CN105743868A - Data acquisition system supporting encrypted and non-encrypted protocols and method - Google Patents
Data acquisition system supporting encrypted and non-encrypted protocols and method Download PDFInfo
- Publication number
- CN105743868A CN105743868A CN201410770605.9A CN201410770605A CN105743868A CN 105743868 A CN105743868 A CN 105743868A CN 201410770605 A CN201410770605 A CN 201410770605A CN 105743868 A CN105743868 A CN 105743868A
- Authority
- CN
- China
- Prior art keywords
- data
- communication
- packet
- acquisition equipment
- data acquisition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a data acquisition system supporting encrypted and non-encrypted protocols and a method. The system comprises a first communication party, a second communication party and the data acquisition equipment, wherein a business data packet is filtered by the data acquisition equipment, and one of steps as follows is carried out according to the type of the data, connection between the first communication party and the second communication part is blocked, or the communication data between the first communication party and the second communication party is acquired and analyzed, or the communication data between the first communication party and the second communication party is directly transmitted.
Description
Technical field
The present invention relates to data acquisition audit field, particularly relate to the acquisition system and method for supporting encryption and non-encrypted protocol data.
Background technology
Network is become increasingly dependent on by society and enterprise, and the network information security is also more and more important.As one, current network information safety limit admitted facts: most security incident both is from inside, including the unauthorized access of internal staff, abuse and maloperation etc..
Along with IT application in enterprise is constantly accelerated, the equipment needing O&M is also on the increase, how to manage numerous O&M equipment and have become as a problem of IT application in enterprise, the more important thing is, enterprise lacks the auditing method to operation maintenance personnel operation, once occur in that O&M operation mistake, not simply failing to analyze is that the operation of what O&M leads to errors, and cannot navigate to the end is which operation maintenance personnel operational error occurs.
There is various sessions and event in important information system in safety auditing system record, whether the operation helping manager and audit person's msu message system meets the requirement of laws and regulations and the security strategy of tissue, when information system breaks down with security incident, may also help in investigator and deeply excavate information behind, rebuild event procedure, until the origin of complete analyzing and positioning event, and dispose the generation again that further step is avoided losing.In the safety criterion and standard system of various countries, the security audit of information system is all the important channel and the means that realize risk management and internal control.
The most crucial part of auditing system is exactly data acquisition, if the data of not collecting or data acquisition are imperfect, then has no way of carrying out follow-up audit analysis.According to Data Source, auditing system can be divided into two classes, Host Based audit and network audit.Host Based audit realizes audit by the daily record of acquisition analysis system, and network audit refers to and directly gathers various session information from network and then realize audit.The impact of Host Based auditing system agreement not encrypted, but dispose more complicated, it usually needs in service end and client installation agent, and the safety of agency itself is also difficult to ensure that.Network auditing system is disposed fast, and is deployed in the middle of network, it is not easy to be bypassed, it is not easy to be tampered, but then helpless for cryptographic protocol.
Therefore, how to propose a kind of data collecting system supporting encryption and non-encrypted agreement and method, carry out security audit for the encryption in network and non-encrypted agreement, be a problem demanding prompt solution.
Summary of the invention
It is an object of the invention to overcome data collecting system of the prior art to dispose complex with method, or to the helpless defect of cryptographic protocol, thus providing a kind of to dispose simplicity, the acquisition system supporting encryption and non-encrypted protocol data and method.
To achieve these goals, the invention provides a kind of data collecting system supporting encryption and non-encrypted agreement, including: first communication party, second communication party and data acquisition equipment;Wherein,
Business data packet is filtered by described data acquisition equipment, then in following operation is performed according to the type of data: the connection between described first communication party and described second communication party is blocked, or be acquired the communication data between described first communication party and described second communication party analyzing, or direct communication data between first communication party and described second communication party described in transparent transmission.
In technique scheme, what business data packet was done by described data acquisition equipment filters according to whether the data in business data packet are that cryptographic protocol data have different operations:
For non-encrypted protocol data, described data acquisition equipment maintains original communication connection;In communication process, intercept the communication data of first communication party or second communication party, directly replicate Layer 2 data bag and forward, and the packet replicated is processed;
For cryptographic protocol data, described data acquisition equipment interrupts the original communication connection of communicating pair, and then the opposing party of analogue communication one side and communication respectively sets up two communication connections;In communication process after setting up communication connection, the communication data that intercept communication one side sends, the destination address of described communication data is replaced with the address of data acquisition equipment, communication data after replacement destination address is sent to the protocol stack of data acquisition equipment, is then based on go-between's principle and ciphertext packet is decrypted process;Then, constructing communication data based on go-between's principle and encrypt, the communication the opposing party then representing communication one direction communication data corresponding sends communication data, and the source address of communication data replaces with the address of described communication one side.
In technique scheme, described data acquisition equipment farther includes:
Packet receiving processing module, receiving network data bag, according to business rule set in advance, business data packet is filtered;Whether Preliminary Analysis packet is cryptographic protocol packet, if non-encrypted data bag, then duplicate packet forwarding, the packet after replicating is carried out IP restructuring, TCP restructuring, is then forwarded to upper-layer protocol parsing module and resolves;If encrypted packets, then the destination address of packet is replaced with the address of data acquisition equipment, communication data after replacement destination address is sent to the TCP/IP protocol stack of data acquisition equipment, packet receiving processing module is received by TCP/IP protocol stack and adds ciphertext data, is then forwarded to go-between's encryption/decryption module and processes;Receiving the packet that go-between's encryption/decryption module returns, clear data bag is submitted directly to upper-layer protocol parsing module and resolves, and ciphertext packet is then sent by TCP/IP protocol stack, and replaces the source address of packet at two layers;
Go-between's encryption/decryption module, receive the ciphertext packet that packet receiving processing module is submitted to, it is decrypted process based on go-between's principle, and be encrypted based on go-between's principle structure packet, the clear data bag after the encrypted packets of structure and deciphering is submitted to packet receiving processing module;
Upper-layer protocol parsing module, receives the clear data bag that packet receiving processing module is submitted to, carries out upper-layer protocol parsing respectively according to the concrete protocol format of packet, and generate parsing daily record, be sent to daily record memory module;
Configuration Manager, responsible configuration management includes business datum packet filtering rules, blocks information regular, collection analysis rule;
Daily record memory module, is responsible for the parsing daily record that storage and management upper-layer protocol parsing module generates, and provides audit look facility.
Present invention also offers the collecting method realized based on data collecting system, including:
Step 301), as first communication party client to as second communication party service end send communication data;
Step 302), data acquisition equipment intercept client send communication data;
Step 303), business data packet is filtered by data acquisition equipment according to business rule set in advance, if desired block, then perform step 304), if without blocking and without collection analysis, then perform step 305), if needing collection analysis without blocking, then perform step 306);
Step 304), data acquisition equipment analog service end respectively and client send, to client and service end, the request disconnected, return;
Step 305), the direct transparent data bag of data acquisition equipment, return;
Step 306), data acquisition equipment resolve whether be cryptographic protocol data, if it is not, then perform step 307), if it is, perform step 309);
Step 307), data acquisition equipment directly replicates Layer 2 data bag and forwards;
Step 308), the packet of duplication submitted to data acquisition equipment process, return;
Step 309), the address that destination address is data acquisition equipment of replacement data bag;
Step 310), the protocol stack replacing the packet after destination address and being sent to data acquisition equipment is processed;
Step 311), data acquisition equipment based on go-between's principle, encrypted packets is decrypted, to expressly carrying out dissection process;
Step 312), data acquisition equipment based on go-between's principle, structure adds ciphertext data, the source address of packet replaces with the address of client, represents client and send data to service end;
Step 313), service end receive the data that data acquisition equipment sends, and send a reply to client;
Step 314), exchange client and service end, repeat the above steps 302)~313), until communication process terminates.
It is an advantage of the current invention that:
1, the data acquisition equipment of the present invention is by the packet in intercept network; the encryption of communicating pair in network and non-encrypted protocol data can be gathered; the communication of effective monitoring both data and behavior; foundation is provided for security audit, and can according to business collection rule, real-time blocking communication in violation of rules and regulations; the connection of drop both sides; avoid the infringement that enterprise is caused by violation operation, reduce the loss of enterprise, the information of protection enterprises.
