CN105681352B - A kind of wireless network access safety management-control method and system - Google Patents
A kind of wireless network access safety management-control method and system Download PDFInfo
- Publication number
- CN105681352B CN105681352B CN201610160900.1A CN201610160900A CN105681352B CN 105681352 B CN105681352 B CN 105681352B CN 201610160900 A CN201610160900 A CN 201610160900A CN 105681352 B CN105681352 B CN 105681352B
- Authority
- CN
- China
- Prior art keywords
- radio reception
- access
- terminal device
- reception device
- mac address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A kind of wireless network access safety management-control method, comprising the following steps: access request is sent to one first radio reception device by a terminal device;By the communication information between one second radio reception device monitor terminal equipment and the first radio reception device, to obtain the relevant information of the first radio reception device and terminal device;Second radio reception device judges whether terminal device is the equipment for allowing to access, and if terminal device is not the equipment for allowing to access, the second radio reception device sends the information of a denied access to terminal device;Access request is sent to third radio reception device by terminal device;Third radio reception device judges whether terminal device is the equipment for allowing to access, and if terminal device is the equipment for allowing to access, third radio reception device allows terminal device to access internet and is monitored to the internet behavior of terminal device.Present invention further teaches a kind of wireless network access safety managing and control systems.
Description
Technical field
The present invention relates to a kind of wireless network access safety management-control method and systems.
Background technique
Currently, smart phone becomes the carrier of the various information of user, a large amount of important informations are stored.With wireless network
The fast development of (Wireless-Fidelity, Wi-Fi) technology, smart phone also become the preferred object of malicious attack.Intelligence
Can mobile phone security threat significant portion from individual privacy divulge a secret and various malice are deducted fees software.These Malwares benefit
It is attacked with the loophole of previous authority mechanism abuse permission opponent machine, What is more spies upon privacy in Background scheduling hardware.
Existing Wi-Fi security control method can only passively monitor the communication data between mobile terminal and radio reception device, and
It can not accomplish optionally to shield and filter mobile terminal accessing internet.
Summary of the invention
In view of above, it is necessary to provide a kind of wireless network access safety management-control method and system, and then optionally
It filters mobile terminal and internet is accessed by wireless network connection radio reception device.
A kind of wireless network access safety management-control method, comprising the following steps:
Access request is sent to one first radio reception device by a terminal device;
It is monitored by one second radio reception device logical between the terminal device and first radio reception device
Information is interrogated, to obtain the relevant information of first radio reception device and the terminal device;
Second radio reception device judges the terminal device according to the relevant information of the terminal device of acquisition
It whether is the equipment for allowing to access,
If the terminal device is the equipment for allowing to access, first radio reception device allows the terminal device
Access request, the terminal device access internet by first radio reception device,
If the terminal device is not the equipment for allowing to access, second radio reception device is sent out to the terminal device
Send the information of a denied access;
By second radio reception device by the relevant information of the terminal device of acquisition be sent to a third without
Line access device;
Access request is sent to the third radio reception device by the terminal device;
The third radio reception device judges whether the terminal device is the equipment for allowing to access,
If the terminal device is the equipment for allowing to access, the third radio reception device allows the terminal device
Access request, the terminal device access internet, the third radio reception device by the third radio reception device
The internet behavior of the terminal device is monitored,
If the terminal device is not the equipment for allowing to access, the third radio reception device refuses the terminal device
Access request, to forbid terminal device access internet.
A kind of system applied to above-mentioned wireless network access safety management-control method, including one first radio reception device and
One terminal device, the terminal device send access request and and first wireless access to first radio reception device
Equipment is communicated, and the wireless network access safety managing and control system further includes a wireless network control unit, the wireless network
Network control unit includes one second radio reception device and a third radio reception device, the second radio reception device monitoring
Communication information between the terminal device and first radio reception device, and be not allow to access in the terminal device
Equipment when refuse its and access internet, the third radio reception device receives the access request that the terminal device is sent,
And allow terminal device access internet, the third wireless access when the terminal device, which is, allows the equipment accessed
Equipment is monitored the internet behavior of the terminal device.
Compared to the prior art, wireless network access safety management-control method of the present invention and system wirelessly connect by described second
Enter equipment and judge whether the terminal device is the equipment for allowing to access, and by the third radio reception device to the end
The internet behavior of end equipment is monitored, and can effectively be filtered out unauthorized device and be accessed by first radio reception device
Internet, so that the terminal called for meeting condition is unimpeded, and the terminal for being unsatisfactory for condition can not access internet or its access is mutual
Networking all data all in real time monitoring among.
Detailed description of the invention
Fig. 1 is the structure chart of wireless network access safety managing and control system of the present invention.
Fig. 2 is the flow chart of wireless network access safety management-control method of the present invention.
Specific embodiment
Fig. 1 is please referred to, a kind of better embodiment of wireless network access safety managing and control system of the present invention includes one first
Radio reception device 100, a wireless network control unit 200 and a terminal device 300.The wireless network control unit 200
Including one second radio reception device 210 and a third radio reception device 220.The terminal device 300 can be by several logical
Interrogate link respectively with first radio reception device 100, second radio reception device 210 and the third wireless access
Equipment 220 communicates wirelessly.First radio reception device 100 and the third radio reception device 220 pass through respectively
Fiber broadband is connected to internet 400.
Wherein, first radio reception device 100 can be a public wireless router.
Wherein, second radio reception device 210 can be a monitoring wireless router, second radio reception device
A MAC(Media Access Control for allowing to access, media access control layer are stored in 210) address list.
Wherein, the third radio reception device 220 can be a control wireless router, the third radio reception device
A MAC Address list for allowing to access is stored in 220.
Wherein, the MAC Address list stored in first radio reception device 100 and the third radio reception device
The MAC Address list stored in 220 is different.
Wherein, the terminal device 300 can be a communication terminal, such as smart phone or tablet computer.
The terminal device 300 and first radio reception device 100, second radio reception device 210 and institute
Stating several communication links between third radio reception device 220 includes one first communication link 510, one second communication link
520, a third communication link 530, one the 4th communication link 540 and one the 5th communication link 550.
The terminal device 300 is led to via first communication link 510 and first radio reception device 100
News, the terminal device 300 can enjoy what first radio reception device 100 provided by first communication link 510
Network service, and then internet 400 is accessed by first radio reception device 100.
Second radio reception device 210 monitors the terminal device 300 and institute via second communication link 520
State the communication information between the first radio reception device 100.Second radio reception device 210 is via the third communication link
Road 530 sends denied access information to the terminal device 300.
The terminal device 300 is led to via the 4th communication link 540 and the third radio reception device 220
News, the terminal device 300 can enjoy what the third radio reception device 220 provided by the 4th communication link 540
Network service, and then internet 400 is accessed by the third radio reception device 220.
The terminal device that second radio reception device 210 will be monitored via the 5th communication link 550
Communication information between 300 and first radio reception device 100 is sent to the third radio reception device 220.
It referring to figure 2., is the terminal device using above-mentioned wireless network access safety managing and control system to access system
300 carry out security management and controls management-control method flow chart, the management-control method the following steps are included:
S201: the terminal device 300 is via first communication link 510 to first radio reception device 100
Send access request;
S202: second radio reception device 210 monitors first communication link via second communication link 520
The communication information between the terminal device 300 and first radio reception device 100 on road 510, to obtain described
The relevant information of one radio reception device 100 and the terminal device 300, such as SSID of first radio reception device 100
(Service Set Identifier, service set) information, IP(Internet Protocol, network protocol) address letter
Breath and mac address information, the mac address information and the terminal device 300 of the terminal device 300 often access described the
One radio reception device, 100 information list;
S203: second radio reception device 210 by the mac address information of the terminal device 300 monitored and
What it was stored allows the MAC Address list accessed to be compared, to judge whether the MAC Address of the terminal device 300 is being permitted
Perhaps in the MAC Address list accessed,
If the MAC Address of the terminal device 300 is in the MAC Address list for allowing to access, first wireless access
Equipment 100 allows the access request of the terminal device 300, and the terminal device 300 passes through first radio reception device
100 access internets 400, while return step S202, second radio reception device 210 continue monitoring access described first
Other terminal devices 300 of radio reception device 100,
If the MAC Address of the terminal device 300 is not in the MAC Address list for allowing to access, S204 is entered step;
S204: its SSID information is changed to and first radio reception device by second radio reception device 210
As 100, and then first radio reception device 100 that disguises oneself as;
S205: second radio reception device 210 by the mac address information of the terminal device 300 monitored and
One of them in 100 information list of the first radio reception device that the terminal device 300 often accesses is first wireless
The SSID information of access device 100 is sent to the third radio reception device 220;
S206: its SSID information is changed to and second radio reception device by the third radio reception device 220
The SSID information of 210 the first radio reception devices of one of them sent 100 is the same, and then the terminal device that disguises oneself as
300 the first radio reception devices of one of them often accessed 100;
S207: second radio reception device 210 receives the access request that the terminal device 300 is sent, and via
Second communication link 520 sends the information of a denied access to the terminal device 300,
Since the SSID information of second radio reception device 210 has been changed to and first radio reception device
As 100, the terminal device 300 can not access first radio reception device 100 again;
S208: the terminal device 300 sends access request to the third radio reception device 220;
S209: the third radio reception device 220 by the mac address information of the terminal device 300 received and
What it was stored allows the MAC Address list accessed to be compared, to judge whether the MAC Address of the terminal device 300 is being permitted
Perhaps in the MAC Address list accessed,
S210: the third radio reception device 220 allows the access request of the terminal device 300, and the terminal is set
Standby 300 access internet 400, while 220 pairs of institutes of the third radio reception device by the third radio reception device 220
The internet behavior for stating terminal device 300 is monitored,
S211: the third radio reception device 220 refuses the access request of the terminal device 300, to forbid institute
It states terminal device 300 and accesses internet 400.
Wireless network access safety management-control method of the present invention and system pass through second radio reception device 210 and judge institute
State whether terminal device 300 is the equipment for allowing to access, and by the third radio reception device 220 to the terminal device
300 internet behavior is monitored, and can effectively be filtered out unauthorized device and be accessed by first radio reception device 100
Internet 400 so that the terminal called for meeting condition is unimpeded, and the terminal for being unsatisfactory for condition can not access internet 400 or its
Access internet 400 all data all in real time monitoring among.
Claims (10)
1. a kind of wireless network access safety management-control method, comprising the following steps: wirelessly connect by a terminal device to one first
Enter equipment and sends access request;The terminal device is monitored by one second radio reception device and first wireless access is set
Communication information between standby, to obtain the relevant information of first radio reception device and the terminal device;Described second
Radio reception device judges whether the terminal device is to allow to access according to the relevant information of the terminal device of acquisition
Equipment, such as terminal device are the equipment for allowing to access, and first radio reception device allows connecing for the terminal device
Enter request, the terminal device accesses internet by first radio reception device, and such as terminal device is not to allow
The equipment of access, second radio reception device send the information of a denied access to the terminal device;Pass through described
The relevant information of the terminal device of acquisition is sent to a third radio reception device by two radio reception devices;By described
Terminal device sends access request to the third radio reception device;The third radio reception device judges that the terminal is set
Whether standby be the equipment for allowing to access, and such as terminal device is the equipment for allowing to access, and the third radio reception device is permitted
Perhaps the access request of the described terminal device, the terminal device accesses internet by the third radio reception device, described
Third radio reception device is monitored the internet behavior of the terminal device, and such as terminal device does not allow to access
Equipment, the third radio reception device refuse the access request of the terminal device, so that the terminal device be forbidden to access
Internet.
2. wireless network access safety management-control method as described in claim 1, it is characterised in that: first wireless access is set
Standby relevant information includes its SSID (Service Set Identifier, service set) information, IP (Internet
Protocol, network protocol) address information and MAC (Media Access Control, media access control layer) address information,
The relevant information of the terminal device includes that the first wireless access for often accessing of its mac address information and the terminal device is set
Standby information list.
3. wireless network access safety management-control method as claimed in claim 2, it is characterised in that: first wireless access is set
Standby includes a public wireless router, and second radio reception device includes a monitoring wireless router, and described second is wireless
A MAC Address list for allowing to access is stored in access device, the third radio reception device includes a control without route
By device, a MAC Address list for allowing to access is stored in the third radio reception device.
4. wireless network access safety management-control method as claimed in claim 3, it is characterised in that: second wireless access is set
The MAC Address list of standby interior storage is different with the MAC Address list stored in the third radio reception device.
5. wireless network access safety management-control method as claimed in claim 4, it is characterised in that: second wireless access is set
The standby MAC Address list for allowing access by the mac address information of the terminal device monitored and its storage is compared,
To judge the MAC Address of the terminal device whether in the MAC Address list for allowing to access.
6. wireless network access safety management-control method as claimed in claim 5, it is characterised in that: such as the terminal device
For MAC Address in the MAC Address list for allowing to access, first radio reception device allows the access of the terminal device to ask
It asks, second radio reception device continues other terminal devices that monitoring accesses first radio reception device, such as described
The MAC Address of terminal device is not in the MAC Address list for allowing to access, and second radio reception device is by its SSID information
It is changed to as first radio reception device, and then first radio reception device that disguises oneself as, at this time the terminal
Equipment can not access first radio reception device again.
7. wireless network access safety management-control method as claimed in claim 6, it is characterised in that: second wireless access is set
Standby the first radio reception device for often accessing the mac address information of the terminal device monitored and the terminal device
The SSID information of one of them the first radio reception device in information list is sent to the third radio reception device, described
Third radio reception device its SSID information is changed to send with second radio reception device one of them first
The SSID information of radio reception device is the same, so the terminal device that disguises oneself as often access one of them first wirelessly connect
Enter equipment.
8. a kind of system applied to wireless network access safety management-control method as claimed in any of claims 1 to 7 in one of claims,
Including one first radio reception device and a terminal device, the terminal device sends to first radio reception device and accesses
It requests and is communicated with first radio reception device, it is characterised in that: the wireless network access safety managing and control system
Further include a wireless network control unit, the wireless network control unit include one second radio reception device and a third without
Line access device, second radio reception device monitor logical between the terminal device and first radio reception device
Information is interrogated, and refuses it when the terminal device, which is, does not allow the equipment accessed and accesses internet, the third wireless access
Equipment receives the access request that the terminal device is sent, and when the terminal device is the equipment for allowing to access described in permission
Terminal device accesses internet, and the third radio reception device is monitored the internet behavior of the terminal device.
9. wireless network access safety managing and control system as claimed in claim 8, it is characterised in that: first wireless access is set
Standby includes a public wireless router, and second radio reception device includes a monitoring wireless router, and the third is wireless
Access device includes a control wireless router.
10. wireless network access safety managing and control system as claimed in claim 9, it is characterised in that: second wireless access
A MAC Address list for allowing to access is stored in equipment, storing one in the third radio reception device allows access
MAC Address list, the interior MAC Address list stored of second radio reception device and the interior storage of the third radio reception device
The MAC Address list deposited is different.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610160900.1A CN105681352B (en) | 2016-03-21 | 2016-03-21 | A kind of wireless network access safety management-control method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610160900.1A CN105681352B (en) | 2016-03-21 | 2016-03-21 | A kind of wireless network access safety management-control method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105681352A CN105681352A (en) | 2016-06-15 |
CN105681352B true CN105681352B (en) | 2019-03-19 |
Family
ID=56215236
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610160900.1A Active CN105681352B (en) | 2016-03-21 | 2016-03-21 | A kind of wireless network access safety management-control method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105681352B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109586928A (en) * | 2018-12-21 | 2019-04-05 | 杭州全维技术股份有限公司 | A kind of internet behavior blocking-up method based on the network equipment |
CN109788481B (en) * | 2019-01-25 | 2021-12-28 | 中科大路(青岛)科技有限公司 | Method and device for preventing illegal access monitoring |
CN111866995B (en) * | 2020-07-26 | 2021-01-19 | 广云物联网科技(广州)有限公司 | WeChat applet-based intelligent device network distribution method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1480395A1 (en) * | 2001-03-19 | 2004-11-24 | Sony Corporation | Network system |
CN103138979A (en) * | 2011-11-30 | 2013-06-05 | 华为终端有限公司 | Network access management method and network access facility |
CN103731425A (en) * | 2013-12-31 | 2014-04-16 | 迈普通信技术股份有限公司 | Network wireless terminal access control method and system |
CN104902531A (en) * | 2014-03-03 | 2015-09-09 | 腾讯科技(深圳)有限公司 | Network connection method, application authentication server, terminal and router |
-
2016
- 2016-03-21 CN CN201610160900.1A patent/CN105681352B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1480395A1 (en) * | 2001-03-19 | 2004-11-24 | Sony Corporation | Network system |
CN103138979A (en) * | 2011-11-30 | 2013-06-05 | 华为终端有限公司 | Network access management method and network access facility |
CN103731425A (en) * | 2013-12-31 | 2014-04-16 | 迈普通信技术股份有限公司 | Network wireless terminal access control method and system |
CN104902531A (en) * | 2014-03-03 | 2015-09-09 | 腾讯科技(深圳)有限公司 | Network connection method, application authentication server, terminal and router |
Also Published As
Publication number | Publication date |
---|---|
CN105681352A (en) | 2016-06-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110611723B (en) | Scheduling method and device of service resources | |
CN104935572B (en) | Multi-layer right management method and device | |
CN101802837B (en) | System and method for providing network and computer firewall protection with dynamic address isolation to a device | |
CN104639522B (en) | A kind of method for network access control and device | |
KR101788495B1 (en) | Security gateway for a regional/home network | |
CN100464518C (en) | Green internet-accessing system based on concentrated management and dictributed control, and method therefor | |
CN101909298B (en) | Secure access control method and device for wireless network | |
CN101188557B (en) | Method, client, server and system for managing user network access behavior | |
JP2010518764A (en) | Mobile system and method for remote control and monitoring | |
Liang et al. | A software defined security architecture for SDN-based 5G network | |
CN102118749A (en) | Network access control device for mobile terminal and mobile terminal equipment | |
CN102857388A (en) | Cloud detection safety management auditing system | |
CN101047506B (en) | Management method for terminal equipment starting service in radio communication network | |
WO2016206227A1 (en) | Access control method and device | |
US9491625B2 (en) | Access point apparatus for configuring multiple security tunnel, and system having the same and method thereof | |
CN105681352B (en) | A kind of wireless network access safety management-control method and system | |
CN109995769B (en) | Multi-stage heterogeneous trans-regional full-real-time safety management and control method and system | |
CN101599977B (en) | Method and system for managing network service | |
CN107483514A (en) | Attack monitoring device and smart machine | |
KR20180028742A (en) | 2-way communication apparatus capable of changing communication mode and method thereof | |
CN102045361A (en) | Network security processing method and wireless communications device | |
CN102447710A (en) | Method and system for controlling access right of user | |
CN104994108A (en) | URL filtering method, device and system | |
CN109922058B (en) | Intranet protection method for preventing illegal access to intranet | |
CN103441882A (en) | Remote management method for internet access |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |