CN106302498A - 一种基于登录参数的数据库准入防火墙系统 - Google Patents
一种基于登录参数的数据库准入防火墙系统 Download PDFInfo
- Publication number
- CN106302498A CN106302498A CN201610733850.1A CN201610733850A CN106302498A CN 106302498 A CN106302498 A CN 106302498A CN 201610733850 A CN201610733850 A CN 201610733850A CN 106302498 A CN106302498 A CN 106302498A
- Authority
- CN
- China
- Prior art keywords
- access
- data base
- module
- rule
- login parameters
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000011282 treatment Methods 0.000 claims abstract description 21
- 238000000034 method Methods 0.000 claims description 17
- 238000001914 filtration Methods 0.000 claims description 7
- 230000000903 blocking effect Effects 0.000 claims description 6
- 238000002372 labelling Methods 0.000 claims description 4
- 239000000284 extract Substances 0.000 claims description 3
- 230000005484 gravity Effects 0.000 claims description 3
- 238000003780 insertion Methods 0.000 claims 1
- 230000037431 insertion Effects 0.000 claims 1
- 230000008878 coupling Effects 0.000 abstract description 4
- 238000010168 coupling process Methods 0.000 abstract description 4
- 238000005859 coupling reaction Methods 0.000 abstract description 4
- 238000009472 formulation Methods 0.000 abstract description 3
- 239000000203 mixture Substances 0.000 abstract description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
用户 | 源主机名称 | 源用户名称 | 访问工具 | 数据库账号名称 |
A | A-Hostname | A-User | Sqlplus | Normal |
B | B-Hostname | B-User | ODBC | System |
用户 | 源主机名称 | 源用户名称 | 访问工具 | 数据库账号名称 |
A | A-Hostname | A-User | Sqlplus | System |
B | B-Hostname | B-User | Hack-DB | System |
Claims (7)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610733850.1A CN106302498B (zh) | 2016-08-25 | 2016-08-25 | 一种基于登录参数的数据库准入防火墙系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610733850.1A CN106302498B (zh) | 2016-08-25 | 2016-08-25 | 一种基于登录参数的数据库准入防火墙系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106302498A true CN106302498A (zh) | 2017-01-04 |
CN106302498B CN106302498B (zh) | 2019-05-14 |
Family
ID=57676697
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610733850.1A Active CN106302498B (zh) | 2016-08-25 | 2016-08-25 | 一种基于登录参数的数据库准入防火墙系统 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106302498B (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483461A (zh) * | 2017-08-30 | 2017-12-15 | 北京奇安信科技有限公司 | 一种nat环境下的终端准入控制方法及装置 |
CN108629201A (zh) * | 2018-04-24 | 2018-10-09 | 山东华软金盾软件股份有限公司 | 一种对数据库非法操作进行阻断的方法 |
CN111625857A (zh) * | 2020-04-17 | 2020-09-04 | 中国建设银行股份有限公司 | 基于oracle数据库的登录监控方法、系统、设备和存储介质 |
CN112115504A (zh) * | 2020-06-29 | 2020-12-22 | 上海金融期货信息技术有限公司 | 一种基于tds协议的数据库访问方法和系统 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7240212B2 (en) * | 2003-02-18 | 2007-07-03 | Ubs Painewebber, Inc. | Method and system for secure alert messaging |
CN101030242A (zh) * | 2007-02-12 | 2007-09-05 | 深圳市迈科龙电子有限公司 | 一种控制数据库安全访问的方法 |
WO2009007985A2 (en) * | 2007-07-06 | 2009-01-15 | Elitecore Technologies Limited | Identity and policy-based network security and management system and method |
CN101901219A (zh) * | 2009-05-27 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | 数据库注入攻击检测方法及系统 |
CN103581363A (zh) * | 2013-11-29 | 2014-02-12 | 杜跃进 | 对恶意域名和非法访问的控制方法及装置 |
CN104636675A (zh) * | 2013-11-08 | 2015-05-20 | 苏州慧盾信息安全科技有限公司 | 一种数据库提供安全防护的系统和方法 |
-
2016
- 2016-08-25 CN CN201610733850.1A patent/CN106302498B/zh active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7240212B2 (en) * | 2003-02-18 | 2007-07-03 | Ubs Painewebber, Inc. | Method and system for secure alert messaging |
CN101030242A (zh) * | 2007-02-12 | 2007-09-05 | 深圳市迈科龙电子有限公司 | 一种控制数据库安全访问的方法 |
WO2009007985A2 (en) * | 2007-07-06 | 2009-01-15 | Elitecore Technologies Limited | Identity and policy-based network security and management system and method |
CN101901219A (zh) * | 2009-05-27 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | 数据库注入攻击检测方法及系统 |
CN104636675A (zh) * | 2013-11-08 | 2015-05-20 | 苏州慧盾信息安全科技有限公司 | 一种数据库提供安全防护的系统和方法 |
CN103581363A (zh) * | 2013-11-29 | 2014-02-12 | 杜跃进 | 对恶意域名和非法访问的控制方法及装置 |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483461A (zh) * | 2017-08-30 | 2017-12-15 | 北京奇安信科技有限公司 | 一种nat环境下的终端准入控制方法及装置 |
CN107483461B (zh) * | 2017-08-30 | 2020-06-12 | 奇安信科技集团股份有限公司 | 一种nat环境下的终端准入控制方法及装置 |
CN108629201A (zh) * | 2018-04-24 | 2018-10-09 | 山东华软金盾软件股份有限公司 | 一种对数据库非法操作进行阻断的方法 |
CN111625857A (zh) * | 2020-04-17 | 2020-09-04 | 中国建设银行股份有限公司 | 基于oracle数据库的登录监控方法、系统、设备和存储介质 |
CN112115504A (zh) * | 2020-06-29 | 2020-12-22 | 上海金融期货信息技术有限公司 | 一种基于tds协议的数据库访问方法和系统 |
Also Published As
Publication number | Publication date |
---|---|
CN106302498B (zh) | 2019-05-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104166812B (zh) | 一种基于独立授权的数据库安全访问控制方法 | |
CN103179130B (zh) | 一种信息系统内网安全统一管理平台及管理方法 | |
CN105656903B (zh) | 一种Hive平台的用户安全管理系统及应用 | |
CN102722667A (zh) | 基于虚拟数据库和虚拟补丁的数据库安全防护系统和方法 | |
CN106302498A (zh) | 一种基于登录参数的数据库准入防火墙系统 | |
CN104796261A (zh) | 一种网络终端节点的安全接入管控系统及方法 | |
CN106657011A (zh) | 一种业务服务器授权安全访问方法 | |
CN106992984A (zh) | 一种基于电力采集网的移动终端安全接入信息内网的方法 | |
CN102333090A (zh) | 一种内控堡垒主机及安全访问内网资源的方法 | |
CN102195991A (zh) | 一种终端安全管理、认证方法及系统 | |
CN104185181A (zh) | 一种基于iptables的WiFi用户接入控制方法 | |
CN103413202B (zh) | 一种应用于运维审计系统的自动收集授权关系的方法 | |
CN103188336A (zh) | 一种基于虚拟桌面的运维管理方法 | |
CN108629201A (zh) | 一种对数据库非法操作进行阻断的方法 | |
CN101599977B (zh) | 网络业务的管理方法和系统 | |
CN109617875A (zh) | 一种终端通信网的安全接入平台及其实现方法 | |
CN206962850U (zh) | 电力信息网的安全防护系统及电力信息系统 | |
CN102055748B (zh) | 电子公告板管理方法和系统 | |
CN107196976B (zh) | 一种基于视频协议的审计网关及其方法和系统 | |
Xu et al. | Network security | |
CN109150853A (zh) | 基于角色访问控制的入侵检测系统及方法 | |
CN105978879B (zh) | 网络通道安全管理系统 | |
CN109600395A (zh) | 一种终端网络接入控制系统的装置及实现方法 | |
CN204697072U (zh) | 一种网络终端节点的安全接入管控系统 | |
CN107104953A (zh) | 一种双网安全系统以及提升数据安全性的方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220424 Address after: 310012 rooms 403, 405, 407, 409 and 411, North floor, building 5, No. 90, Wensan Road, Xihu District, Hangzhou, Zhejiang Patentee after: HANGZHOU PALLADIUM NETWORKING TECHNOLOGY CO.,LTD. Address before: 310012 Room 403 and 405, North floor, building 5, No. 90, Wensan Road, Xixi street, Xihu District, Hangzhou City, Zhejiang Province Patentee before: HANGZHOU LEADSINO INFORMATION TECHNOLOGY CO.,LTD. |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Database Access Firewall System Based on Login Parameters Granted publication date: 20190514 Pledgee: China Merchants Bank Co.,Ltd. Hangzhou Branch Pledgor: HANGZHOU PALLADIUM NETWORKING TECHNOLOGY CO.,LTD. Registration number: Y2024980012501 |