CN106254387A - A kind of method improving Samba server security - Google Patents

A kind of method improving Samba server security Download PDF

Info

Publication number
CN106254387A
CN106254387A CN201610833954.XA CN201610833954A CN106254387A CN 106254387 A CN106254387 A CN 106254387A CN 201610833954 A CN201610833954 A CN 201610833954A CN 106254387 A CN106254387 A CN 106254387A
Authority
CN
China
Prior art keywords
samba server
safety management
information
user
management end
Prior art date
Application number
CN201610833954.XA
Other languages
Chinese (zh)
Inventor
王永坤
Original Assignee
郑州云海信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 郑州云海信息技术有限公司 filed Critical 郑州云海信息技术有限公司
Priority to CN201610833954.XA priority Critical patent/CN106254387A/en
Publication of CN106254387A publication Critical patent/CN106254387A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0815Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications

Abstract

The invention discloses a kind of method improving Samba server security, including intercepting acquisition device;User side, Samba server and the safety management end being connected with this interception acquisition device, wherein the safety raising process of Samba server is: by intercepting the landing request information obtaining user side, then the user profile in log-on message is sent to safety management end, manager obtains the user profile of user by safety management end, then manager's discriminative information whether consenting user end logs in by is fed back by safety management end, if agreed to, then authorized user accesses Samba server.This is a kind of improves the method for Samba server security compared with prior art, is effectively improved the safety of Samba server, practical, applied widely, it is easy to promote.

Description

A kind of method improving Samba server security

Technical field

The present invention relates to computer information safety technique field, a kind of practical, raising Samba service The method of device safety.

Background technology

Along with the high speed development of information technology, the level of informatization is more and more higher, information products and information service for enterprise, Family and individual are the most indispensable, and information technology has become support economic activity and the basis of life, and substantial amounts of information resources are led to Crossing network to be transmitted, information security the most increasingly receives significant attention simultaneously, particularly relates to the safety of Samba server, Samba is the software realizing SMB agreement on Linux and unix system, is made up of server and client-side program, Samba not only can share resource with LAN main frame, moreover it is possible to shares resource with global computer.Every soft by Samba Part realizes the server of resource-sharing and is just properly termed as Samba server.

Samba server is in order to realize the opening of the Internet the most greatly, and generally, user only needs Wanting user to input account and corresponding password, after being then passed through the machine authentication of computer, user just can be accessed by client Samba server, but relying solely on computer checking username and password is that user meets access in corresponding indicating that The condition of Samba server, such checking is not sufficient to ensure that information resourse security, so makes Samba service utensil There is serious potential safety hazard.Therefore, how to be effectively improved the safety of Samba server, be that computer realm technical staff is anxious The problem that need to solve, for the problems referred to above, the present invention devises a kind of method improving Samba server security.

Summary of the invention

The technical assignment of the present invention is for above weak point, it is provided that a kind of practical, raising Samba server peace Full method.

A kind of method improving Samba server security, including intercepting acquisition device;It is connected with this interception acquisition device User side, Samba server and safety management end, wherein Samba server safety improve process be:

Intercept acquisition device and intercept the landing request information obtaining user side access Samba server;

Intercept acquisition device and send the user profile included in landing request information to safety management end;

The information received is made decisions by safety management end, then is received, by intercepting acquisition device, the judgement that safety management end feeds back Information;

Judge whether discriminative information meets to preset and log in authorising conditional;

If discriminative information meets to preset logs in authorising conditional, then authorized user's end accesses Samba server;

If discriminative information does not meets to preset logs in authorising conditional, then forbid that user side accesses Samba server.

Described interception acquisition device is a software module, and itself and Samba server are bound, maybe this interception acquisition device It is integrated in Samba server.

Described user profile includes: when user side accesses Samba server, the user account inputted matches with account Login password and describe information.

Sending the user profile included in landing request information to the process of safety management end is: first in safety management Prestore in end communication information, and the user profile included in landing request information is sent to by the communication information prestored according to this Safety management end.

The described communication information prestored includes telephone number and/or email address, corresponding, intercepts acquisition device and sends Relevant information to the detailed process of safety management end is: according to telephone number and/or the email address of safety management end, by electricity User profile included in landing request information is sent to safety management end by the mode of words and/or note and/or mail.

The discriminative information intercepting acquisition device reception safety management end feedback refers to that receiving safety management end is fed back The note comprising discriminative information or mail.

