CN106254333A - A kind of safety desktop management method and device - Google Patents
A kind of safety desktop management method and device Download PDFInfo
- Publication number
- CN106254333A CN106254333A CN201610617791.1A CN201610617791A CN106254333A CN 106254333 A CN106254333 A CN 106254333A CN 201610617791 A CN201610617791 A CN 201610617791A CN 106254333 A CN106254333 A CN 106254333A
- Authority
- CN
- China
- Prior art keywords
- website
- target process
- default
- module
- targeted website
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3051—Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the invention discloses a kind of safety desktop management method and device, described method includes: process fire wall obtains the current target process run;Described target process is searched in the default plan of described process fire wall;If described target process in described default plan, does not then close described target process.Described device includes: process acquisition module, process search module and process closes module.The embodiment of the present invention is from the angle monitor user operation of process, process by default plan record security, make when the operating target process of process fire wall acquisition is not in described default plan, then close described target process, make the control difficulty to user operation little, and control the most thorough.
Description
Technical field
The present embodiments relate to field of computer technology, be specifically related to a kind of safety desktop management method and device.
Background technology
Along with the development of society, network and computer technology are more and more flourishing, people's functional requirement to computer
More and more diversified, complication.And under current social environment, user usually can meet some special service conditions and
Demand, such as: the self-help teller machine of China Mobile Service Hall can only open website, business hall, bank self-help automatic teller machine only allows to access clear
Look at device and only allow to access website of bank etc..For the demand of safety, the safe no less important of desktop, it is similar to revise table
Face icon causes user cannot normally use the case of computer innumerable, therefore, it is achieved safety desktop is necessary.
Traditional safety desktop mainly uses and is controlled on system default desktop, due to system resource managers user
Operable entrance is a lot of and system desktop a lot of self-starting running software, if wanting to accomplish to control thoroughly, it is necessary to useful to institute
Family possible operation entrance carries out intercepting control, and it is big that such result controls difficulty exactly, and controls the most thorough.
During realizing the embodiment of the present invention, it is possible that inventor finds that existing safety desktop needs all users
Operation entry carries out intercepting control, controls difficulty big, and controls the most thorough.
Summary of the invention
Owing to existing safety desktop needs to intercept all user's possible operation entrances control, control difficulty big,
And controlling halfway problem, the embodiment of the present invention proposes a kind of safety desktop management method and device.
First aspect, the embodiment of the present invention proposes a kind of safety desktop management method, including:
Process fire wall obtains the current target process run;
Described target process is searched in the default plan of described process fire wall;
If described target process in described default plan, does not then close described target process.
Preferably, described method also includes:
Network firewall obtains the application program browse request to targeted website;
Described targeted website is searched in the default website table of described network firewall;
If described browse request in the table of described default website, is not then intercepted by described targeted website.
Preferably, described method also includes:
Set up virtual desktop, and in described virtual desktop, set up described process fire wall and described network firewall.
Preferably, described method also includes:
If described target process is in described default plan, then maintain described target process.
Preferably, described method also includes:
If described targeted website is in the table of described default website, then described browse request is allowed to send to described targeted website
Corresponding server.
Second aspect, the embodiment of the present invention also proposes a kind of safety desktop managing device, including:
Process acquisition module, for obtaining the target process of current operation;
Process searches module, for searching described target process in the default plan of described process fire wall;
Process closes module, if for described target process not in described default plan, then closing described target and enter
Journey.
Preferably, described device also includes:
Acquisition request module, for obtaining the application program browse request to targeted website;
Module is searched in website, for searching described targeted website in the default website table of described network firewall;
Request blocking module, if for described targeted website not in the table of described default website, then to described browse request
Intercept.
Preferably, described device also includes:
Virtual desktop sets up module, is used for setting up virtual desktop, and sets up the fire prevention of described process in described virtual desktop
Wall and described network firewall.
Preferably, described device also includes:
Process maintains module, if for described target process in described default plan, then maintaining described target process.
Preferably, described device also includes:
Request allows module, if for described targeted website in the table of described default website, then allowing described browse request
Send the server corresponding to described targeted website.
As shown from the above technical solution, the embodiment of the present invention is from the angle monitor user operation of process, by default process
The process of table record safety so that when the operating target process of process fire wall acquisition is not in described default plan,
Then close described target process so that little to the control difficulty of user operation, and control the most thorough.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
In having technology to describe, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to
Other accompanying drawing is obtained according to these figures.
The schematic flow sheet of a kind of safety desktop management method that Fig. 1 provides for one embodiment of the invention;
The structural representation of a kind of safety desktop managing device that Fig. 2 provides for one embodiment of the invention.
Detailed description of the invention
Below in conjunction with the accompanying drawings, the detailed description of the invention of invention is further described.Following example are only used for more clear
Chu's ground explanation technical scheme, and can not limit the scope of the invention with this.
Fig. 1 shows the schematic flow sheet of a kind of safety desktop management method that the present embodiment provides, including:
S101, process fire wall obtain the current target process run;
Wherein, described process fire wall is the application program run for monitoring process of terminal inner.
Described target process is the current process run of described process fire wall monitoring.
S102, in the default plan of described process fire wall, search described target process;
Wherein, described default plan is the process list of the safety pre-set.
If the described target process of S103 in described default plan, does not then close described target process.
Specifically, if described target process is not in described default plan, then it represents that target process is unwarranted,
May bring the process of security risk, therefore, described target process closed by process fire wall.
By process firewall technology, monitor the operation of safety desktop internal program in real time, stop illegal program in violation of rules and regulations to be run.
The present embodiment is from the angle monitor user operation of process, by the process of default plan record security so that when
The operating target process that process fire wall obtains not in described default plan, then closes described target process so that
Little to the control difficulty of user operation, and control the most thorough.
Further, on the basis of said method embodiment, described method also includes:
S104, network firewall obtain the application program browse request to targeted website;
Wherein, described network firewall is the application program for monitoring website visiting situation of terminal inner.
Described targeted website is the website that the user comprised in described browse request browses in advance.
S105, in the default website table of described network firewall, search described targeted website;
Wherein, described default website table is the list of websites of the safety pre-set.
Described targeted website is the website that the user comprised in the browse request that application program sends accesses in advance.
If described browse request in the table of described default website, is not then intercepted by the described targeted website of S106.
Specifically, if described targeted website is not in the table of described default website, then it represents that targeted website is unwarranted,
May bring the website of security risk, therefore, described browse request is intercepted by network firewall, stops application program pair
The access of targeted website.
By Network Firewall Technology, the access of all Internet resources in monitoring safety desktop in real time, stop the most in violation of rules and regulations
Network resource accession.
Can be run by safety desktop internal program by security audit application program, network access monitoring information arranges
Warehouse-in, in case system audit inquiry, thus controls the behavior of user thoroughly, it is ensured that being perfectly safe of safety desktop, can
Control.
Further, on the basis of said method embodiment, described method also includes:
S107, set up virtual desktop, and in described virtual desktop, set up described process fire wall and the fire prevention of described network
Wall.
Wherein, described virtual desktop is to support that the Remote Dynamic that enterprise-level realizes desktop system accesses and data center's unification
The technology of trustship, it is possible to the multipad of independent operating.
For example, Windows virtual desktop technology can be used, build a virtual desktop, virtual desktop for terminal
Exist with system default desktop simultaneously and run, but two desktops belong to completely isolated Windows, i.e. see in safety desktop
Less than any window of system desktop, system desktop also can't see any window of safety desktop.Open based on DirectUI technology
Send out desktop management program operate in virtual desktop, the function such as the management of simulated implementation system windows, taskbar, tray icon.
In desktop management program, show that this terminal allows the program bar run.The most just for user construct one clean thorough
The desktop environment at the end, does not change user operation habits simultaneously, and can only run the business software of setting.
Further, on the basis of said method embodiment, described method also includes:
If the described target process of S108 is in described default plan, then maintain described target process.
Specifically, if described target process is in described default plan, then it represents that target process is through authorizing, no
Can bring the process of security risk, therefore, process fire wall maintains described target process.
Described target process is maintained by judging, it is possible to ensure the fortune of security procedure when target process is in default plan
OK.
Further, on the basis of said method embodiment, described method also includes:
If the described targeted website of S109 is in the table of described default website, then described browse request is allowed to send to described mesh
The server that mark website is corresponding.
Specifically, if described targeted website is in the table of described default website, then it represents that targeted website is through authorizing, no
Can bring access risk, therefore, website firewall allows described browse request to send the server corresponding to described targeted website.
Browse request is allowed to send to described targeted website during by judging that targeted website is in the table of default website corresponding
Server, it is possible to ensure the successful access of security website.
Fig. 2 shows the structural representation of a kind of safety desktop managing device that the present embodiment provides, and described device includes:
Process acquisition module 21, process search module 22 and process closes module 23, wherein:
Described process acquisition module 21 is for obtaining the target process of current operation;
Described process searches module 22 for searching described target process in the default plan of described process fire wall;
If described process closes module 23 for described target process not in described default plan, then close described mesh
Mark process.
Specifically, described process acquisition module 21 obtains the target process of current operation;Described process is searched module 22 and is existed
The default plan of described process fire wall searches described target process;If described process closes the described target process of module 23
Not in described default plan, then close described target process.
The present embodiment is from the angle monitor user operation of process, by the process of default plan record security so that when
The operating target process that process fire wall obtains not in described default plan, then closes described target process so that
Little to the control difficulty of user operation, and control the most thorough.
Further, on the basis of said apparatus embodiment, described device also includes:
Acquisition request module, for obtaining the application program browse request to targeted website;
Module is searched in website, for searching described targeted website in the default website table of described network firewall;
Request blocking module, if for described targeted website not in the table of described default website, then to described browse request
Intercept.
Further, on the basis of said apparatus embodiment, described device also includes:
Virtual desktop sets up module, is used for setting up virtual desktop, and sets up the fire prevention of described process in described virtual desktop
Wall and described network firewall.
Further, on the basis of said apparatus embodiment, described device also includes:
Process maintains module, if for described target process in described default plan, then maintaining described target process.
Further, on the basis of said apparatus embodiment, described device also includes:
Request allows module, if for described targeted website in the table of described default website, then allowing described browse request
Send the server corresponding to described targeted website.
Safety desktop managing device described in the present embodiment may be used for performing said method embodiment, its principle and technology
Effect is similar to, and here is omitted.
Device embodiment described above is only schematically, and the wherein said unit illustrated as separating component can
To be or to may not be physically separate, the parts shown as unit can be or may not be physics list
Unit, i.e. may be located at a place, or can also be distributed on multiple NE.Can be selected it according to the actual needs
In some or all of module realize the purpose of the present embodiment scheme.Those of ordinary skill in the art are not paying creativeness
Work in the case of, be i.e. appreciated that and implement.
Through the above description of the embodiments, those skilled in the art it can be understood that to each embodiment can
The mode adding required general hardware platform by software realizes, naturally it is also possible to pass through hardware.Based on such understanding, on
State the part that prior art contributes by technical scheme the most in other words to embody with the form of software product, should
Computer software product can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD etc., including some fingers
Make with so that a computer equipment (can be personal computer, server, or the network equipment etc.) performs each and implements
The method described in some part of example or embodiment.
It is noted that above example is only in order to illustrate technical scheme, it is not intended to limit;Although reference
The present invention has been described in detail by previous embodiment, it will be understood by those within the art that: it still can be right
Technical scheme described in foregoing embodiments is modified, or wherein portion of techniques feature is carried out equivalent;And this
A little amendments or replacement, do not make the essence of appropriate technical solution depart from spirit and the model of various embodiments of the present invention technical scheme
Enclose.
Claims (10)
1. a safety desktop management method, it is characterised in that including:
Process fire wall obtains the current target process run;
Described target process is searched in the default plan of described process fire wall;
If described target process in described default plan, does not then close described target process.
Method the most according to claim 1, it is characterised in that described method also includes:
Network firewall obtains the application program browse request to targeted website;
Described targeted website is searched in the default website table of described network firewall;
If described browse request in the table of described default website, is not then intercepted by described targeted website.
Method the most according to claim 2, it is characterised in that described method also includes:
Set up virtual desktop, and in described virtual desktop, set up described process fire wall and described network firewall.
Method the most according to claim 1, it is characterised in that described method also includes:
If described target process is in described default plan, then maintain described target process.
Method the most according to claim 2, it is characterised in that described method also includes:
If described targeted website is in the table of described default website, then described browse request is allowed to send to described targeted website corresponding
Server.
6. a safety desktop managing device, it is characterised in that including:
Process acquisition module, for obtaining the target process of current operation;
Process searches module, for searching described target process in the default plan of described process fire wall;
Process closes module, if for described target process not in described default plan, then closing described target process.
Device the most according to claim 6, it is characterised in that described device also includes:
Acquisition request module, for obtaining the application program browse request to targeted website;
Module is searched in website, for searching described targeted website in the default website table of described network firewall;
Request blocking module, if for described targeted website not in the table of described default website, then carrying out described browse request
Intercept.
Device the most according to claim 7, it is characterised in that described device also includes:
Virtual desktop sets up module, is used for setting up virtual desktop, and set up in described virtual desktop described process fire wall and
Described network firewall.
Device the most according to claim 6, it is characterised in that described device also includes:
Process maintains module, if for described target process in described default plan, then maintaining described target process.
Device the most according to claim 7, it is characterised in that described device also includes:
Request allows module, if for described targeted website in the table of described default website, then allowing described browse request to send
The server corresponding to described targeted website.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610617791.1A CN106254333A (en) | 2016-07-29 | 2016-07-29 | A kind of safety desktop management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610617791.1A CN106254333A (en) | 2016-07-29 | 2016-07-29 | A kind of safety desktop management method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106254333A true CN106254333A (en) | 2016-12-21 |
Family
ID=57606195
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610617791.1A Pending CN106254333A (en) | 2016-07-29 | 2016-07-29 | A kind of safety desktop management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106254333A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107256162A (en) * | 2017-06-13 | 2017-10-17 | 时瑞科技(深圳)有限公司 | Based on Windows visual characteristics and personalized desktop management method |
| CN110830478A (en) * | 2019-11-12 | 2020-02-21 | 福州汇思博信息技术有限公司 | Method, system, equipment and medium for multi-process network distribution |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102646173A (en) * | 2012-02-29 | 2012-08-22 | 成都新云软件有限公司 | Safety protection control method and system based on white and black lists |
| CN105247830A (en) * | 2013-03-29 | 2016-01-13 | 思杰系统有限公司 | Providing mobile device management functionalities |
| CN105468409A (en) * | 2015-11-20 | 2016-04-06 | 北京金山安全软件有限公司 | Application program closing method and device and electronic equipment |
| CN105611079A (en) * | 2016-02-02 | 2016-05-25 | 广州市久邦数码科技有限公司 | Fast charging method and system |
| CN105808286A (en) * | 2016-02-04 | 2016-07-27 | 上海卓易科技股份有限公司 | Background program removal method and electronic device |
-
2016
- 2016-07-29 CN CN201610617791.1A patent/CN106254333A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102646173A (en) * | 2012-02-29 | 2012-08-22 | 成都新云软件有限公司 | Safety protection control method and system based on white and black lists |
| CN105247830A (en) * | 2013-03-29 | 2016-01-13 | 思杰系统有限公司 | Providing mobile device management functionalities |
| CN105468409A (en) * | 2015-11-20 | 2016-04-06 | 北京金山安全软件有限公司 | Application program closing method and device and electronic equipment |
| CN105611079A (en) * | 2016-02-02 | 2016-05-25 | 广州市久邦数码科技有限公司 | Fast charging method and system |
| CN105808286A (en) * | 2016-02-04 | 2016-07-27 | 上海卓易科技股份有限公司 | Background program removal method and electronic device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107256162A (en) * | 2017-06-13 | 2017-10-17 | 时瑞科技(深圳)有限公司 | Based on Windows visual characteristics and personalized desktop management method |
| CN110830478A (en) * | 2019-11-12 | 2020-02-21 | 福州汇思博信息技术有限公司 | Method, system, equipment and medium for multi-process network distribution |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10764290B2 (en) | Governed access to RPA bots | |
| US9210175B2 (en) | Internet access authorization and regulation systems and methods for controlled environment of an institutional facility | |
| CN105247531B (en) | Managed browser is provided | |
| CN107111702B (en) | Access blocking for data loss prevention in a collaborative environment | |
| US9225704B1 (en) | Unified management of third-party accounts | |
| US10270781B2 (en) | Techniques for data security in a multi-tenant environment | |
| US9231818B2 (en) | Functionality management via application modification | |
| US7783652B2 (en) | Keeping offensive content out of default view on a website | |
| CN105592052B (en) | A kind of firewall rule configuration method and device | |
| US10560435B2 (en) | Enforcing restrictions on third-party accounts | |
| Yusop et al. | Analysis of insiders attack mitigation strategies | |
| CN104769908A (en) | LDAP-based multi-tenant in-cloud identity management system | |
| US11507696B2 (en) | Restricting plug-in application recipes | |
| US20160127378A1 (en) | Internet access authorization and regulation systems and methods for controlled environment of an institutional facility | |
| CN110073335A (en) | Management application program coexists and multiple user equipment management | |
| CN1953454A (en) | A safe audit method based on role management and system thereof | |
| CN106254333A (en) | A kind of safety desktop management method and device | |
| JP2018013875A (en) | Access management system | |
| US9754119B1 (en) | Containerized security for managed content | |
| US11711360B2 (en) | Expedited authorization and access management | |
| US20230135054A1 (en) | System and Methods for Agentless Managed Device Identification as Part of Setting a Security Policy for a Device | |
| Kuyumdzhiev | Controls mitigating the risk of confidential information disclosure by Facebook: essential concern in auditing information security | |
| DE102022132069A1 (en) | SERVER SUPPORTING SECURITY ACCESS OF A USER'S TERMINAL AND CONTROL METHOD THEREOF | |
| Gkioulos et al. | Enhancing usage control for performance: An architecture for systems of systems | |
| He | Recommending privacy settings for IoT |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161221 |
|
| RJ01 | Rejection of invention patent application after publication |