CN105635047A - File-level access admission safety control system based on firewall - Google Patents
File-level access admission safety control system based on firewall Download PDFInfo
- Publication number
- CN105635047A CN105635047A CN201410589967.8A CN201410589967A CN105635047A CN 105635047 A CN105635047 A CN 105635047A CN 201410589967 A CN201410589967 A CN 201410589967A CN 105635047 A CN105635047 A CN 105635047A
- Authority
- CN
- China
- Prior art keywords
- file
- control system
- safety control
- certification
- fire wall
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a file-level access admission safety control system based on a firewall. The file-level access admission safety control system is characterized by comprising the firewall with an admission function, a BS architecture administrator interface, a plug-in grade client and an encryption lock. The file-level access admission safety control system based on the firewall settles multiple problems such as no function in application caused by gradually improved safety consciousness and insufficient flexibility.
Description
Technical field
The present invention relates to a kind of file-level based on fire wall and access access safety control system.
Background technology
Network admittance controls day by day to have obtained the attention of enterprise customer, because only that guarantee that the equipment netting interior access is credible and controlled, could effectively guarantee network security. But access product on the market is both for device level, say, that user may only be controlled and have access to designated equipment, and disk or even file cannot be pin-pointed to. For existing product on the market, no matter being terminal access equipment or application access equipment, fine granularity is all more wide in range.
Therefore, prior art needs to be improved.
Summary of the invention
The present invention is to solve the deficiencies in the prior art, it is provided that a kind of file-level based on fire wall accesses access safety control system, safety consciousness and motility that solution strengthens day by day cause using many-sided problems such as performing practically no function not.
For solving above-mentioned technical problem, a kind of file-level based on fire wall that the embodiment of the present invention provides accesses access safety control system, adopts the following technical scheme that
A kind of file-level based on fire wall accesses access safety control system, it is characterised in that with the fire wall of access function, B/S framework administrator interfaces, plug-in unit level client and softdog.
Specifically, fire wall must be turned on IP-MAC binding function, and native system software client is pushed to each device end with safety insert form.
Specifically, software client certification comprises Three models, and one is IP-MAC certification, is secondly user name certification, is finally hybrid authentication pattern.
Specifically, system default is IP-MAC certification mode; User name certification is fixed according to softdog, if being not inserted into softdog, even this pattern also can be switched to IP-MAC certification; Hybrid authentication is the authentication mode that level of security is the highest, it can be ensured that equipment is consistent with user of service.
Specifically, softdog under user name certification mode is identified certification by appearance serial number, corresponding user name can be write by manager in the way of remarks, and in this mode, system supports single user and multi-user login (can insert one or more softdog).
Specifically, client can be detected the machine hardware information, file resource storehouse, be added attribute tags.
Specifically, hardware information includes IP, MAC, softdog serial number (under user name certification mode and mixed model) etc., file resource storehouse not only includes file directory level relation, can also log file operation information (increase newly, amendment, delete) and control from equipment, disk, file clips to the read-only of file-level and amendment operation (according to the strategy that manager sets); The attribute tags added is the motility in order to increase file operation, and this function needs through examination & approval stream, just ratify to come into force through manager. Such as, it is possible to additive attributes is the file of " disclosing ", arranging it can be accessed by all Intranet users, if this attribute passes through, that even without by the user of IP-MAC certification it can also be seen that this file.
A kind of file-level based on fire wall provided by the invention accesses access safety control system, and safety consciousness and motility that solution strengthens day by day cause using many-sided problems such as performing practically no function not.
Accompanying drawing explanation
Fig. 1 is the deployment effect schematic diagram that a kind of file-level based on fire wall described in the embodiment of the present invention accesses access safety control system.
Fig. 2 is the file attribute approval process schematic diagram described in the embodiment of the present invention.
Fig. 3 is the equipment access schematic diagram described in the embodiment of the present invention.
Detailed description of the invention
The file-level access access safety control system based on the fire wall embodiment of the present invention being supplied to below in conjunction with accompanying drawing is described in detail.
As shown in Figure 1, 2, 3, a kind of file-level based on fire wall that the embodiment of the present invention provides accesses access safety control system, it is characterised in that with the fire wall of access function, B/S framework administrator interfaces, plug-in unit level client and softdog.
Specifically, fire wall must be turned on IP-MAC binding function, and native system software client is pushed to each device end with safety insert form.
Specifically, software client certification comprises Three models, and one is IP-MAC certification, is secondly user name certification, is finally hybrid authentication pattern.
Specifically, system default is IP-MAC certification mode; User name certification is fixed according to softdog, if being not inserted into softdog, even this pattern also can be switched to IP-MAC certification; Hybrid authentication is the authentication mode that level of security is the highest, it can be ensured that equipment is consistent with user of service.
Specifically, softdog under user name certification mode is identified certification by appearance serial number, corresponding user name can be write by manager in the way of remarks, and in this mode, system supports single user and multi-user login (can insert one or more softdog).
Specifically, client can be detected the machine hardware information, file resource storehouse, be added attribute tags.
Specifically, hardware information includes IP, MAC, softdog serial number (under user name certification mode and mixed model) etc., file resource storehouse not only includes file directory level relation, can also log file operation information (increase newly, amendment, delete) and control from equipment, disk, file clips to the read-only of file-level and amendment operation (according to the strategy that manager sets); The attribute tags added is the motility in order to increase file operation, and this function needs through examination & approval stream, just ratify to come into force through manager. Such as, it is possible to additive attributes is the file of " disclosing ", arranging it can be accessed by all Intranet users, if this attribute passes through, that even without by the user of IP-MAC certification it can also be seen that this file.
Mainly include the realization of following functions:
1. the restriction access to outer net;
2. the restriction access to Intranet: include specified machine, disk, file, file-level;
3. access and control: include increasing, delete, change, look into (user equipped with client can check the file directory tree that can access);
4. support that multi-user logs in (under user name certification mode) with equipment simultaneously, it is possible to the problem solving sole user's insufficient permission so that system is more flexible;
5. foreign subscriber access region (being accurate to file-level) etc. is set;
6. log recording.
A kind of file-level based on fire wall provided by the invention accesses access safety control system, and safety consciousness and motility that solution strengthens day by day cause using many-sided problems such as performing practically no function not.
The above; being only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, any those familiar with the art is in the technical scope that the invention discloses; change can be readily occurred in or replace, all should be encompassed within protection scope of the present invention. Therefore, protection scope of the present invention should described be as the criterion with scope of the claims.
Claims (7)
1. the file-level based on fire wall accesses access safety control system, it is characterised in that with the fire wall of access function, B/S framework administrator interfaces, plug-in unit level client and softdog.
2. the file-level based on fire wall according to claim 1 accesses access safety control system, it is characterised in that must be turned on IP-MAC binding function in fire wall, and with safety insert form, native system software client is pushed to each device end.
3. the file-level based on fire wall according to claim 1 accesses access safety control system, it is characterised in that software client certification comprises Three models, and one is IP-MAC certification, is secondly user name certification, is finally hybrid authentication pattern.
4. the file-level based on fire wall according to claim 3 accesses access safety control system, it is characterised in that system default is IP-MAC certification mode; User name certification is fixed according to softdog, if being not inserted into softdog, even this pattern also can be switched to IP-MAC certification; Hybrid authentication is the authentication mode that level of security is the highest, it can be ensured that equipment is consistent with user of service.
5. the file-level based on fire wall according to claim 3 or 4 accesses access safety control system, it is characterized in that, softdog under user name certification mode is identified certification by appearance serial number, corresponding user name can be write by manager in the way of remarks, in this mode, system supports single user and multi-user login (can insert one or more softdog).
6. the file-level based on fire wall according to claim 1 accesses access safety control system, it is characterised in that client can be detected the machine hardware information, file resource storehouse, be added attribute tags.
7. the file-level based on fire wall according to claim 1 accesses access safety control system, it is characterized in that, hardware information includes IP, MAC, softdog serial number (under user name certification mode and mixed model) etc., file resource storehouse not only includes file directory level relation, information (newly-increased, to revise, deletion etc.) can also be operated and controls from equipment by log file, disk, file clips to the read-only of file-level and amendment operation (according to the strategy that manager sets); The attribute tags added is the motility in order to increase file operation, this function needs through examination & approval stream, ratify just can come into force through manager, such as, can additive attributes be the file of " disclosing ", arrange it to be accessed by all Intranet users, if this attribute passes through, that even without by the user of IP-MAC certification it can also be seen that file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410589967.8A CN105635047A (en) | 2014-10-29 | 2014-10-29 | File-level access admission safety control system based on firewall |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410589967.8A CN105635047A (en) | 2014-10-29 | 2014-10-29 | File-level access admission safety control system based on firewall |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105635047A true CN105635047A (en) | 2016-06-01 |
Family
ID=56049553
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410589967.8A Pending CN105635047A (en) | 2014-10-29 | 2014-10-29 | File-level access admission safety control system based on firewall |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105635047A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109802920A (en) * | 2017-11-16 | 2019-05-24 | 杭州中威电子股份有限公司 | A kind of equipment access hybrid authentication system for security industry |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1178951A (en) * | 1997-07-23 | 1998-04-15 | 北京天融信技贸有限责任公司 | Special grouped filter fire-proof wall |
| CN1509002A (en) * | 2002-12-13 | 2004-06-30 | 联想(北京)有限公司 | Firewall link layer and internet protocol layer address binding method |
| CN101364984A (en) * | 2008-08-13 | 2009-02-11 | 西安鼎蓝通信技术有限公司 | Method for guarantee safety of electronic file |
| CN102156844A (en) * | 2011-04-22 | 2011-08-17 | 南京邮电大学 | Implementation method of electronic document on-line/off-line safety management system |
| CN202059438U (en) * | 2011-05-18 | 2011-11-30 | 湖南省烟草公司长沙市公司 | Information protection system of enterprise computer terminal |
| CN102299920A (en) * | 2011-08-01 | 2011-12-28 | 句容市盛世软件有限公司 | Electronic document safety management system |
-
2014
- 2014-10-29 CN CN201410589967.8A patent/CN105635047A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1178951A (en) * | 1997-07-23 | 1998-04-15 | 北京天融信技贸有限责任公司 | Special grouped filter fire-proof wall |
| CN1509002A (en) * | 2002-12-13 | 2004-06-30 | 联想(北京)有限公司 | Firewall link layer and internet protocol layer address binding method |
| CN101364984A (en) * | 2008-08-13 | 2009-02-11 | 西安鼎蓝通信技术有限公司 | Method for guarantee safety of electronic file |
| CN102156844A (en) * | 2011-04-22 | 2011-08-17 | 南京邮电大学 | Implementation method of electronic document on-line/off-line safety management system |
| CN202059438U (en) * | 2011-05-18 | 2011-11-30 | 湖南省烟草公司长沙市公司 | Information protection system of enterprise computer terminal |
| CN102299920A (en) * | 2011-08-01 | 2011-12-28 | 句容市盛世软件有限公司 | Electronic document safety management system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109802920A (en) * | 2017-11-16 | 2019-05-24 | 杭州中威电子股份有限公司 | A kind of equipment access hybrid authentication system for security industry |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103413089B (en) | Mobile terminal and the method realizing dual system thereof | |
| US9161226B2 (en) | Associating services to perimeters | |
| CN105787373B (en) | Android terminal data leakage prevention method in a kind of mobile office system | |
| CN105991734B (en) | A kind of cloud platform management method and system | |
| CN106446638A (en) | Cloud computing operation system security access method and device | |
| TWI691861B (en) | Resource permission management method and device | |
| CN104363211A (en) | Method and system for managing authority | |
| CN102438047A (en) | Dynamic adaptive method of safety of cloud service under mobile internet environment | |
| CN104469762A (en) | User grading control system of 3G/WIFI wireless router | |
| CN104320389A (en) | Fusion identify protection system and fusion identify protection method based on cloud computing | |
| CN107315950B (en) | Automatic division method for minimizing authority of cloud computing platform administrator and access control method | |
| CN109586963A (en) | A kind of cloud emulation platform safe-guard system, server, terminal and method | |
| CN105813072A (en) | Terminal authentication method, system and cloud server | |
| CN102170451A (en) | VPN (Virtual Private Network) client access method and device | |
| CN108200073B (en) | Sensitive data safety protection system | |
| CN106453425A (en) | Multiuser right management method and multiuser right management system for using host plugin | |
| CN104239778B (en) | The ciphering startup method of application based on android system | |
| CN105490987A (en) | Network integration identity authentication method | |
| CN104866774B (en) | The method and system of account rights management | |
| US20190080084A1 (en) | Virtual Network Function Audit Method and Apparatus | |
| CN105635047A (en) | File-level access admission safety control system based on firewall | |
| CN104902480A (en) | Smartphone WIFI grading management method | |
| CN104463510A (en) | Finance management system | |
| CN103377055B (en) | Method and device for program running in mobile terminal | |
| CN104506520A (en) | MIPS (Million Instructions Per Second) platform Web access strategy control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160601 |