Described safety management end judges to draw discriminative information by manager, particularly as follows: safety management end obtains user's letter After breath, by user account or description information, manager judges whether this user can log in this Samba server, then manage Member's discriminative information whether consenting user logs in by feeds back by safety management terminal, if agreement, then authorized user's end Accessing Samba server, if disagreed, then forbidding that user side accesses Samba server.

After user profile included in transmission landing request information is to safety management end, intercepts acquisition device and also use In judging in default time range, if receive the discriminative information of the feedback of safety management end, if receiving and adjudicating Information meets presets login authorising conditional, then authorized user's end accesses Samba server;Do not receive or receive safety management The discriminative information of the feedback of end does not meets to preset and logs in authorising conditional, then forbid that user side accesses Samba server.

Described default login authorising conditional is character set in advance or other checking information.

A kind of method improving Samba server security of the present invention, has the advantage that

A kind of method improving Samba server security of the present invention, solves Samba server security in prior art not enough Problem, be effectively improved the safety of Samba server, it is ensured that log-on message safe and reliable, practical, the scope of application Extensively, it is easy to promote.

Accompanying drawing explanation

What accompanying drawing 1 was the present invention realizes Organization Chart.

Detailed description of the invention

Below in conjunction with the accompanying drawings and specific embodiment the invention will be further described.

As shown in Figure 1, the present invention proposes the present invention and proposes a kind of method improving Samba server security, including blocking Cut acquisition device;User side, Samba server and the safety management end being connected with this interception acquisition device, wherein Samba clothes The safety of business device improves process: by intercepting the landing request information of user side, then the user in log-on message believed Breath is sent to safety management end, and manager obtains user profile by safety management end, and then manager will whether consenting user The discriminative information logged in is fed back by safety management terminal, if agreed to, then authorized user's end accesses Samba server, If disagreed, then forbid that user side accesses Samba server, when therefore user is logged in by user side, be required for pipe every time The manual verification of reason person also decides whether to authorize, and whether manager can meet the requirements with the log-on message of real-time judge user, because of This improves the safety of Samba server.

Comprise the following steps:

Step1: intercept the landing request information obtaining user side access Samba server.One interception acquisition device can be set, Carry out intercepting the login of acquisition user by intercepting acquisition device when user side accesses the landing request information of Samba server Information.Wherein, intercept acquisition device and Samba server is bound, it is also possible to this interception acquisition device is integrated in In Samba server.

Step2: send the user profile included in landing request information to safety management end.Intercept acquisition device or collection Become to have the Samba server of this interception acquisition device that user profile is sent to safety management end, wherein send logging request letter User profile included in breath includes to safety management end: according to being pre-stored in the communication information of safety management end, such as phone or Person's mail, is sent to safety management end by the user profile included in landing request information.

Wherein user profile includes: when user side accesses Samba server, the user account inputted and stepping on of matching Record password and the information of description, therefore, by user account or description information, manager can judge whether this user can step on Record this Samba server, for computer is verified, increase manual verification and can improve Samba server further Safety.

Wherein can with simultaneously by multiple communication channels such as phone, note, mail, voice or other modes to safety management End sends user profile, to ensure the use that manager can obtain the logging request of user side in time and this user side is used The user profile such as the account at family and password, with avoid making owing to single communication channels breaks down safety management end cannot and Time receive the situation of user's logging request and occur, protect manager and can make discriminative information as early as possible, improve work efficiency.

It addition, the equipment of safety management end can be mobile phone, computer or other manager can be made to obtain user profile And carry out the communication apparatus fed back, specifically depend on the circumstances.

Step3: receive the discriminative information of safety management end feedback.Intercept acquisition device or be integrated with this interception acquisition device Samba server receive the discriminative informations such as the note comprising discriminative information that fed back of safety management end or mail. Wherein it is possible to the discriminative information that only certification receives first, it is to avoid repeatedly judge after receiving repetition discriminative information, reduce Intercept acquisition device or be integrated with the work load of the Samba server intercepting acquisition device, improve work efficiency.

Step4: judge whether discriminative information meets to preset and log in authorising conditional;Award if discriminative information meets default login Power condition, then authorized user's end end accesses Samba server;If discriminative information does not meets to preset logs in authorising conditional, then forbid User side accesses Samba server.In being embodied as, when receiving the discriminative information fed back from safety management end it is During "Yes", then authorized user's terminal access Samba server;When receiving the discriminative information fed back from safety management end During for "No", then forbid user terminal access Samba server.It addition, the login authorising conditional preset can be to preset Character or other checking information, this is not limited by this embodiment.

More specifically, the present invention to realize process as described below:

Intercept acquisition device and intercept the landing request information obtaining user side access Samba server;

Intercept acquisition device and send the user profile included in landing request information to safety management end;

Intercept acquisition device and receive the discriminative information of safety management end feedback;

Judge whether discriminative information meets to preset and log in authorising conditional;

If discriminative information meets to preset logs in authorising conditional, then authorized user's end accesses Samba server;

If discriminative information does not meets to preset logs in authorising conditional, then forbid that user side accesses Samba server.

Send the user profile included in landing request information to include to safety management end: according to the described safety prestored The communication information of management end, is sent to safety management end by the user profile included in landing request information.

The communication information of the safety management end prestored includes: the telephone number of the safety management end prestored and/or mailbox ground Location.

User profile includes: when user side accesses Samba server, what the user account inputted and account matched steps on Record password and the information of description.

Send the user profile included in landing request information to include to safety management end: according to the electricity of safety management end Words number and/or email address, send out the user profile included in landing request information by the way of note and/or mail Give safety management end.

The discriminative information receiving safety management end feedback includes: what reception safety management end was fed back comprises judgement letter The note of breath or mail.

After user profile included in transmission landing request information is to safety management end, also include: judge in advance If time range in, if receive the feedback information of safety management end;If it is not, then forbid that user side accesses Samba service Device.

After user profile included in transmission landing request information is to safety management end, also include: judge in advance If time range in, the discriminative information of the feedback receiving safety management end meet preset log in authorising conditional, then authorize use Family end accesses Samba server;The discriminative information of the feedback receiving safety management end does not meets to preset and logs in authorising conditional, then Forbid that user side accesses Samba server.

In sum, a kind of method improving Samba Server Security provided by the present invention, use by intercepting to obtain The landing request information of family end, is then sent to safety management end by the user profile in log-on message, and manager passes through safety Management end obtains the user profile of user, and then manager's discriminative information whether consenting user end logs in by passes through safety management End feeds back, if agreed to, then authorized user accesses Samba server, if disagreed, then forbids that user accesses Samba Server.

Above-mentioned detailed description of the invention is only the concrete case of the present invention, and the scope of patent protection of the present invention includes but not limited to Above-mentioned detailed description of the invention, claims of a kind of method improving Samba server security of any present invention of meeting And the those of ordinary skill of any described technical field suitably change that it is done or replace, all should fall into the patent of the present invention Protection domain.

Claims (9)

1. the method improving Samba server security, it is characterised in that include intercepting acquisition device;Obtain with this interception User side, Samba server and the safety management end that device is connected, wherein the safety raising process of Samba server is:
Intercept acquisition device and intercept the landing request information obtaining user side access Samba server;
Intercept acquisition device and send the user profile included in landing request information to safety management end;
The information received is made decisions by safety management end, then is received, by intercepting acquisition device, the judgement that safety management end feeds back Information;
Judge whether discriminative information meets to preset and log in authorising conditional;
If discriminative information meets to preset logs in authorising conditional, then authorized user's end accesses Samba server;
If discriminative information does not meets to preset logs in authorising conditional, then forbid that user side accesses Samba server.
A kind of method improving Samba server security the most according to claim 1, it is characterised in that described interception obtains Fetching is set to a software module, and itself and Samba server are bound, and maybe this interception acquisition device is integrated in Samba server In.
A kind of method improving Samba server security the most according to claim 2, it is characterised in that described user believes Breath includes: when user side accesses Samba server, login password that the user account inputted and account match and description Information.
A kind of method improving Samba server security the most according to claim 2, it is characterised in that send to log in and ask The user profile included in information is asked to the process of safety management end to be: first prestore in safety management end communication information, The communication information prestored according to this, is sent to safety management end by the user profile included in landing request information.
A kind of method improving Samba server security the most according to claim 4, it is characterised in that described in prestore Communication information includes telephone number and/or email address, corresponding, intercepts acquisition device and sends relevant information to safety management The detailed process of end is: according to telephone number and/or the email address of safety management end, by phone and/or note and/or postal User profile included in landing request information is sent to safety management end by the mode of part.
A kind of method improving Samba server security the most according to claim 5, it is characterised in that intercept and obtain dress The discriminative information putting reception safety management end feedback refers to receive the electricity comprising discriminative information that safety management end is fed back Words or note or mail.
A kind of method improving Samba server security the most according to claim 2, it is characterised in that described bursting tube Reason end judges to draw discriminative information by manager, particularly as follows: after safety management end obtains user profile, manager passes through user Account or description information judge whether this user can log in this Samba server, and then manager will whether consenting user be stepped on The discriminative information of record is fed back by safety management terminal, if agreed to, then authorized user's end accesses Samba server, as Fruit disagrees, then forbid that user side accesses Samba server.
A kind of method improving Samba server security the most according to claim 2, it is characterised in that log in sending After user profile included in solicited message is to safety management end, intercepts acquisition device and be additionally operable to judge the time default In the range of, if receive the discriminative information of the feedback of safety management end, if receiving and discriminative information meets default login and awards Power condition, then authorized user's end accesses Samba server;Do not receive or receive the discriminative information of the feedback of safety management end Do not meet to preset and log in authorising conditional, then forbid that user side accesses Samba server.
A kind of method improving Samba server security the most according to claim 8, it is characterised in that described default Logging in authorising conditional is character set in advance or other checking information.
CN201610833954.XA 2016-09-20 2016-09-20 A kind of method improving Samba server security CN106254387A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610833954.XA CN106254387A (en) 2016-09-20 2016-09-20 A kind of method improving Samba server security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610833954.XA CN106254387A (en) 2016-09-20 2016-09-20 A kind of method improving Samba server security

Publications (1)

Publication Number Publication Date
CN106254387A true CN106254387A (en) 2016-12-21

Family

ID=57599878

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610833954.XA CN106254387A (en) 2016-09-20 2016-09-20 A kind of method improving Samba server security

Country Status (1)

Country Link
CN (1) CN106254387A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107370765A (en) * 2017-09-06 2017-11-21 郑州云海信息技术有限公司 A kind of ftp server identity identifying method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090100040A1 (en) * 2007-04-03 2009-04-16 Scott Sheppard Lawful interception of broadband data traffic
CN103299594A (en) * 2010-07-21 2013-09-11 思杰系统有限公司 Systems and methods for an extensible authentication framework
CN104348780A (en) * 2013-07-26 2015-02-11 中国移动通信集团四川有限公司 Login method and system thereof
CN104486325A (en) * 2014-12-10 2015-04-01 上海爱数软件有限公司 Safe login certification method based on RESTful
CN105721439A (en) * 2016-01-20 2016-06-29 浪潮(北京)电子信息产业有限公司 Method of improving safety performance of FTP server

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090100040A1 (en) * 2007-04-03 2009-04-16 Scott Sheppard Lawful interception of broadband data traffic
CN103299594A (en) * 2010-07-21 2013-09-11 思杰系统有限公司 Systems and methods for an extensible authentication framework
CN104348780A (en) * 2013-07-26 2015-02-11 中国移动通信集团四川有限公司 Login method and system thereof
CN104486325A (en) * 2014-12-10 2015-04-01 上海爱数软件有限公司 Safe login certification method based on RESTful
CN105721439A (en) * 2016-01-20 2016-06-29 浪潮(北京)电子信息产业有限公司 Method of improving safety performance of FTP server

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107370765A (en) * 2017-09-06 2017-11-21 郑州云海信息技术有限公司 A kind of ftp server identity identifying method and system

Similar Documents

Publication Publication Date Title
KR101195651B1 (en) System and method for authenticating remote server access
US7987495B2 (en) System and method for multi-context policy management
US7774824B2 (en) Multifactor device authentication
US10523656B2 (en) Session migration between network policy servers
US7222363B2 (en) Device independent authentication system and method
US8781483B2 (en) Controlling access to private access points for wireless networking
US8424072B2 (en) Behavior-based security system
US8209749B2 (en) Uninterrupted virtual private network (VPN) connection service with dynamic policy enforcement
US20060075472A1 (en) System and method for enhanced network client security
EP3454522A1 (en) Dynamically generating perimeters
US8769639B2 (en) History-based downgraded network identification
US20020112186A1 (en) Authentication and authorization for access to remote production devices
CA2849763A1 (en) Managing mobile device applications
CN102843682B (en) Access point authorizing method, device and system
CN102821085B (en) Third party authorizes login method, open platform and system
US8989159B2 (en) System and method managing hotspot network access of a plurality of devices
GB2523710A (en) Multi-factor authentication and comprehensive login system for client-server networks
DK2359290T3 (en) Procedure and system for protection against identity theft or replication abuse
US20100197293A1 (en) Remote computer access authentication using a mobile device
WO2012136083A1 (en) System and method for accessing third-party applications based on cloud platform
US9161226B2 (en) Associating services to perimeters
WO2013044086A1 (en) Managing mobile device applications on a mobile device
EP2779529A1 (en) Method and device for controlling resources
CN105074713A (en) Systems and methods for identifying a secure application when connecting to a network
CN101087193A (en) New method for using the mobile number bond with account for identity identification

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination