CN106302498B - 一种基于登录参数的数据库准入防火墙系统 - Google Patents
一种基于登录参数的数据库准入防火墙系统 Download PDFInfo
- Publication number
- CN106302498B CN106302498B CN201610733850.1A CN201610733850A CN106302498B CN 106302498 B CN106302498 B CN 106302498B CN 201610733850 A CN201610733850 A CN 201610733850A CN 106302498 B CN106302498 B CN 106302498B
- Authority
- CN
- China
- Prior art keywords
- access
- database
- rule
- module
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 claims abstract description 34
- 230000000903 blocking effect Effects 0.000 claims description 16
- 238000012545 processing Methods 0.000 claims description 11
- 238000001914 filtration Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000006798 recombination Effects 0.000 claims description 3
- 238000005215 recombination Methods 0.000 claims description 3
- 239000012141 concentrate Substances 0.000 claims 1
- 206010022000 influenza Diseases 0.000 claims 1
- 238000003780 insertion Methods 0.000 claims 1
- 230000037431 insertion Effects 0.000 claims 1
- 230000001960 triggered effect Effects 0.000 claims 1
- 238000009472 formulation Methods 0.000 abstract description 3
- 239000000203 mixture Substances 0.000 abstract description 3
- 239000000284 extract Substances 0.000 description 2
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
用户 | 源主机名称 | 源用户名称 | 访问工具 | 数据库账号名称 |
A | A-Hostname | A-User | Sqlplus | Normal |
B | B-Hostname | B-User | ODBC | System |
用户 | 源主机名称 | 源用户名称 | 访问工具 | 数据库账号名称 |
A | A-Hostname | A-User | Sqlplus | System |
B | B-Hostname | B-User | Hack-DB | System |
Claims (6)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610733850.1A CN106302498B (zh) | 2016-08-25 | 2016-08-25 | 一种基于登录参数的数据库准入防火墙系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610733850.1A CN106302498B (zh) | 2016-08-25 | 2016-08-25 | 一种基于登录参数的数据库准入防火墙系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106302498A CN106302498A (zh) | 2017-01-04 |
CN106302498B true CN106302498B (zh) | 2019-05-14 |
Family
ID=57676697
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610733850.1A Active CN106302498B (zh) | 2016-08-25 | 2016-08-25 | 一种基于登录参数的数据库准入防火墙系统 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106302498B (zh) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483461B (zh) * | 2017-08-30 | 2020-06-12 | 奇安信科技集团股份有限公司 | 一种nat环境下的终端准入控制方法及装置 |
CN108629201A (zh) * | 2018-04-24 | 2018-10-09 | 山东华软金盾软件股份有限公司 | 一种对数据库非法操作进行阻断的方法 |
CN111625857A (zh) * | 2020-04-17 | 2020-09-04 | 中国建设银行股份有限公司 | 基于oracle数据库的登录监控方法、系统、设备和存储介质 |
CN112115504A (zh) * | 2020-06-29 | 2020-12-22 | 上海金融期货信息技术有限公司 | 一种基于tds协议的数据库访问方法和系统 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7240212B2 (en) * | 2003-02-18 | 2007-07-03 | Ubs Painewebber, Inc. | Method and system for secure alert messaging |
CN101030242A (zh) * | 2007-02-12 | 2007-09-05 | 深圳市迈科龙电子有限公司 | 一种控制数据库安全访问的方法 |
WO2009007985A2 (en) * | 2007-07-06 | 2009-01-15 | Elitecore Technologies Limited | Identity and policy-based network security and management system and method |
CN101901219A (zh) * | 2009-05-27 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | 数据库注入攻击检测方法及系统 |
CN103581363A (zh) * | 2013-11-29 | 2014-02-12 | 杜跃进 | 对恶意域名和非法访问的控制方法及装置 |
CN104636675A (zh) * | 2013-11-08 | 2015-05-20 | 苏州慧盾信息安全科技有限公司 | 一种数据库提供安全防护的系统和方法 |
-
2016
- 2016-08-25 CN CN201610733850.1A patent/CN106302498B/zh active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7240212B2 (en) * | 2003-02-18 | 2007-07-03 | Ubs Painewebber, Inc. | Method and system for secure alert messaging |
CN101030242A (zh) * | 2007-02-12 | 2007-09-05 | 深圳市迈科龙电子有限公司 | 一种控制数据库安全访问的方法 |
WO2009007985A2 (en) * | 2007-07-06 | 2009-01-15 | Elitecore Technologies Limited | Identity and policy-based network security and management system and method |
CN101901219A (zh) * | 2009-05-27 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | 数据库注入攻击检测方法及系统 |
CN104636675A (zh) * | 2013-11-08 | 2015-05-20 | 苏州慧盾信息安全科技有限公司 | 一种数据库提供安全防护的系统和方法 |
CN103581363A (zh) * | 2013-11-29 | 2014-02-12 | 杜跃进 | 对恶意域名和非法访问的控制方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN106302498A (zh) | 2017-01-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104166812B (zh) | 一种基于独立授权的数据库安全访问控制方法 | |
CN106302498B (zh) | 一种基于登录参数的数据库准入防火墙系统 | |
US8880893B2 (en) | Enterprise information asset protection through insider attack specification, monitoring and mitigation | |
CN105656903A (zh) | 一种Hive平台的用户安全管理系统及应用 | |
CN103179130B (zh) | 一种信息系统内网安全统一管理平台及管理方法 | |
CN102722667A (zh) | 基于虚拟数据库和虚拟补丁的数据库安全防护系统和方法 | |
CN107395570A (zh) | 基于大数据管理分析的云平台审计系统 | |
CN106657011A (zh) | 一种业务服务器授权安全访问方法 | |
CN103413202B (zh) | 一种应用于运维审计系统的自动收集授权关系的方法 | |
CN107566363A (zh) | 一种基于机器学习的sql注入攻击防护方法 | |
CN101599977B (zh) | 网络业务的管理方法和系统 | |
CN108629201A (zh) | 一种对数据库非法操作进行阻断的方法 | |
CN105516091A (zh) | 一种基于sdn控制器的安全流过滤器及过滤方法 | |
CN109617875A (zh) | 一种终端通信网的安全接入平台及其实现方法 | |
CN107070951A (zh) | 一种内网安全防护系统和方法 | |
CN109510841A (zh) | 一种控制装置及系统的安全隔离网关 | |
Panguluri et al. | Protecting water and wastewater infrastructure from cyber attacks | |
CN106302518A (zh) | 一种软硬件结合的网络防火墙 | |
CN109995720A (zh) | 异构设备集中管理方法、装置、系统、设备及介质 | |
CN114157457A (zh) | 一种网络数据信息安全用的权限申请及监控方法 | |
CN206962850U (zh) | 电力信息网的安全防护系统及电力信息系统 | |
CN1953454A (zh) | 基于角色管理的安全审计方法及系统 | |
CN117061556B (zh) | 一种电力监控系统远程运维安全保护装置 | |
CN108243040A (zh) | 一种云计算的身份认证和访问管理安全服务的实现架构 | |
Tzokatziou et al. | Exploiting SCADA vulnerabilities using a human interface device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220424 Address after: 310012 rooms 403, 405, 407, 409 and 411, North floor, building 5, No. 90, Wensan Road, Xihu District, Hangzhou, Zhejiang Patentee after: HANGZHOU PALLADIUM NETWORKING TECHNOLOGY CO.,LTD. Address before: 310012 Room 403 and 405, North floor, building 5, No. 90, Wensan Road, Xixi street, Xihu District, Hangzhou City, Zhejiang Province Patentee before: HANGZHOU LEADSINO INFORMATION TECHNOLOGY CO.,LTD. |
|
TR01 | Transfer of patent right | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Database Access Firewall System Based on Login Parameters Granted publication date: 20190514 Pledgee: China Merchants Bank Co.,Ltd. Hangzhou Branch Pledgor: HANGZHOU PALLADIUM NETWORKING TECHNOLOGY CO.,LTD. Registration number: Y2024980012501 |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right |