2, the data acquisition equipment of the present invention is deployed in the middle of the network of communicating pair, and communicating pair is all transparent, does not affect the use of original operation system, disposes simple, easy to maintenance.
Accompanying drawing explanation
Fig. 1 is the support encryption functional block diagram with the data collecting system of non-encrypted agreement of the present invention;
Fig. 2 is the functional block diagram of the data acquisition equipment in the support encryption of the present invention and the data collecting system of non-encrypted agreement;
Fig. 3 is the flow chart of a kind of collecting method supporting encryption and non-encrypted agreement of the present invention;
Fig. 4 is the exemplary plot gathering cryptographic protocol data in one embodiment;
Fig. 5 is the exemplary plot gathering non-encrypted protocol data in one embodiment.
Detailed description of the invention
In conjunction with accompanying drawing, the invention will be further described.
Include with reference to Fig. 1, the support encryption of the present invention and the data collecting system of non-encrypted agreement: first communication party, second communication party and data acquisition equipment;Wherein, business data packet is filtered by described data acquisition equipment, then in following operation is performed according to the type of data: the connection between described first communication party and described second communication party is blocked, or be acquired the communication data between described first communication party and described second communication party analyzing, or direct communication data between first communication party and described second communication party described in transparent transmission.
Below the various piece in present system is described further.
Described first communication party has following functions: send connection request to second communication party;Receive the connection response of second communication party;After connection establishment success, to second communication party's requested service, carry out service communication with second communication party.
Described second communication party has following functions: receive the connection request of first communication party;Connection response is returned to first communication party;Connection establishment success, the service request of response first communication party, and first communication party carry out service communication.
What business data packet was done by described data acquisition equipment filters according to whether data are that cryptographic protocol data have different operations:
For non-encrypted protocol data, described data acquisition equipment will not interrupt the original communication connection of communicating pair, maintains original TCP or UDP and connects;In communication process, intercept the communication data of first communication party or second communication party, directly replicate Layer 2 data bag and also forward, and the packet of duplication is submitted to data acquisition equipment process.
For cryptographic protocol data, described data acquisition equipment can adopt the TCP/IP protocol stack of itself, has interrupted the original communication connection of communicating pair, and then the opposing party of analogue communication one side and communication respectively sets up two communication connections;In communication process after setting up communication connection, intercept the communication data that first communication party sends, the destination address of described communication data is replaced with the address (including IP address and MAC Address) of data acquisition equipment, communication data after replacement destination address is sent to the protocol stack of data acquisition equipment, is then based on go-between's principle and ciphertext packet is decrypted process;Then, construct communication data based on go-between's principle and encrypt, then representing first communication party and send communication data to the second communication party that communication data is corresponding, and the source address of communication data is replaced with the address of first communication party.Similar, intercept the communication data that second communication party sends, the destination address of described communication data is replaced with the address of data acquisition equipment, communication data after replacement destination address is sent to the protocol stack of data acquisition equipment, is then based on go-between's principle and ciphertext packet is decrypted process;Then, construct communication data based on go-between's principle and encrypt, then representing the first communication party return communication data that second communication direction communication data is corresponding, and the source address of communication data is replaced with the address of second communication party.
Fig. 2 is the functional block diagram of data acquisition equipment, and this equipment includes:
Packet receiving processing module, receiving network data bag, according to business rule set in advance, business data packet is filtered;Whether Preliminary Analysis packet is cryptographic protocol packet, if non-encrypted data bag, then duplicate packet forwarding, the packet after replicating is carried out IP restructuring, TCP restructuring, is then forwarded to upper-layer protocol parsing module and resolves;If encrypted packets, then the destination address of packet is replaced with the address of data acquisition equipment, communication data after replacement destination address is sent to the TCP/IP protocol stack of data acquisition equipment, packet receiving processing module is received by TCP/IP protocol stack and adds ciphertext data, is then forwarded to go-between's encryption/decryption module and processes;Receiving the packet that go-between's encryption/decryption module returns, clear data bag is submitted directly to upper-layer protocol parsing module and resolves, and ciphertext packet is then sent by TCP/IP protocol stack, and replaces the source address of packet at two layers.
Go-between's encryption/decryption module, receive the ciphertext packet that packet receiving processing module is submitted to, it is decrypted process based on go-between's principle, and be encrypted based on go-between's principle structure packet, the clear data bag after the encrypted packets of structure and deciphering is submitted to packet receiving processing module.
Upper-layer protocol parsing module, receives the clear data bag that packet receiving processing module is submitted to, carries out upper-layer protocol parsing respectively according to the concrete protocol format of packet, and generate parsing daily record, be sent to daily record memory module.
Configuration Manager, is responsible for configuration management business datum packet filtering rules, blocks the information such as regular, collection analysis rule.
Daily record memory module, is responsible for the parsing daily record that storage management upper-layer protocol parsing module generates, and provides audit look facility.
Corresponding with the data collecting system of the support of present invention encryption and non-encrypted agreement, with reference to Fig. 3, in one embodiment, using client as first communication party, using service end as second communication party, the collecting method of the present invention comprises the steps:
Step 301), client send communication data to service end;
Step 302), data acquisition equipment intercept client send communication data;
Step 303), business data packet is filtered by data acquisition equipment according to business rule set in advance, if desired block, then perform step 304), if without blocking and without collection analysis, then perform step 305), if needing collection analysis without blocking, then perform step 306);
In this step, determining which kind of operation is business data packet do according to business rule, described business rule then can carry out configuring according to the demand of concrete scene.The packet of IP as specific in certain all blocks, and the IP bag of certain particular port all blocks;And for example, the data gathering certain the specific IP core data server etc. of enterprises (server of this specific IP be) are analyzed, and illegal operation is analyzed, thus for offer evidence of calling to account.
Step 304), data acquisition equipment analog service end respectively and client send, to client and service end, the request disconnected, return;
Step 305), data acquisition equipment packet is not made any amendment, direct transparent transmission, return;
Step 306), data acquisition equipment resolve whether be cryptographic protocol data, if it is not, then perform step 307), if it is, perform step 309);
Step 307), data acquisition equipment directly replicates Layer 2 data bag and forwards;
Step 308), the packet of duplication submitted to data acquisition equipment process, return;
Step 309), the address that destination address is data acquisition equipment of replacement data bag;
Step 310), the protocol stack replacing the packet after destination address and being sent to data acquisition equipment is processed;
Step 311), data acquisition equipment based on go-between's principle, encrypted packets is decrypted, to expressly carrying out dissection process;
Step 312), data acquisition equipment based on go-between's principle, structure adds ciphertext data, the source address of packet replaces with the address of client, represents client and send data to service end;
Step 313), service end receive the data that data acquisition equipment sends, and send a reply to client;
Step 314), exchange client and service end, repeat the above steps 302)~313), until communication process terminates.
In one embodiment, for collection analysis HTTPS protocol data, the method for the present invention being further detailed, referring to Fig. 4, wherein HTTPS is based on SSL and is encrypted, and specifically comprises the following steps that
Step 401), data acquisition equipment receives client and issues the SYN of service end;
Step 402), data acquisition equipment replace the purpose MAC and MAC and IP that purpose IP is data acquisition equipment of SYN, submit to the TCP/IP protocol stack of data acquisition equipment;
Step 403), the TCP/IP protocol stack of data acquisition equipment replys SYN response to client, and replaces IP and the MAC that source IP and MAC is service end of SYN response;
Step 404), client return ACK to service end;
Step 405), data acquisition equipment replace the purpose MAC in ACK and MAC and IP that purpose IP is data acquisition equipment, submit to the TCP/IP protocol stack of data acquisition equipment;Such client and data acquisition equipment are set up a TCP and are connected tcp_conn1, and data acquisition equipment is server;
Step 406), data acquisition equipment disguise oneself as client, initiate SYN connection request to service end, source IP and the MAC of SYN connection request replaces with IP and the MAC of client;
Step 407), service end return SYN response;
Step 408), data acquisition equipment replace the purpose MAC and MAC and IP that purpose IP is data acquisition equipment of SYN response, then SYN response is submitted to the TCP/IP protocol stack of data acquisition equipment;
Step 409), the TCP/IP protocol stack of data acquisition equipment returns ACK to service end, and replaces IP and the MAC that source IP and MAC is client of ACK;Such service end and data acquisition equipment also establish a TCP and connect tcp_conn2, and data acquisition equipment is client;
Step 410), for SSL, when client initiates ClientHello message to service end, data acquisition equipment receives handshake information on tcp_conn1 connects, submit to the go-between's encryption/decryption module adopting ssl protocol, adopt go-between's encryption/decryption module amendment handshake information of ssl protocol, in tcp_conn2 connection, then send handshake information to service end;
Step 411), service end receives to shake hands and replies message, ServerHello is replied to client, data acquisition equipment receives to shake hands on tcp_conn2 connects and replies message, submit to the go-between's encryption/decryption module adopting ssl protocol, the go-between's encryption/decryption module amendment adopting ssl protocol is shaken hands and is replied message, and then in tcp_conn1 connections, transmission is shaken hands and replied message to client;
Step 412) other message and application data by that analogy, realize the collection analysis of SSL encryption data based on go-between's principle.
In another embodiment of the invention, for collection analysis http data, the method for the present invention is further detailed, referring to Fig. 5, specifically comprises the following steps that
Step 501), client send HTTP request to service end;
Step 502), data acquisition equipment receive the HTTP request data bag of client, replicate and be transmitted to service end;
Step 503), the HTTP request of data acquisition equipment dissection process client;
Step 504), service end return http response to client;
Step 505), data acquisition equipment receive the http response packet of service end, replicate and be transmitted to client;
Step 506), the http response of data acquisition equipment dissection process service end;
Step 507), circulate and so forth, it is achieved the collection analysis to http protocol clear data.
It should be noted last that, above example is only in order to illustrate technical scheme and unrestricted.Although the present invention being described in detail with reference to embodiment, it will be understood by those within the art that, technical scheme being modified or equivalent replacement, without departure from the spirit and scope of technical solution of the present invention, it all should be encompassed in the middle of scope of the presently claimed invention.
Claims (4)
1. the data collecting system supporting encryption and non-encrypted agreement, it is characterised in that including: first communication party, second communication party and data acquisition equipment;Wherein,
Business data packet is filtered by described data acquisition equipment, then in following operation is performed according to the type of data: the connection between described first communication party and described second communication party is blocked, or be acquired the communication data between described first communication party and described second communication party analyzing, or direct communication data between first communication party and described second communication party described in transparent transmission.
2. the data collecting system supporting encryption and non-encrypted agreement according to claim 1, it is characterised in that what business data packet was done by described data acquisition equipment filters according to whether the data in business data packet are that cryptographic protocol data have different operations:
For non-encrypted protocol data, described data acquisition equipment maintains original communication connection;In communication process, intercept the communication data of first communication party or second communication party, directly replicate Layer 2 data bag and forward, and the packet replicated is processed;
For cryptographic protocol data, described data acquisition equipment interrupts the original communication connection of communicating pair, and then the opposing party of analogue communication one side and communication respectively sets up two communication connections;In communication process after setting up communication connection, the communication data that intercept communication one side sends, the destination address of described communication data is replaced with the address of data acquisition equipment, communication data after replacement destination address is sent to the protocol stack of data acquisition equipment, is then based on go-between's principle and ciphertext packet is decrypted process;Then, constructing communication data based on go-between's principle and encrypt, the communication the opposing party then representing communication one direction communication data corresponding sends communication data, and the source address of communication data replaces with the address of described communication one side.
3. the data collecting system supporting encryption and non-encrypted agreement according to claim 1, it is characterised in that described data acquisition equipment farther includes:
Packet receiving processing module, receiving network data bag, according to business rule set in advance, business data packet is filtered;Whether Preliminary Analysis packet is cryptographic protocol packet, if non-encrypted data bag, then duplicate packet forwarding, the packet after replicating is carried out IP restructuring, TCP restructuring, is then forwarded to upper-layer protocol parsing module and resolves;If encrypted packets, then the destination address of packet is replaced with the address of data acquisition equipment, communication data after replacement destination address is sent to the TCP/IP protocol stack of data acquisition equipment, packet receiving processing module is received by TCP/IP protocol stack and adds ciphertext data, is then forwarded to go-between's encryption/decryption module and processes;Receiving the packet that go-between's encryption/decryption module returns, clear data bag is submitted directly to upper-layer protocol parsing module and resolves, and ciphertext packet is then sent by TCP/IP protocol stack, and replaces the source address of packet at two layers;
Go-between's encryption/decryption module, receive the ciphertext packet that packet receiving processing module is submitted to, it is decrypted process based on go-between's principle, and be encrypted based on go-between's principle structure packet, the clear data bag after the encrypted packets of structure and deciphering is submitted to packet receiving processing module;
Upper-layer protocol parsing module, receives the clear data bag that packet receiving processing module is submitted to, carries out upper-layer protocol parsing respectively according to the concrete protocol format of packet, and generate parsing daily record, be sent to daily record memory module;
Configuration Manager, responsible configuration management includes business datum packet filtering rules, blocks information regular, collection analysis rule;
Daily record memory module, is responsible for the parsing daily record that storage and management upper-layer protocol parsing module generates, and provides audit look facility.
4. the collecting method realized based on the data collecting system of one of claim 1-3, including:
Step 301), as first communication party client to as second communication party service end send communication data;
Step 302), data acquisition equipment intercept client send communication data;
Step 303), business data packet is filtered by data acquisition equipment according to business rule set in advance, if desired block, then perform step 304), if without blocking and without collection analysis, then perform step 305), if needing collection analysis without blocking, then perform step 306);
Step 304), data acquisition equipment analog service end respectively and client send, to client and service end, the request disconnected, return;
Step 305), the direct transparent data bag of data acquisition equipment, return;
Step 306), data acquisition equipment resolve whether be cryptographic protocol data, if it is not, then perform step 307), if it is, perform step 309);
Step 307), data acquisition equipment directly replicates Layer 2 data bag and forwards;
Step 308), the packet of duplication submitted to data acquisition equipment process, return;
Step 309), the address that destination address is data acquisition equipment of replacement data bag;
Step 310), the protocol stack replacing the packet after destination address and being sent to data acquisition equipment is processed;
Step 311), data acquisition equipment based on go-between's principle, encrypted packets is decrypted, to expressly carrying out dissection process;
Step 312), data acquisition equipment based on go-between's principle, structure adds ciphertext data, the source address of packet replaces with the address of client, represents client and send data to service end;
Step 313), service end receive the data that data acquisition equipment sends, and send a reply to client;
Step 314), exchange client and service end, repeat the above steps 302)~313), until communication process terminates.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410770605.9A CN105743868B (en) | 2014-12-11 | 2014-12-11 | A kind of data collection system and method for supporting encryption and non-encrypted agreement |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410770605.9A CN105743868B (en) | 2014-12-11 | 2014-12-11 | A kind of data collection system and method for supporting encryption and non-encrypted agreement |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105743868A true CN105743868A (en) | 2016-07-06 |
| CN105743868B CN105743868B (en) | 2019-01-25 |
Family
ID=56241532
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410770605.9A Active CN105743868B (en) | 2014-12-11 | 2014-12-11 | A kind of data collection system and method for supporting encryption and non-encrypted agreement |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105743868B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106131091A (en) * | 2016-08-31 | 2016-11-16 | 杭州华途软件有限公司 | A kind of based on STARTTLS/SSL/TLS mail protocol Mail Contents also original system and content reduction method |
| CN107086967A (en) * | 2017-04-19 | 2017-08-22 | 济南浪潮高新科技投资发展有限公司 | A kind of message data accounting circuit and method |
| CN107784236A (en) * | 2017-10-29 | 2018-03-09 | 长沙准光里电子科技有限公司 | A kind of system for realizing big data safety |
| CN107895042A (en) * | 2017-11-30 | 2018-04-10 | 北京搜狐新媒体信息技术有限公司 | A kind of data capture method and device |
| CN109905352A (en) * | 2017-12-11 | 2019-06-18 | 亿阳安全技术有限公司 | A kind of method, apparatus and storage medium based on cryptographic protocol Audit data |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141243A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Device and method for carrying out security check and content filtering on communication data |
| CN101325519A (en) * | 2008-06-05 | 2008-12-17 | 华为技术有限公司 | Content auditing method, system based on safety protocol and content auditing equipment |
| CN101848214A (en) * | 2010-04-30 | 2010-09-29 | 南京德讯信息系统有限公司 | Free location and playback method based on RDP (Remote Desktop Protocol) audit data as well as system |
| CN103124293A (en) * | 2012-12-31 | 2013-05-29 | 中国人民解放军理工大学 | Cloud data safe auditing method based on multi-Agent |
-
2014
- 2014-12-11 CN CN201410770605.9A patent/CN105743868B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141243A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Device and method for carrying out security check and content filtering on communication data |
| CN101325519A (en) * | 2008-06-05 | 2008-12-17 | 华为技术有限公司 | Content auditing method, system based on safety protocol and content auditing equipment |
| CN101848214A (en) * | 2010-04-30 | 2010-09-29 | 南京德讯信息系统有限公司 | Free location and playback method based on RDP (Remote Desktop Protocol) audit data as well as system |
| CN103124293A (en) * | 2012-12-31 | 2013-05-29 | 中国人民解放军理工大学 | Cloud data safe auditing method based on multi-Agent |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106131091A (en) * | 2016-08-31 | 2016-11-16 | 杭州华途软件有限公司 | A kind of based on STARTTLS/SSL/TLS mail protocol Mail Contents also original system and content reduction method |
| CN106131091B (en) * | 2016-08-31 | 2019-10-15 | 浙江华途信息安全技术股份有限公司 | One kind being based on STARTTLS/SSL/TLS mail protocol Mail Contents also original system and content reduction method |
| CN107086967A (en) * | 2017-04-19 | 2017-08-22 | 济南浪潮高新科技投资发展有限公司 | A kind of message data accounting circuit and method |
| CN107784236A (en) * | 2017-10-29 | 2018-03-09 | 长沙准光里电子科技有限公司 | A kind of system for realizing big data safety |
| CN107895042A (en) * | 2017-11-30 | 2018-04-10 | 北京搜狐新媒体信息技术有限公司 | A kind of data capture method and device |
| CN109905352A (en) * | 2017-12-11 | 2019-06-18 | 亿阳安全技术有限公司 | A kind of method, apparatus and storage medium based on cryptographic protocol Audit data |
| CN109905352B (en) * | 2017-12-11 | 2022-02-22 | 亿阳安全技术有限公司 | Method, device and storage medium for auditing data based on encryption protocol |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105743868B (en) | 2019-01-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111034150B (en) | Method and apparatus for selectively decrypting SSL/TLS communications | |
| CN107018134B (en) | Power distribution terminal safety access platform and implementation method thereof | |
| CN107347047B (en) | Attack protection method and device | |
| CN105743868A (en) | Data acquisition system supporting encrypted and non-encrypted protocols and method | |
| KR101294280B1 (en) | System and Method capable of Preventing Individual Information Leakage by Monitoring Encrypted HTTPS-based Communication Data via Network Packet Mirroring | |
| CN102857520A (en) | Telnet protocol security access system and method for character terminal | |
| CN111314381A (en) | Safety isolation gateway | |
| JP6391823B2 (en) | RDP data collection apparatus and method | |
| CN211352206U (en) | IPSec VPN cryptographic machine based on quantum key distribution | |
| CN103023741B (en) | VPN equipment obstacle management method | |
| CN100426753C (en) | Network managing method based on SNMP | |
| CN111464550B (en) | HTTPS transparent protection method for message processing equipment | |
| CN114139192B (en) | Encrypted traffic processing method, encrypted traffic processing apparatus, electronic device, medium, and program | |
| CN113259347B (en) | Equipment safety system and equipment behavior management method in industrial Internet | |
| CN104618211A (en) | Tunnel based message processing method and headquarters gateway device | |
| JP2023531034A (en) | Service transmission method, device, network equipment and storage medium | |
| CN111917800B (en) | External authorization system and method based on protocol | |
| Cisco | Data Encryption Service Adapter | |
| CN115776517A (en) | Service request processing method and device, storage medium and electronic equipment | |
| CN107066874B (en) | Method and device for interactively verifying information between container systems | |
| CN108600185A (en) | A kind of data security transmission network system and its method | |
| KR102657165B1 (en) | Data management device, data management method and a computer-readable storage medium for storing data management program | |
| CN102148704A (en) | Software implementation method for universal network management interface of safe switch | |
| EP1561326B1 (en) | Apparatus and method for negotiating network parameters | |
| KR101789241B1 (en) | Method, system and computer-readable recording medium for processing dump packets in virtual private network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |