be carried out, management on invalid external connection monitoring can be realized, control on invalid external connection behaviors is realized, data of equipment and systems is acquired, statistics and presentation of invalid external connection situations in the present network can be realized according to different strategies.
Description
Technical field
The invention belongs to intelligent grid field of informatization construction, particularly relate to a kind of electric network terminal illegal external connection monitoring blocking-up method.
Background technology
In electric network informationization is built, growing along with network, the safety problem of network is more and more outstanding, wherein, most typical network internal potential safety hazard is exactly the illegal external connection of Intranet user, thus threat is greatly formed to the information security of internal network, very easily cause the serious consequence such as leakage of data, hacker attacks.Because traditional method cannot make accurate judgement to the illegal external connection of associated terminal, subscriber data etc., the illegal external connection of inner net computer therefore can not be found effectively in time.
Summary of the invention
In order to solve the problem, a kind of electric network terminal illegal external connection is the object of the present invention is to provide to monitor blocking-up method.
In order to achieve the above object, electric network terminal illegal external connection monitoring blocking-up method provided by the invention comprises the following step carried out in order:
Step 1) build electric network terminal illegal external connection monitoring occluding device, this device is made up of health examination module, ID authentication module, user's binding module and terminal access module;
Step 2) compliance inspection:
According to the strategy pre-seted, utilize health examination module to local office terminal comprise desktop, systems soft ware, network connect the indices of uniqueness and carry out compliance inspection, the terminal of closing rule is let pass and is carried out authenticating user identification; The terminal not conforming to rule is sounded a warning at browser interface, and forbids that its certification carrying out next step networks;
Step 3) ID certification:
Utilize ID authentication module to carry out certification ID to the user of any access network, and adopt user to import, subscriber self-registration, user from service improve user profile at interior various ways, address name, department, office can be accurate in interior detailed content; Cooperating equipment management and IP address management, when going wrong, can determine position and user object, quickly and accurately for system of real name log audit has established solid foundation;
Step 4) user's binding:
Utilize user's binding module to bind for the user that part is special, binding is divided into without certification binding and needs certification to bind two large classes:
Without certification binding by multifactorly binding interior user, MAC, IP, when can realize the accessing terminal to network of these users, do not need certification, but direct distribution its work IP address;
Need certification to bind by the binding to user identity, these users can be allowed in the IP address of the suitable authority of different position acquisitions, thus realize the mechanism of mobile office flexibly;
Step 5) terminal access:
Terminal access module is utilized to carry out unified management to the IP address of terminal, MAC Address, person liable, presence in interior information, when accessing terminal to network, ARP is checked by terminal access module, the relevant information comprising IP address, MAC, address, host name of collection terminal is carried out with this, when finding illegal terminal, immediately carry out alarm or blocking-up, when user's private change IP address or hand establish IP address time, can be checked by terminal access module.
The effect of electric network terminal illegal external connection monitoring blocking-up method provided by the invention: security protection and monitoring can be carried out to office terminal, realize the management to illegal external connection monitoring, the control of illegal external connection behavior, and the data acquisition realizing equipment and system; Realize according to different policy accountings, the illegal external connection situation represented in present networks.
Accompanying drawing explanation
Fig. 1 is the flow chart of electric network terminal illegal external connection provided by the invention monitoring blocking-up method.
Embodiment
Below in conjunction with the drawings and specific embodiments, electric network terminal illegal external connection monitoring blocking-up method provided by the invention is described in detail.
As shown in Figure 1, electric network terminal illegal external connection monitoring blocking-up method provided by the invention comprises the following step performed in order:
Step 1) build electric network terminal illegal external connection monitoring occluding device, this device is made up of health examination module, ID authentication module, user's binding module and terminal access module;
Step 2) compliance inspection:
According to the strategy pre-seted, utilize health examination module to local office terminal comprise desktop, systems soft ware, network connect the indices of uniqueness and carry out compliance inspection, the terminal of closing rule is let pass and is carried out authenticating user identification; The terminal not conforming to rule is sounded a warning at browser interface, and forbids that its certification carrying out next step networks;
Step 3) ID certification:
Utilize ID authentication module to carry out certification ID to the user of any access network, and adopt user to import, subscriber self-registration, user from service improve user profile at interior various ways, address name, department, office can be accurate in interior detailed content; Cooperating equipment management and IP address management, when going wrong, can determine position and user object, quickly and accurately for system of real name log audit has established solid foundation;
Step 4) user's binding:
Utilize user's binding module to bind for the user that part is special, binding is divided into without certification binding and needs certification to bind two large classes:
Mainly being suitable for for computer operation without certification binding is not very skilled user, by multifactorly binding interior user, MAC, IP, do not need certification when can realize the accessing terminal to network of these users, but directly distribute its work IP address;
Need certification to bind and often need mainly for some the user that network conducted interviews at diverse location, as network management personnel etc., by the binding to user identity, these users can be allowed in the IP address of the suitable authority of different position acquisitions, thus realize the mechanism of mobile office flexibly;
Step 5) terminal access:
Terminal access module is utilized to carry out unified management to the IP address of terminal, MAC Address, person liable, presence in interior information, when accessing terminal to network, ARP is checked by terminal access module, the relevant information comprising IP address, MAC, address, host name of collection terminal is carried out with this, when finding illegal terminal, immediately carry out alarm or blocking-up, when user's private change IP address or hand establish IP address time, can be checked by terminal access module.
Electric network terminal illegal external connection monitoring blocking-up method provided by the invention can be monitored the terminal of grid company office network and user, the network equipment such as switch, fire compartment wall can be coordinated, complete the monitoring of the illegal external connection of aspect Network Based, meanwhile, safety desktop system etc. is coordinated to prevent the generation of illegal external connection in all directions.
Electric network terminal illegal external connection monitoring blocking-up method provided by the invention, can realize the management to illegal external connection monitoring system, the control of illegal external connection behavior, represent the illegal external connection situation in present networks, improve the overall security of intelligent grid comprehensively.
Claims (1)
1. an electric network terminal illegal external connection monitoring blocking-up method, is characterized in that: described electric network terminal illegal external connection monitoring blocking-up method comprises the following step carried out in order:
Step 1) build electric network terminal illegal external connection monitoring occluding device, this device is made up of health examination module, ID authentication module, user's binding module and terminal access module;
Step 2) compliance inspection:
According to the strategy pre-seted, utilize health examination module to local office terminal comprise desktop, systems soft ware, network connect the indices of uniqueness and carry out compliance inspection, the terminal of closing rule is let pass and is carried out authenticating user identification; The terminal not conforming to rule is sounded a warning at browser interface, and forbids that its certification carrying out next step networks;
Step 3) ID certification:
Utilize ID authentication module to carry out certification ID to the user of any access network, and adopt user to import, subscriber self-registration, user from service improve user profile at interior various ways, address name, department, office can be accurate in interior detailed content; Cooperating equipment management and IP address management, when going wrong, can determine position and user object, quickly and accurately for system of real name log audit has established solid foundation;
Step 4) user's binding:
Utilize user's binding module to bind for the user that part is special, binding is divided into without certification binding and needs certification to bind two large classes:
Without certification binding by multifactorly binding interior user, MAC, IP, when can realize the accessing terminal to network of these users, do not need certification, but direct distribution its work IP address;
Need certification to bind by the binding to user identity, these users can be allowed in the IP address of the suitable authority of different position acquisitions, thus realize the mechanism of mobile office flexibly;
Step 5) terminal access:
Terminal access module is utilized to carry out unified management to the IP address of terminal, MAC Address, person liable, presence in interior information, when accessing terminal to network, ARP is checked by terminal access module, the relevant information comprising IP address, MAC, address, host name of collection terminal is carried out with this, when finding illegal terminal, immediately carry out alarm or blocking-up, when user's private change IP address or hand establish IP address time, can be checked by terminal access module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510802325.6A CN105471857A (en) | 2015-11-19 | 2015-11-19 | Power grid terminal invalid external connection monitoring blocking method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510802325.6A CN105471857A (en) | 2015-11-19 | 2015-11-19 | Power grid terminal invalid external connection monitoring blocking method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105471857A true CN105471857A (en) | 2016-04-06 |
Family
ID=55609128
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510802325.6A Pending CN105471857A (en) | 2015-11-19 | 2015-11-19 | Power grid terminal invalid external connection monitoring blocking method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105471857A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107819787A (en) * | 2017-11-30 | 2018-03-20 | 国网河南省电力公司商丘供电公司 | One kind prevents LAN computer illegal external connection system and method |
| CN109510829A (en) * | 2018-11-21 | 2019-03-22 | 张天真 | A kind of network terminal control method |
| CN110087238A (en) * | 2019-05-13 | 2019-08-02 | 商洛学院 | A kind of information safety of mobile electronic equipment protection system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009147734A1 (en) * | 2008-06-04 | 2009-12-10 | 株式会社ルネサステクノロジ | Vehicle, maintenance device, maintenance service system, and maintenance service method |
| CN102315992A (en) * | 2011-10-21 | 2012-01-11 | 北京海西赛虎信息安全技术有限公司 | Detection method for illegal external connection |
| CN103618613A (en) * | 2013-12-09 | 2014-03-05 | 北京京航计算通讯研究所 | Network access control system |
-
2015
- 2015-11-19 CN CN201510802325.6A patent/CN105471857A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009147734A1 (en) * | 2008-06-04 | 2009-12-10 | 株式会社ルネサステクノロジ | Vehicle, maintenance device, maintenance service system, and maintenance service method |
| CN102315992A (en) * | 2011-10-21 | 2012-01-11 | 北京海西赛虎信息安全技术有限公司 | Detection method for illegal external connection |
| CN103618613A (en) * | 2013-12-09 | 2014-03-05 | 北京京航计算通讯研究所 | Network access control system |
Non-Patent Citations (2)
| Title |
|---|
| 彭晓辉: "《终端安全防护技术在网络管理中的应用研究》", 《电子技术与软件安全》 * |
| 陈然: "《基于ID网络的内网非法外联全面防护》", 《计算机与信息技术》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107819787A (en) * | 2017-11-30 | 2018-03-20 | 国网河南省电力公司商丘供电公司 | One kind prevents LAN computer illegal external connection system and method |
| CN107819787B (en) * | 2017-11-30 | 2020-10-16 | 国网河南省电力公司商丘供电公司 | System and method for preventing illegal external connection of local area network computer |
| CN109510829A (en) * | 2018-11-21 | 2019-03-22 | 张天真 | A kind of network terminal control method |
| CN110087238A (en) * | 2019-05-13 | 2019-08-02 | 商洛学院 | A kind of information safety of mobile electronic equipment protection system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Khatoun et al. | Cybersecurity and privacy solutions in smart cities | |
| Wang et al. | Security issues and challenges for cyber physical system | |
| Goel et al. | Security challenges in smart grid implementation | |
| CN106789015B (en) | Intelligent power distribution network communication safety system | |
| CN103269332B (en) | Safeguard system for power secondary system | |
| CN104184735A (en) | Electric marketing mobile application safe protection system | |
| CN101588360A (en) | Associated equipment and method for internal network security management | |
| CN106657011A (en) | Business server authorized secure access method | |
| CN105337971A (en) | Electric power information system cloud safety guarantee system and implementation method thereof | |
| Abouzakhar | Critical infrastructure cybersecurity: A review of recent threats and violations | |
| CN107276983A (en) | A kind of the traffic security control method and system synchronous with cloud based on DPI | |
| CN108200073B (en) | Sensitive data safety protection system | |
| CN103780584A (en) | Cloud computing-based identity authentication fusion method | |
| CN105471857A (en) | Power grid terminal invalid external connection monitoring blocking method | |
| Ten et al. | Cybersecurity for electric power control and automation systems | |
| CN106534110B (en) | Trinity transformer substation secondary system safety protection system framework system | |
| CN103491054A (en) | SAM access system | |
| Liang et al. | A study on cyber security of smart grid on public networks | |
| CN202111721U (en) | Network information security assurance system | |
| Pollet et al. | All hazards approach for assessing readiness of critical infrastructure | |
| CN202998166U (en) | Access device | |
| CN202918335U (en) | Fusion type identity authentication device based on cloud computing | |
| Alquhayz et al. | Security management system for 4G heterogeneous networks | |
| CN203233445U (en) | High security internal network information safety system | |
| CN107220743A (en) | Financial management system for monitoring |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160406 |