CN105491007B - A kind of video monitoring system safety permission method and device - Google Patents
A kind of video monitoring system safety permission method and device Download PDFInfo
- Publication number
- CN105491007B CN105491007B CN201510786695.5A CN201510786695A CN105491007B CN 105491007 B CN105491007 B CN 105491007B CN 201510786695 A CN201510786695 A CN 201510786695A CN 105491007 B CN105491007 B CN 105491007B
- Authority
- CN
- China
- Prior art keywords
- message
- access
- headend equipment
- flow
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
Abstract
The invention discloses a kind of video monitoring system safety permission method and devices, access switch applied to access headend equipment, the method receives the message that accessed equipment is sent, permit compliance with prior learning to the logon message of headend equipment pass through, block other messages;After monitoring that accessed equipment completes entire registration process, the stage is controlled into state, the message of the equipment to being accessed is monitored;Receive meet the message without flow business model that prior learning arrives when, controlled according to no flow Service control strategy, receive meet prior learning to the message for having flow business model when, controlled according to there is flow Service control strategy.The inventive system comprises Access Management, monitoring modular, control module and study modules.The present invention method and device, can effective identification terminal equipment, ensured the safety of user network port.
Description
Technical field
The present invention relates to a kind of video monitoring system peaces in technical field of video monitoring more particularly to video monitoring system
Full access method and device.
Background technology
Video monitoring is the important component of safety and protection system, and video monitoring is intuitive with it, accurate, in time and information
It is abundant in content and be widely used in many occasions.In recent years, with computer, network and image procossing, transmission technology fly
Speed development, the universalness trend of video monitoring are more and more obvious.The headend equipment of video monitoring system has been deployed in city at present
Each corner in city, many headend equipments need to be deployed in the places such as road both sides, mountain top, roof, and this requires the IP of user
Network also extends into each corner in city.
Since the IP network of user extends to each corner in city, the safety of IP network port is difficult to carry out pipe
It manages, hacker accesses user network by being deployed in the access interface in roadside in order to prevent, threatens the safety of user network, user is just
Various authentications, access registrar must be carried out to the terminal of access.
The many headend equipments of the prior art carry out authentication using 802.1x, and the only successful equipment of certification can just connect
Enter.However many headend equipment IPC do not support 802.1x, and all IPC can not be required all to be authenticated by 802.1x.Separately
Outer IPC is after by 802.1x certifications, and access device all no longer controls any data of IPC, if in IPC after virus
It accesses again, it will whole guipure is threatened.
Another scheme of the prior art is to carry out ACL according to control message, the media stream message of IPC using access device
Filtering, abandons the port numbers message of non-controlling message, media stream message.However since headend equipment IPC supports are more
Protocol type is planted, for example national standard, ONVIF, DB33, enterprise's proprietary protocol, SDK calling etc., the diversity of headend equipment agreement
Mean that access device needs to do customized development, cognition is distinguished to various agreements, to the more demanding of access device.Simultaneously
For the program after the relieving of media flow port, attack equipment still can be by squeezing into a large amount of media stream message data to network shape
At threat, security threat can not be thoroughly eliminated.
Invention content
The object of the present invention is to provide a kind of video monitoring system safety permission method and device, the access to headend equipment
It is controlled, eliminates the security risk that illegal invasion is brought.
To achieve the goals above, technical solution of the present invention is as follows:
A kind of video monitoring system safety permission method is applied to the access switch of access headend equipment, the method
Including:
The message that accessed equipment is sent is received, the logon message for the headend equipment IPC that prior learning arrives is permitted compliance with
Pass through, blocks other messages;
After monitoring that accessed equipment completes entire registration process, the stage is controlled into state, is set to what is accessed
Standby message is monitored;
Receive meet the message without flow business model that prior learning arrives when, according to no flow Service control strategy
Controlled, receive meet prior learning to the message for having flow business model when, according to there is flow Service control plan
Slightly controlled.
Further, the method further includes step:
Learn headend equipment service condition, preserves the business model of each service condition.
Specifically, the study headend equipment service condition, preserves the business model of each service condition, including:
Headend equipment is accessed, after the interface for perceiving access headend equipment has equipment access, judges whether the interface has
Service condition study is carried out, next step is entered if not, otherwise terminates learning process;
The MAC Address for the headend equipment that the interface is accessed is obtained, and the MAC Address is reported to video management platform,
Initially enter interim access stage and countdown;
In the interim access stage, the message to meeting the message number of setting and the size of flow allows to pass through, if
Before the countdown of access stage terminates, video management platform does not receive the logon message of the headend equipment of the MAC Address, then notifies
Terminate the interim access stage, into port blocked state, the interim access stage is entered back into after blocking a period of time, if in access
Before stage countdown terminates, video management platform receives the headend equipment logon message of the MAC Address and reaches the standard grade, then notice terminates
The interim access stage learns the stage into service condition;
Learn into service condition, learns each service condition of headend equipment, and establish corresponding business model.
Further, the no flow Service control strategy includes:
Limited amount without flow service message, is arranged message average number and number of bursts must not exceed defined threshold
Value;
The interaction of no flow service message must be two-way, do not allow occur unidirectionally continuously transmit more than specified quantity with
On message;
The directionality of mutual message has to comply with the service message direction that vocational study level-learning arrives;
Further, described to there is the flow Service control strategy to include:
Before flow transmission, it is necessary to there is corresponding control signaling to interact, and control signaling must be video management platform master
It is dynamic to initiate;
After receiving medium stream request message, record current media stream is to open by state, that is, allows to pass through;
After receiving Media Stream and stopping message, record current media stream is to forbid by state, i.e., does not allow to pass through;
The direction of media data flow has to comply with the direction obtained in the study stage;
Single media stream data bandwidth must not exceed the maximum Media Stream bandwidth in the channel;
Same Media Stream quantity must not exceed one;
After the business that receives stops control signaling, the Media Stream is prevented to pass through.
The invention also provides a kind of video monitoring system safety permission device, the access for being applied to access headend equipment is handed over
It changes planes, described device includes:
Access Management, the message sent for receiving accessed equipment, permits compliance with the front end that prior learning arrives
The logon message of device IP C passes through, and blocks other messages;
Monitoring modular, for after monitoring that accessed equipment completes entire registration process, the stage to be controlled into state,
The message of equipment to being accessed is monitored;
Control module, for receive meet the message without flow business model that prior learning arrives when, according to no stream
Amount Service control strategy is controlled, receive meet prior learning to the message for having flow business model when, according to having
Flow Service control strategy is controlled.
Further, described device further includes study module, for learning headend equipment service condition, preserves each business shape
The business model of state.
The study module is in study headend equipment service condition, when preserving the business model of each service condition, executes such as
Lower operation:
Headend equipment is accessed, after the interface for perceiving access headend equipment has equipment access, judges whether the interface has
Service condition study is carried out, next step is entered if not, otherwise terminates learning process;
The MAC Address for the headend equipment that the interface is accessed is obtained, and the MAC Address is reported to video management platform,
Initially enter interim access stage and countdown;
In the interim access stage, the message to meeting the message number of setting and the size of flow allows to pass through, if
Before the countdown of access stage terminates, video management platform does not receive the logon message of the headend equipment of the MAC Address, then notifies
Terminate the interim access stage, into port blocked state, the interim access stage is entered back into after blocking a period of time, if in access
Before stage countdown terminates, video management platform receives the headend equipment logon message of the MAC Address and reaches the standard grade, then notice terminates
The interim access stage learns the stage into service condition;
Learn into service condition, learns each service condition of headend equipment, and establish corresponding business model.
A kind of video monitoring system safety permission method and device proposed by the present invention, before being learnt by safety permission device
The service condition of end equipment, and model is established according to the service condition learnt, after receiving the message of input, carry out corresponding
Control, to realize the control to the terminal of access.The present invention does not need headend equipment IPC and supports safety permission function, peace
Full access device need not also be directed to certain specific agreement, only can be carried out intercepting by self study, can effectively identify
Terminal device has ensured the safety of user network port.
Description of the drawings
Fig. 1 is video monitoring system networking schematic diagram of the present invention;
Fig. 2 is video monitoring system safety permission method flow diagram of the present invention;
Fig. 3 is safety permission apparatus structure schematic diagram of the present invention.
Specific implementation mode
Technical solution of the present invention is described in further details with reference to the accompanying drawings and examples, following embodiment is not constituted
Limitation of the invention.
The general thought of the present invention is that safety standard is arranged between the headend equipment of video monitoring system and the network of user
Enter mechanism, carry out management and control to the terminal accessed by user front end port ensures the net of user to prevent the access of illegal terminal
Network safety.
As shown in Figure 1, video monitoring system includes headend equipment, safety permission device and video management platform.This reality
It is web camera IPC or encoder to apply a headend equipment, and video management platform is video monitoring background devices, such as including regarding
Frequency management server, media server, storage device and client etc..Safety permission device can be access switch, also may be used
To be special equipment, headend equipment is linked into video management platform by safety permission device.
As shown in Fig. 2, a kind of video monitoring system safety permission method of the present embodiment, the access for accessing headend equipment exchanges
Machine, the safety permission method include the following steps:
Step S1, the message that accessed equipment is sent is received, the registration for the headend equipment that prior learning arrives is permitted compliance with
Message passes through, and blocks other messages.
Step S2, after monitoring that accessed equipment completes entire registration process, the stage is controlled into state, to being connect
The message of the equipment entered is monitored.
Step S3, receive meet the message without flow business model that prior learning arrives when, according to no flow business
Control strategy is controlled, receive meet prior learning to the message for having flow business model when, according to there is flow industry
Business control strategy is controlled.
As it can be seen that the safety permission method of the present embodiment needs in advance to carry out the service condition after headend equipment IPC accesses
Study, preserves the business model of each service condition.Learn in advance to correctly accessing the service condition after IPC, so as to
The access device of non-IPC is controlled during subsequent control, such as illegal other-end is controlled, to anti-
Only other-end or the hungry IPC being tampered are linked into user network.
The present embodiment safety permission device is as follows to the learning process of IPC service conditions:
Step F1, headend equipment is accessed, after the interface for perceiving access headend equipment has equipment access, judges the interface
Whether have and carry out service condition study, next step is entered if not, otherwise terminates learning process.
Step F2, the MAC Address for the headend equipment that the interface is accessed is obtained, and the MAC Address is reported to video tube
Platform initially enters interim access stage and countdown.
Step F3, in the interim access stage, allow to pass through to meeting the message number of setting and the message of flow, if
Before the countdown of access stage terminates, video management platform does not receive the logon message of the headend equipment of the MAC Address, then notifies
Terminate the interim access stage, into port blocked state, the interim access stage is entered back into after blocking a period of time, if in access
Before stage countdown terminates, video management platform receives the headend equipment logon message of the MAC Address and reaches the standard grade, then notice terminates
The interim access stage learns the stage into service condition.
Step F4, learn into service condition, learn each service condition of headend equipment, and establish corresponding business mould
Type.
The present embodiment by meet the message number of setting and the message of flow allow by stage be known as interim access
Stage.Any message is allowed to pass through in the case where the interim access stage is to meeting the message number of setting and the size of flow,
Such as the message number set is 10/S, the uninterrupted set is 100kbits/s.Interim access rank is arranged in the present embodiment
Section, can make logon message be passed through, to complete legal registration process, if illegal logon message, into
Row obstruction, can effectively prevent the attack of other invalid packets.
Specifically, after the interface for perceiving access headend equipment has equipment access, judge whether the interface has into industry
Business state learns.The method of judgement is:If do not learnt, the control strategy of this interface is empty, if this connects
Service condition study has been carried out before mouthful, then has had control strategy under the interface, for example has flow business and without flow business
Control strategy.
To after video management platform receives the headend equipment logon message of the MAC Address and reaches the standard grade, notify that safety is accurate
Enter device and terminate the interim access stage, learns the stage into service condition.The service condition study stage is access headend equipment
The stage that interface learns each service condition of headend equipment, learning process are as follows:
A, registration keepalive state study:Logon message is the first time mutual message of headend equipment and video management platform,
Keep Alive Packet is generally periodic duplicate message.
Video management platform stops all business of the front end, and headend equipment is notified to be restarted;
The interface of video management platform notice access headend equipment enters registration keep-alive vocational study state;
The interface of access headend equipment starts to capture the transceiving data message of the headend equipment access interface, and to the message
It is recorded;
Video management platform waits for a period of time after (for example five minutes), and the interface of notice access headend equipment terminates to register
Keep-alive vocational study state;
The interface of access headend equipment analyzes the message of crawl, analyzes five-tuple (source IP of message, the mesh of message
IP, protocol type, source port number, destination slogan), the direction of the periodicity of message, registration/keep Alive Packet, establish registration
Keep-alive business model.
B, storage state learns:Firstly the need of the control signaling for having storage, then just there is the data message of storage.
Video management platform stops all business of the headend equipment;
The interface of video management platform notice access headend equipment enters first time storage service learning state;
Video management platform is that the headend equipment configures storage plan;
The interface of access headend equipment starts to capture the transceiving data message of the headend equipment access interface, and to the message
It is recorded;
Video management platform waits for a period of time after (for example five minutes), deletes storage service;
The interface of video management platform notice access headend equipment terminates first time storage service learning state;
It repeats aforesaid operations 3 times, and terminates;
The interface of access headend equipment analyzes the message of crawl, according to five-tuple (source IP of message, the mesh of message
IP, protocol type, source port number, destination slogan) classify, remove registration keep-alive service message, to remaining storage
The message format of message is analyzed, and storage state model is established.
C, live service condition study:Firstly the need of there is live control signaling, then just there is the data message of storage.
Video management platform stops all business of the headend equipment;
The interface of video management platform notice access headend equipment enters live vocational study state for the first time;
The interface of access headend equipment starts to capture the transceiving data message of the headend equipment access interface, and to the message
It is recorded;
Video management platform carries out live operation to the headend equipment;
Video management platform waits for a period of time after (for example five minutes), stops the fact business;
The interface of notice access headend equipment terminates live vocational study state for the first time;
It repeats aforesaid operations 3 times, and terminates;
The message of interface crawl to accessing headend equipment is analyzed, according to five-tuple (source IP of message, the mesh of message
IP, protocol type, source port number, destination slogan) classify, remove registration keep-alive service message, to remaining fact
The message format of message is analyzed, and live service condition model is established.
D, other known business states learn, and for example the functions such as cradle head control, alarm business, speech talkback are with same side
Formula is learnt and establishes model respectively.
F, normal operation mode vocational study.
The interface of video management platform notice access headend equipment enters normal operation mode vocational study;
The interface of access headend equipment starts to capture the transceiving data message of the headend equipment access interface, and to the message
It is recorded;
Video management platform itself does not do any business operation, and equipment is in normal operation mode;
After the interface study a period of time for accessing headend equipment (for example 24 hours), stop normal operation mode business
It practises, the message of record is analyzed, the business model learnt is removed, unknown business is carried out to remaining data message
Analysis, establishes unknown service condition model.
After safety permission device normal operation mode vocational study, notice video management platform winding-up learns rank
Section, initially enters the Service control stage.After video management platform receives the message, notice headend equipment is restarted.
After the study of safety permission device finishing service state, each business model learnt is preserved.Safety is accurate at this time
Entering device can place at the scene for accessing headend equipment, during use, due to front safety permission device
Learn the registration keep-alive business model to headend equipment, then first after receiving the message that accessed equipment is sent, allows
Meet prior learning to the logon message of headend equipment pass through, block other messages.If the logon message of institute's access device
It does not comply with, then keeps the prevention to institute's access device.If the logon message of institute's access device meets, monitoring to be connect
After the equipment entered completes entire registration process, the stage is controlled into state, the state control stage is the message to the equipment of access
The stage for being monitored and controlling.Hereafter headend equipment can be normally accessed, safety permission control is carried out to the headend equipment of access
System.Receive meet the message without flow business model that prior learning arrives when, carried out according to no flow Service control strategy
Control, receive meet prior learning to the message for having flow business model when, according to have flow Service control strategy into
Row control.If what it is to access is normal headend equipment, ensure being normally carried out for business, if access is illegal
Equipment is then blocked.Specifically:
For the keep Alive Packet and other messages without flow business in registration keep-alive business model, other are without flow business
The business of not flow such as example to alert, it is commonly referred to as no flow business model, is controlled according to no flow Service control strategy
System, the criterion of control are:
Limited amount without flow service message, is arranged message average number and number of bursts must not exceed defined threshold
Value;Such as 5/second are averagely must not exceed, burst must not exceed 10/second;
The interaction of no flow service message must be that two-way (headend equipment issues video management platform or video tube
Platform issues headend equipment), do not allow occur unidirectionally continuously transmitting the message more than more than specified quantity, such as 10;
The directionality of mutual message has to comply with the service message direction that vocational study level-learning arrives.
The business for having flow for storage, fact, voice etc. is known as having flow business model, according to there is flow business control
Strategy processed is controlled, and the criterion of control is:
Before flow transmission, it is necessary to there is corresponding control signaling to interact, and control signaling must be video management platform master
It is dynamic to initiate;
For safety permission device after receiving medium stream request message, record current media stream is to open by state,
Allow to pass through;For safety permission device after receiving Media Stream and stopping message, record current media stream is to prohibit by state
Only, i.e., do not allow to pass through;
The direction of media data flow has to comply with the direction obtained in the study stage;
Single media stream data bandwidth must not exceed the maximum Media Stream bandwidth in the channel, for example 16Mbps;
Same Media Stream quantity must not exceed one, on the basis of for example live stream has built up, and not allow to ask again
Article 2 live stream;
After the business that receives stops control signaling, the Media Stream is prevented to pass through.
To only allow the service condition message of the legal headend equipment learnt to pass through, learn if do not met
To business model then prevented, effectively prevent headend equipment to be tampered or the illegal accessing user's network of other illegal terminals.
As shown in figure 3, a kind of video monitoring system safety permission device of the present embodiment, can be integrated in access switch,
Can also be special equipment, which includes:
Access Management, the message sent for receiving accessed equipment, permits compliance with the front end that prior learning arrives
The logon message of equipment passes through, and blocks other messages;
Monitoring modular, for after monitoring that accessed equipment completes entire registration process, the stage to be controlled into state,
The message of equipment to being accessed is monitored;
Control module, for receive meet the message without flow business model that prior learning arrives when, according to no stream
Amount Service control strategy is controlled, receive meet prior learning to the message for having flow business model when, according to having
Flow Service control strategy is controlled.
Further, which further includes study module, for learning headend equipment service condition, preserves each service condition
Business model.
Accordingly with the above method, study module preserves the business of each service condition in study headend equipment service condition
When model, following operation is executed:
Headend equipment is accessed, after the interface for perceiving access headend equipment has equipment access, judges whether the interface has
Service condition study is carried out, next step is entered if not, otherwise terminates learning process;
The MAC Address for the headend equipment that the interface is accessed is obtained, and the MAC Address is reported to video management platform,
Initially enter interim access stage and countdown;
In the interim access stage, the message to meeting the message number of setting and the size of flow allows to pass through, if
Before the countdown of access stage terminates, video management platform does not receive the logon message of the headend equipment of the MAC Address, then notifies
Terminate the interim access stage, into port blocked state, the interim access stage is entered back into after blocking a period of time, if in access
Before stage countdown terminates, video management platform receives the headend equipment logon message of the MAC Address and reaches the standard grade, then notice terminates
The interim access stage learns the stage into service condition;
Learn into service condition, learns each service condition of headend equipment, and establish corresponding business model.
The above embodiments are merely illustrative of the technical solutions of the present invention rather than is limited, without departing substantially from essence of the invention
In the case of refreshing and its essence, those skilled in the art make various corresponding changes and change in accordance with the present invention
Shape, but these corresponding change and deformations should all belong to the protection domain of appended claims of the invention.
Claims (6)
1. a kind of video monitoring system safety permission method is applied to the access switch of access headend equipment, which is characterized in that
The method includes:
Receive the message that accessed equipment is sent, permit compliance with prior learning to the logon message of headend equipment pass through, hinder
Fill in other messages;
After monitoring that accessed equipment completes entire registration process, the stage is controlled into state, to the equipment that is accessed
Message is monitored;
Receive meet the message without flow business model that prior learning arrives when, carried out according to no flow Service control strategy
Control, receive meet prior learning to the message for having flow business model when, according to have flow Service control strategy into
Row control;
Wherein, the no flow Service control strategy includes:
Limited amount without flow service message, is arranged message average number and number of bursts must not exceed defined threshold value;
The interaction of no flow service message must be two-way, not allow to occur unidirectionally continuously transmitting more than more than specified quantity
Message;
The directionality of mutual message has to comply with the service message direction that vocational study level-learning arrives;
Described have the flow Service control strategy to include:
Before flow transmission, it is necessary to there is corresponding control signaling to interact, and control signaling must be that video management platform is actively sent out
It rises;
After receiving medium stream request message, record current media stream is to open by state, that is, allows to pass through;
After receiving Media Stream and stopping message, record current media stream is to forbid by state, i.e., does not allow to pass through;
The direction of media data flow has to comply with the direction obtained in the study stage;
The maximum Media Stream bandwidth in channel where single media stream data bandwidth must not exceed;
Same Media Stream quantity must not exceed one;
After the business that receives stops control signaling, the Media Stream is prevented to pass through.
2. safety permission method according to claim 1, which is characterized in that the method further includes step:
Learn headend equipment service condition, preserves the business model of each service condition.
3. safety permission method according to claim 2, which is characterized in that the study headend equipment service condition is protected
The business model of each service condition is deposited, including:
Headend equipment is accessed, after the interface for perceiving access headend equipment has equipment access, judges whether the interface has progress
Service condition learns, and next step is entered if not, otherwise terminates learning process;
The MAC Address for the headend equipment that the interface is accessed is obtained, and the MAC Address is reported to video management platform, is started
Into interim access stage and countdown;
In the interim access stage, the message to meeting the message number of setting and the size of flow allows to pass through, if in access
Before stage countdown terminates, video management platform does not receive the logon message of the headend equipment of the MAC Address, then notice terminates
The interim access stage enters back into the interim access stage, if in the access stage into port blocked state after blocking a period of time
Before countdown terminates, video management platform receives the headend equipment logon message of the MAC Address and reaches the standard grade, then notifies to terminate interim
The access stage learns the stage into service condition;
Learn into service condition, learns each service condition of headend equipment, and establish corresponding business model.
4. a kind of video monitoring system safety permission device is applied to the access switch of access headend equipment, which is characterized in that
Described device includes:
Access Management, the message sent for receiving accessed equipment, permits compliance with the headend equipment that prior learning arrives
The logon message of IPC passes through, and blocks other messages;
Monitoring modular, for after monitoring that accessed equipment completes entire registration process, the stage being controlled into state, to institute
The message of the equipment of access is monitored;
Control module, for receive meet the message without flow business model that prior learning arrives when, according to no flow industry
Business control strategy is controlled, receive meet prior learning to the message for having flow business model when, according to there is flow
Service control strategy is controlled;
Wherein, the no flow Service control strategy includes:
Limited amount without flow service message, is arranged message average number and number of bursts must not exceed defined threshold value;
The interaction of no flow service message must be two-way, not allow to occur unidirectionally continuously transmitting more than more than specified quantity
Message;
The directionality of mutual message has to comply with the service message direction that vocational study level-learning arrives;
Wherein, described to there is the flow Service control strategy to include:
Before flow transmission, it is necessary to there is corresponding control signaling to interact, and control signaling must be that video management platform is actively sent out
It rises;
After receiving medium stream request message, record current media stream is to open by state, that is, allows to pass through;
After receiving Media Stream and stopping message, record current media stream is to forbid by state, i.e., does not allow to pass through;
The direction of media data flow has to comply with the direction obtained in the study stage;
The maximum Media Stream bandwidth in channel where single media stream data bandwidth must not exceed;
Same Media Stream quantity must not exceed one;
After the business that receives stops control signaling, the Media Stream is prevented to pass through.
5. safety permission device according to claim 4, which is characterized in that described device further includes study module, is used for
Learn headend equipment service condition, preserves the business model of each service condition.
6. safety permission device according to claim 5, which is characterized in that the study module is in study headend equipment industry
Business state when preserving the business model of each service condition, executes following operation:
Headend equipment is accessed, after the interface for perceiving access headend equipment has equipment access, judges whether the interface has progress
Service condition learns, and next step is entered if not, otherwise terminates learning process;
The MAC Address for the headend equipment that the interface is accessed is obtained, and the MAC Address is reported to video management platform, is started
Into interim access stage and countdown;
In the interim access stage, the message to meeting the message number of setting and the size of flow allows to pass through, if in access
Before stage countdown terminates, video management platform does not receive the logon message of the headend equipment of the MAC Address, then notice terminates
The interim access stage enters back into the interim access stage, if in the access stage into port blocked state after blocking a period of time
Before countdown terminates, video management platform receives the headend equipment logon message of the MAC Address and reaches the standard grade, then notifies to terminate interim
The access stage learns the stage into service condition;
Learn into service condition, learns each service condition of headend equipment, and establish corresponding business model.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510786695.5A CN105491007B (en) | 2015-11-13 | 2015-11-13 | A kind of video monitoring system safety permission method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510786695.5A CN105491007B (en) | 2015-11-13 | 2015-11-13 | A kind of video monitoring system safety permission method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105491007A CN105491007A (en) | 2016-04-13 |
CN105491007B true CN105491007B (en) | 2018-11-13 |
Family
ID=55677725
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510786695.5A Active CN105491007B (en) | 2015-11-13 | 2015-11-13 | A kind of video monitoring system safety permission method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105491007B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106230640B (en) * | 2016-08-30 | 2019-12-13 | 浙江宇视科技有限公司 | Security rule port configuration method and device |
CN106411852B (en) * | 2016-08-31 | 2020-01-14 | 浙江宇视科技有限公司 | Distributed terminal access control method and device |
CN109561049B (en) * | 2017-09-26 | 2021-07-20 | 浙江宇视科技有限公司 | Dynamic access method and device based on monitoring service |
CN111163040B (en) * | 2018-11-08 | 2022-06-14 | 浙江宇视科技有限公司 | Renegotiated session reestablishment method and device |
CN112543203B (en) * | 2020-12-28 | 2023-04-28 | 杭州迪普科技股份有限公司 | Terminal access method, device and system |
CN115913614A (en) * | 2022-09-19 | 2023-04-04 | 上海辰锐信息科技有限公司 | Network access device and method |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1750480A (en) * | 2005-09-29 | 2006-03-22 | 西安交大捷普网络科技有限公司 | Detecting method for illegal external connection of inner net computer |
US7808979B2 (en) * | 2006-06-26 | 2010-10-05 | Ciena Corporation | Methods and systems for packet aggregation combining connection-oriented and connection-less techniques |
CN102045309A (en) * | 2009-10-14 | 2011-05-04 | 上海可鲁系统软件有限公司 | Method and device for preventing computer from being attacked by virus |
CN102609789A (en) * | 2012-02-21 | 2012-07-25 | 复旦大学 | Information monitoring and abnormality predicting system for library |
CN102984031B (en) * | 2012-12-12 | 2015-06-10 | 浙江宇视科技有限公司 | Method and device for allowing encoding equipment to be safely accessed to monitoring and control network |
CN103888459B (en) * | 2014-03-25 | 2017-04-19 | 深信服网络科技(深圳)有限公司 | Method and device for detecting intranet intrusion of network |
CN104079575A (en) * | 2014-07-02 | 2014-10-01 | 北京奇虎科技有限公司 | Home network security management method and device and system |
-
2015
- 2015-11-13 CN CN201510786695.5A patent/CN105491007B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN105491007A (en) | 2016-04-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105491007B (en) | A kind of video monitoring system safety permission method and device | |
US5958015A (en) | Network session wall passively listening to communication session, with use of access rules, stops further communication between network devices by emulating messages to the devices | |
CN105635084B (en) | Terminal authentication apparatus and method | |
CN108737447B (en) | User datagram protocol flow filtering method, device, server and storage medium | |
WO2018108052A1 (en) | Ddos attack defense method, system and related equipment | |
CN106850690B (en) | Honeypot construction method and system | |
CN102035793B (en) | Botnet detecting method, device and network security protective equipment | |
CN113228591B (en) | Methods, systems, and computer readable media for dynamically remediating security system entities | |
CN106130962B (en) | Message processing method and device | |
CN105577670B (en) | A kind of warning system hitting library attack | |
CN110300283B (en) | Monitoring and inspection control method and device based on video networking | |
CN105024999B (en) | A kind of IP video surveillance networks safety access method | |
CN103326882A (en) | Video monitoring network management method and video monitoring network management device | |
CN109743314A (en) | Monitoring method, device, computer equipment and its storage medium of Network Abnormal | |
US20140157364A1 (en) | Wireless network security system | |
CN106789982B (en) | Safety protection method and system applied to industrial control system | |
CN107360182A (en) | One kind is used for Embedded Active Networks system of defense and its defence method | |
CN103490964B (en) | A kind of method and device for realizing that flexible configuration terminal accesses quantity | |
CN106302537A (en) | The cleaning method of a kind of DDOS attack flow and system | |
CN107332810A (en) | Attack defense method and device, system | |
KR101881061B1 (en) | 2-way communication apparatus capable of changing communication mode and method thereof | |
CN104601578A (en) | Recognition method and device for attack message and core device | |
CN105681352B (en) | A kind of wireless network access safety management-control method and system | |
CN110830419B (en) | Access control method and device for internet protocol camera | |
CN109889552A (en) | Power marketing terminal abnormal flux monitoring method, system and Electric Power Marketing System |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |