CN106453309A - Safety audit method and PC (Personal Computer) terminal - Google Patents
Safety audit method and PC (Personal Computer) terminal Download PDFInfo
- Publication number
- CN106453309A CN106453309A CN201610885955.9A CN201610885955A CN106453309A CN 106453309 A CN106453309 A CN 106453309A CN 201610885955 A CN201610885955 A CN 201610885955A CN 106453309 A CN106453309 A CN 106453309A
- Authority
- CN
- China
- Prior art keywords
- request message
- proxy server
- terminal
- socket proxy
- sent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/563—Data redirection of data network streams
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a safety audit method and a PC (Personal Computer) terminal. The method comprises the following steps: redirecting a request message sent by an application in the PC terminal to a SOCKET proxy in the PC terminal through a network redirector in the PC terminal; and performing safety audit on the request message through the SOCKET proxy, and if the request message meets a preset safety audit requirement, sending the request message to a target server. The network redirector can automatically redirect the request message of the application to the SOCKET proxy without a need of adding any component into the application, so that conflicts with safety software in the application are avoided, and normal work of the application is ensured. The SOCKET proxy can receive a complete request message of the application, so that the whole request message is audited and monitored.
Description
Technical field
The present invention relates to technical field of network security, more particularly, to a kind of method of security audit and PC terminal.
Background technology
At present, the network service content on mobile terminal is audited and the method that monitored mainly include HOOK technology and
Local general-purpose proxy technology.HOOK be the one kind providing in Windows in order to replace the system mechanism " interrupting " under DOS, Chinese
It is translated into " hook " or " hook ".SOCKET api interface obtains the application protocol of the arbitrary application program on mobile terminal, utilizes
HOOK technology is audited to described application protocol and is monitored.But, if the message of application protocol than larger when, SOCKET
Api interface only with obtaining a part for the message of described application protocol, is thus difficult with HOOK technology and described application is assisted
The full text of the message of view is audited and is monitored.And, the fail-safe software on application program can be detected to HOOK and be protected,
Easily cause conflict, thus affecting the normal work of application program.
Local general-purpose proxy technology needs to set up an agency service on mobile terminal or destination server, by described
Proxy server is audited to the application protocol of the application program on mobile terminal and is monitored.But, answering on mobile terminal
Need to support described agency service with program, if a certain application program on mobile terminal does not support described agency service,
Can not be audited and be monitored.
Content of the invention
The technical problem to be solved in the present invention is to provide a kind of method of security audit and PC terminal, is not affecting to apply
In the case of the normal work of program, application program is carried out audit and monitor in full.
The technical solution used in the present invention is, the method for described security audit, including:
By the network redirection device in PC terminal, the request message that the application program in described PC terminal sends is reset
To in SOCKET (socket) proxy server in described PC terminal;
Security audit is carried out to described request message by described SOCKET proxy server, if described request message meets presetting
Security audit require, then described request message is sent to destination server.
Further, the application program in described PC terminal is sent by the network redirection device in the described terminal by PC
Request message is redirected in the SOCKET proxy server in described PC terminal, including:
The request message that application program sends is intercepted and captured by described network redirection device, by the former mesh in described request message
Address be revised as the interface IP address of SOCKET proxy server and be sent to described SOCKET proxy server;
Further, the described request message meeting default security audit requirement is sent to by described SOCKET proxy server
Destination server, including:
The interface IP address of the SOCKET proxy server in described request message is reverted to the former destination of described request message
Location, and the former destination address according to described request message, described request message is sent to corresponding destination server.
Further, methods described also includes:
The feedback message that destination server sends is received by described SOCKET proxy server, and described feedback message is carried out
Security audit, if described feedback message meets default security audit requirement, according to the destination address of described feedback message, leads to
Cross described network redirection device and described feedback message is sent to corresponding application program.
The present invention also provides a kind of PC terminal, including:
Network redirection device, the request message for sending the application program in PC terminal is redirected to SOCKET agency
Device;
SOCKET proxy server, for security audit is carried out to described request message, if described request message meet default
Security audit requires, then described request message is sent to destination server.
Further, described network redirection device, specifically for:
Intercept and capture the request message that application program sends, the former destination address in described request message is revised as SOCKET generation
The interface IP address of reason device is simultaneously sent to described SOCKET proxy server.
Further, described SOCKET proxy server, specifically for:
The interface IP address of the SOCKET proxy server in described request message is reverted to the former destination of described request message
Location, and the former destination address according to described request message, described request message is sent to corresponding destination server.
Further, described SOCKET proxy server, is additionally operable to, and receives the feedback message that destination server sends, and right
Described feedback message carries out security audit, if described feedback message meets default security audit requirement, described feedback is disappeared
Breath is sent to network redirection device;
Described network redirection device, is additionally operable to when receiving the feedback message that SOCKET proxy server sends, according to institute
State the destination address of feedback message, described feedback message is sent to corresponding application program.
Using technique scheme, the present invention at least has following advantages:
The method of security audit of the present invention and PC terminal, there is provided a kind of method of transparent security audit, net
Network redirector is redirected to the request message of application program in SOCKET proxy server, and SOCKET proxy server is to request message
Content is audited and is monitored.The request message of application program can be automatically redirected to SOCKET generation by network redirection device
It is not necessary to add any assembly in the application on reason device, clash thus without with the fail-safe software in application program,
Thus ensure that the normal work of application program.SOCKET proxy server can receive the request message of complete application program,
Thus being audited to whole request message and being monitored.
Brief description
Fig. 1 is the flow chart of the method for security audit of first embodiment of the invention;
Fig. 2 is the flow chart of the method for security audit of second embodiment of the invention;
Fig. 3 is the flow chart of the method for security audit of second embodiment of the invention;
Fig. 4 is the composition structural representation of the PC terminal of third embodiment of the invention.
Specific embodiment
For further illustrating that the present invention is to reach technological means and effect that predetermined purpose is taken, below in conjunction with accompanying drawing
And preferred embodiment, after the present invention is described in detail such as.
First embodiment of the invention, a kind of method of security audit, as shown in figure 1, include step in detail below:
Step S101:Request application program in described PC terminal being sent by the network redirection device in PC terminal
Message is redirected in the SOCKET proxy server in described PC terminal.
Specifically, step S101, including:
The request message that application program sends is intercepted and captured by described network redirection device, by the former mesh in described request message
Address be revised as the interface IP address of SOCKET proxy server and be sent to described SOCKET proxy server.Disappeared by changing described request
The former destination address of breath, to stop described request message from being sent to destination server.
Step S102:Security audit is carried out to described request message by described SOCKET proxy server, if described request disappears
Breath meets default security audit requirement, then described request message is sent to destination server.
Specifically, step S102, including:
Step A1:Security audit is carried out to described request message by described SOCKET proxy server, judges described request message
Whether meet default security audit requirement, if so, then execution step A2, if it is not, then stoping described request message from being sent to mesh
Mark server.
Further, described default security audit requires, including:Illegal character, link is not comprised in request message
And content.
Step A2:The interface IP address of the SOCKET proxy server in described request message is reverted to the former of described request message
Destination address, and the former destination address according to described request message, described request message is sent to corresponding destination server.
Further, methods described also includes:
Step B1:The feedback message that destination server sends is received by described SOCKET proxy server.
Step B2:Security audit is carried out to described feedback message by described SOCKET proxy server, judges described feedback message
Whether meet default security audit requirement, if so, then execution step B3, if it is not, then stop described feedback information from being sent to should
Use program.
Step B3:According to the destination address of described feedback message, by network redirection device, described feedback message is sent
To corresponding application program.
Second embodiment of the invention, a kind of method of security audit, including step in detail below:
Step S201:Application program in PC terminal to destination server send request message, described request message former
Destination address is the interface IP address of destination server.
Step S202:TDI (Transport Driver Interface, TDI) driver part is intercepted and captured
Described request message, the former destination address in described request message is revised as the interface IP address of SOCKET proxy server, thus hindering
Only described request message is sent to destination server.Described TDI driver part is equivalent to the network in first embodiment of the invention
Redirector, is all used for for the request message of level of application being redirected to SOCKET proxy server.
Step S203:Amended request message is sent to SOCKET proxy server by TDI driver part.
Specifically, described TDI driver part is by the former destination address of amended request message and described request message
It is sent to SOCKET proxy server;Or,
Described TDI driver part stores to the former destination address of described request message.
Step S204:SOCKET proxy server carries out security audit to described request message, and judges that described request message is
No meet default security audit requirement, if so, then execution step S205, if it is not, then stop be sent to described request message
Destination server.
Specifically, described default security audit requires to include:Illegal character, link and interior is not comprised in request message
Hold.
Step S205:The interface IP address of the SOCKET proxy server in described request message is reverted to institute by SOCKET proxy server
State the former destination address of request message.
Specifically, the former destination of the described request message that SOCKET proxy server sends according to described TDI driver part
Location, the address information on the destination address position of described request message is reverted to described asking by the interface IP address of SOCKET proxy server
Seek the former destination address of message, and described request message is sent to corresponding destination server;Or,
Described SOCKET proxy server sends inquiry request to described TDI driver part, and described TDI driver part is according to described
Inquiry request, searches the former destination address of described request message, and the former destination address of described request message is sent to
SOCKET proxy server, described SOCKET proxy server is by the address information on the destination address position of described request message by SOCKET generation
The interface IP address of reason device reverts to the former destination address of described request message, and described request message is sent to corresponding target
Server.
Step S206:Request message after remodifying is sent to described destination server by SOCKET proxy server.
Further, as shown in figure 3, methods described also includes:
Step S301:The solicited message that destination server sends according to SOCKET proxy server is to described SOCKET proxy server
Send feedback information.
Step S302:Described SOCKET proxy server, to described feedback information row security audit, judges that described feedback information is
No meet default security audit requirement, if so, then execution step S303;If it is not, then stop described feedback information is sent to
Application program.
Step S303:The feedback information meeting default security audit requirement is sent to TDI and drives by SOCKET proxy server
Part.
Step S304:When TDI driver part receives the feedback message that SOCKET proxy server sends, according to described anti-
Described feedback message is sent to corresponding application program in PC terminal by TDI driver part by the destination address of feedback message.
Third embodiment of the invention, a kind of PC device, as shown in figure 4, include consisting of part:
1) network redirection device 401, the request message for sending the application program in PC terminal is redirected to
SOCKET proxy server.
Specifically, network redirection device 401, is used for:
Intercept and capture the request message that application program sends, the former destination address in described request message is revised as SOCKET generation
The interface IP address of reason device is simultaneously sent to described SOCKET proxy server.Network redirection device 401 passes through to change in described request message
Former destination address stoping described request message from being sent to destination server.
2) SOCKET proxy server 402, for carrying out security audit to described request message, if described request message meets in advance
If security audit require, then described request message is sent to destination server.
Specifically, SOCKET proxy server 402, is used for:
The interface IP address of the SOCKET proxy server in described request message is reverted to the former destination of described request message
Location, and the former destination address according to described request message, described request message is sent to corresponding destination server.
Described default security audit requires to include:Illegal character, link and content is not comprised in request message.
Further, network redirection device 401, is additionally operable to:
Receive the feedback message that destination server sends, and security audit is carried out to described feedback message, if described anti-
Feedback message meets default security audit requirement, then described feedback message is sent to network redirection device.
SOCKET proxy server 402, is additionally operable to:
When receiving the feedback message that SOCKET proxy server sends, according to the destination address of described feedback message, will
Described feedback message is sent to corresponding application program.
The method of security audit introduced in the embodiment of the present invention and PC terminal, there is provided a kind of transparent security audit
Method, network redirection device is redirected to the request message of application program in SOCKET proxy server, SOCKET proxy server to please
The content of message is asked to be audited and monitor.The request message of application program can be automatically redirected to by network redirection device
It is not necessary to add any assembly in the application on SOCKET proxy server, thus without with application program in fail-safe software
Clash, thus ensure that the normal work of application program.SOCKET proxy server can receive complete application program
Request message, thus being audited to whole request message and being monitored.
By the explanation of specific embodiment it should to the present invention can be reach the technological means that predetermined purpose taken and
Effect is able to more deeply and specifically understand, but appended diagram is only to provide reference and purposes of discussion, is not used for this
Invention is any limitation as.
Claims (8)
1. a kind of method of security audit is it is characterised in that include:
By the network redirection device in PC terminal, the request message that the application program in described PC terminal sends is redirected to
In SOCKET proxy server in described PC terminal;
Security audit is carried out to described request message by described SOCKET proxy server, if described request message meets default peace
Full audit requirement, then be sent to destination server by described request message.
2. the method for security audit according to claim 1 is it is characterised in that the network in the described terminal by PC resets
To device, the request message that the application program in described PC terminal sends is redirected to the SOCKET proxy server in described PC terminal
In, including:
The request message that application program sends is intercepted and captured by described network redirection device, by the former destination in described request message
Location is revised as the interface IP address of SOCKET proxy server and is sent to described SOCKET proxy server.
3. the method for security audit according to claim 2 is it is characterised in that described SOCKET proxy server is default by meeting
Security audit require described request message be sent to destination server, including:
The interface IP address of the SOCKET proxy server in described request message is reverted to the former destination address of described request message, and
According to the former destination address of described request message, described request message is sent to corresponding destination server.
4. the method for security audit according to claim 1 is it is characterised in that methods described also includes:
The feedback message that destination server sends is received by described SOCKET proxy server, and safety is carried out to described feedback message
Audit, if described feedback message meets default security audit requirement, according to the destination address of described feedback message, by institute
State network redirection device and described feedback message is sent to corresponding application program.
5. a kind of PC terminal is it is characterised in that include:
Network redirection device, the request message for sending the application program in PC terminal is redirected to SOCKET proxy server;
SOCKET proxy server, for carrying out security audit to described request message, if described request message meets default safety
Audit requirement, then be sent to destination server by described request message.
6. PC terminal according to claim 5 is it is characterised in that described network redirection device, specifically for:
Intercept and capture the request message that application program sends, the former destination address in described request message is revised as SOCKET proxy server
Interface IP address and be sent to described SOCKET proxy server.
7. PC terminal according to claim 6 is it is characterised in that described SOCKET proxy server, specifically for:
The interface IP address of the SOCKET proxy server in described request message is reverted to the former destination address of described request message, and
According to the former destination address of described request message, described request message is sent to corresponding destination server.
8. PC terminal according to claim 5, it is characterised in that described SOCKET proxy server, is additionally operable to, and receives target clothes
The feedback message that business device sends, and security audit is carried out to described feedback message, if described feedback message meets default peace
Full audit requirement, then be sent to network redirection device by described feedback message;
Described network redirection device, is additionally operable to when receiving the feedback message that SOCKET proxy server sends, according to described anti-
The destination address of feedback message, described feedback message is sent to corresponding application program.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610885955.9A CN106453309B (en) | 2016-10-11 | 2016-10-11 | Security audit method and PC terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610885955.9A CN106453309B (en) | 2016-10-11 | 2016-10-11 | Security audit method and PC terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106453309A true CN106453309A (en) | 2017-02-22 |
CN106453309B CN106453309B (en) | 2020-04-17 |
Family
ID=58173349
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610885955.9A Active CN106453309B (en) | 2016-10-11 | 2016-10-11 | Security audit method and PC terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106453309B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109218203A (en) * | 2018-09-20 | 2019-01-15 | 上海龙弈信息科技有限公司 | A kind of Financial Management and risk control processing system and its operation method |
CN109672744A (en) * | 2018-12-28 | 2019-04-23 | 中电福富信息科技有限公司 | A kind of image fort machine method and system of user's unaware |
CN109889468A (en) * | 2017-12-06 | 2019-06-14 | 腾讯科技(武汉)有限公司 | Transmission method, system, device, equipment and the storage medium of network data |
CN114338087A (en) * | 2021-12-03 | 2022-04-12 | 成都安恒信息技术有限公司 | Directional operation and maintenance auditing method and system based on firewall |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101043478A (en) * | 2007-04-20 | 2007-09-26 | 北京航空航天大学 | Service gateway and method for realizing message safe process |
CN102469045A (en) * | 2010-11-05 | 2012-05-23 | 中科正阳信息安全技术有限公司 | Method for improving concurrency of WEB security gateway |
CN103186739A (en) * | 2012-01-03 | 2013-07-03 | 国际商业机器公司 | Method for secure web browsing |
CN104506644A (en) * | 2014-12-30 | 2015-04-08 | 北京奇虎科技有限公司 | Method, device and mobile terminal for accessing network data |
CN105656943A (en) * | 2016-03-15 | 2016-06-08 | 上海缔安科技股份有限公司 | Application data interception system and method |
CN105830414A (en) * | 2013-10-01 | 2016-08-03 | 鲁库斯无线公司 | Secure network access using credentials |
-
2016
- 2016-10-11 CN CN201610885955.9A patent/CN106453309B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101043478A (en) * | 2007-04-20 | 2007-09-26 | 北京航空航天大学 | Service gateway and method for realizing message safe process |
CN102469045A (en) * | 2010-11-05 | 2012-05-23 | 中科正阳信息安全技术有限公司 | Method for improving concurrency of WEB security gateway |
CN103186739A (en) * | 2012-01-03 | 2013-07-03 | 国际商业机器公司 | Method for secure web browsing |
CN105830414A (en) * | 2013-10-01 | 2016-08-03 | 鲁库斯无线公司 | Secure network access using credentials |
CN104506644A (en) * | 2014-12-30 | 2015-04-08 | 北京奇虎科技有限公司 | Method, device and mobile terminal for accessing network data |
CN105656943A (en) * | 2016-03-15 | 2016-06-08 | 上海缔安科技股份有限公司 | Application data interception system and method |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109889468A (en) * | 2017-12-06 | 2019-06-14 | 腾讯科技(武汉)有限公司 | Transmission method, system, device, equipment and the storage medium of network data |
CN109889468B (en) * | 2017-12-06 | 2022-06-14 | 腾讯科技(武汉)有限公司 | Network data transmission method, system, device, equipment and storage medium |
CN109218203A (en) * | 2018-09-20 | 2019-01-15 | 上海龙弈信息科技有限公司 | A kind of Financial Management and risk control processing system and its operation method |
CN109672744A (en) * | 2018-12-28 | 2019-04-23 | 中电福富信息科技有限公司 | A kind of image fort machine method and system of user's unaware |
CN114338087A (en) * | 2021-12-03 | 2022-04-12 | 成都安恒信息技术有限公司 | Directional operation and maintenance auditing method and system based on firewall |
CN114338087B (en) * | 2021-12-03 | 2024-03-15 | 成都安恒信息技术有限公司 | Directional operation and maintenance auditing method and system based on firewall |
Also Published As
Publication number | Publication date |
---|---|
CN106453309B (en) | 2020-04-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9544288B2 (en) | Messaging gateway | |
KR101886946B1 (en) | Relay proxy providing secure connectivity in a controlled network environment | |
CN106453309A (en) | Safety audit method and PC (Personal Computer) terminal | |
KR101577920B1 (en) | Location-based group generation method, apparatus and system | |
US10270835B2 (en) | Determination of information relating to messages | |
WO2020164526A1 (en) | Control method for nodes in distributed system and related device | |
CN108234439B (en) | Attack protection for network real-time communication providers | |
CN103167031A (en) | Communication between Web applications | |
CN107204873A (en) | A kind of method and relevant device for switching target domain name resolution server | |
JP5980968B2 (en) | Information processing apparatus, information processing method, and program | |
JPWO2015049825A1 (en) | Terminal authentication registration system, terminal authentication registration method and program | |
US20190334938A1 (en) | System, method, and computer program product for dynamically configuring a virtual environment for identifying unwanted data | |
CN111488581A (en) | Weak password vulnerability detection method and device, electronic equipment and computer readable medium | |
CN103441923B (en) | A kind of Implementation of File Transfer method and apparatus based on network application software | |
US11232205B2 (en) | File storage service initiation of antivirus software locally installed on a user device | |
CN113923008B (en) | Malicious website interception method, device, equipment and storage medium | |
JP5322288B2 (en) | COMMUNICATION PROCESSING DEVICE, COMMUNICATION PROCESSING METHOD, AND PROGRAM | |
US9900756B2 (en) | Dynamically updating policy controls for mobile devices and applications via policy notifications | |
WO2015088244A1 (en) | Method for providing file aging service | |
US8812558B1 (en) | Push notification of updates to antivirus programs | |
US10270784B1 (en) | Systems, devices, software, and methods for location based device and application management | |
CN106572462B (en) | Alarm information sending method and device | |
CN113785293B (en) | File storage service initiation for anti-virus software locally installed on user device | |
JP4437259B2 (en) | Network management method and network management system | |
CN114598524A (en) | Method, device, equipment and storage medium for detecting agent tool |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |