CN106453309A - Safety audit method and PC (Personal Computer) terminal - Google Patents

Safety audit method and PC (Personal Computer) terminal Download PDF

Info

Publication number
CN106453309A
CN106453309A CN201610885955.9A CN201610885955A CN106453309A CN 106453309 A CN106453309 A CN 106453309A CN 201610885955 A CN201610885955 A CN 201610885955A CN 106453309 A CN106453309 A CN 106453309A
Authority
CN
China
Prior art keywords
request message
proxy server
terminal
socket proxy
sent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610885955.9A
Other languages
Chinese (zh)
Other versions
CN106453309B (en
Inventor
李朝中
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN201610885955.9A priority Critical patent/CN106453309B/en
Publication of CN106453309A publication Critical patent/CN106453309A/en
Application granted granted Critical
Publication of CN106453309B publication Critical patent/CN106453309B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/563Data redirection of data network streams
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a safety audit method and a PC (Personal Computer) terminal. The method comprises the following steps: redirecting a request message sent by an application in the PC terminal to a SOCKET proxy in the PC terminal through a network redirector in the PC terminal; and performing safety audit on the request message through the SOCKET proxy, and if the request message meets a preset safety audit requirement, sending the request message to a target server. The network redirector can automatically redirect the request message of the application to the SOCKET proxy without a need of adding any component into the application, so that conflicts with safety software in the application are avoided, and normal work of the application is ensured. The SOCKET proxy can receive a complete request message of the application, so that the whole request message is audited and monitored.

Description

A kind of method of security audit and PC terminal
Technical field
The present invention relates to technical field of network security, more particularly, to a kind of method of security audit and PC terminal.
Background technology
At present, the network service content on mobile terminal is audited and the method that monitored mainly include HOOK technology and Local general-purpose proxy technology.HOOK be the one kind providing in Windows in order to replace the system mechanism " interrupting " under DOS, Chinese It is translated into " hook " or " hook ".SOCKET api interface obtains the application protocol of the arbitrary application program on mobile terminal, utilizes HOOK technology is audited to described application protocol and is monitored.But, if the message of application protocol than larger when, SOCKET Api interface only with obtaining a part for the message of described application protocol, is thus difficult with HOOK technology and described application is assisted The full text of the message of view is audited and is monitored.And, the fail-safe software on application program can be detected to HOOK and be protected, Easily cause conflict, thus affecting the normal work of application program.
Local general-purpose proxy technology needs to set up an agency service on mobile terminal or destination server, by described Proxy server is audited to the application protocol of the application program on mobile terminal and is monitored.But, answering on mobile terminal Need to support described agency service with program, if a certain application program on mobile terminal does not support described agency service, Can not be audited and be monitored.
Content of the invention
The technical problem to be solved in the present invention is to provide a kind of method of security audit and PC terminal, is not affecting to apply In the case of the normal work of program, application program is carried out audit and monitor in full.
The technical solution used in the present invention is, the method for described security audit, including:
By the network redirection device in PC terminal, the request message that the application program in described PC terminal sends is reset To in SOCKET (socket) proxy server in described PC terminal;
Security audit is carried out to described request message by described SOCKET proxy server, if described request message meets presetting Security audit require, then described request message is sent to destination server.
Further, the application program in described PC terminal is sent by the network redirection device in the described terminal by PC Request message is redirected in the SOCKET proxy server in described PC terminal, including:
The request message that application program sends is intercepted and captured by described network redirection device, by the former mesh in described request message Address be revised as the interface IP address of SOCKET proxy server and be sent to described SOCKET proxy server;
Further, the described request message meeting default security audit requirement is sent to by described SOCKET proxy server Destination server, including:
The interface IP address of the SOCKET proxy server in described request message is reverted to the former destination of described request message Location, and the former destination address according to described request message, described request message is sent to corresponding destination server.
Further, methods described also includes:
The feedback message that destination server sends is received by described SOCKET proxy server, and described feedback message is carried out Security audit, if described feedback message meets default security audit requirement, according to the destination address of described feedback message, leads to Cross described network redirection device and described feedback message is sent to corresponding application program.
The present invention also provides a kind of PC terminal, including:
Network redirection device, the request message for sending the application program in PC terminal is redirected to SOCKET agency Device;
SOCKET proxy server, for security audit is carried out to described request message, if described request message meet default Security audit requires, then described request message is sent to destination server.
Further, described network redirection device, specifically for:
Intercept and capture the request message that application program sends, the former destination address in described request message is revised as SOCKET generation The interface IP address of reason device is simultaneously sent to described SOCKET proxy server.
Further, described SOCKET proxy server, specifically for:
The interface IP address of the SOCKET proxy server in described request message is reverted to the former destination of described request message Location, and the former destination address according to described request message, described request message is sent to corresponding destination server.
Further, described SOCKET proxy server, is additionally operable to, and receives the feedback message that destination server sends, and right Described feedback message carries out security audit, if described feedback message meets default security audit requirement, described feedback is disappeared Breath is sent to network redirection device;
Described network redirection device, is additionally operable to when receiving the feedback message that SOCKET proxy server sends, according to institute State the destination address of feedback message, described feedback message is sent to corresponding application program.
Using technique scheme, the present invention at least has following advantages:
The method of security audit of the present invention and PC terminal, there is provided a kind of method of transparent security audit, net Network redirector is redirected to the request message of application program in SOCKET proxy server, and SOCKET proxy server is to request message Content is audited and is monitored.The request message of application program can be automatically redirected to SOCKET generation by network redirection device It is not necessary to add any assembly in the application on reason device, clash thus without with the fail-safe software in application program, Thus ensure that the normal work of application program.SOCKET proxy server can receive the request message of complete application program, Thus being audited to whole request message and being monitored.
Brief description
Fig. 1 is the flow chart of the method for security audit of first embodiment of the invention;
Fig. 2 is the flow chart of the method for security audit of second embodiment of the invention;
Fig. 3 is the flow chart of the method for security audit of second embodiment of the invention;
Fig. 4 is the composition structural representation of the PC terminal of third embodiment of the invention.
Specific embodiment
For further illustrating that the present invention is to reach technological means and effect that predetermined purpose is taken, below in conjunction with accompanying drawing And preferred embodiment, after the present invention is described in detail such as.
First embodiment of the invention, a kind of method of security audit, as shown in figure 1, include step in detail below:
Step S101:Request application program in described PC terminal being sent by the network redirection device in PC terminal Message is redirected in the SOCKET proxy server in described PC terminal.
Specifically, step S101, including:
The request message that application program sends is intercepted and captured by described network redirection device, by the former mesh in described request message Address be revised as the interface IP address of SOCKET proxy server and be sent to described SOCKET proxy server.Disappeared by changing described request The former destination address of breath, to stop described request message from being sent to destination server.
Step S102:Security audit is carried out to described request message by described SOCKET proxy server, if described request disappears Breath meets default security audit requirement, then described request message is sent to destination server.
Specifically, step S102, including:
Step A1:Security audit is carried out to described request message by described SOCKET proxy server, judges described request message Whether meet default security audit requirement, if so, then execution step A2, if it is not, then stoping described request message from being sent to mesh Mark server.
Further, described default security audit requires, including:Illegal character, link is not comprised in request message And content.
Step A2:The interface IP address of the SOCKET proxy server in described request message is reverted to the former of described request message Destination address, and the former destination address according to described request message, described request message is sent to corresponding destination server.
Further, methods described also includes:
Step B1:The feedback message that destination server sends is received by described SOCKET proxy server.
Step B2:Security audit is carried out to described feedback message by described SOCKET proxy server, judges described feedback message Whether meet default security audit requirement, if so, then execution step B3, if it is not, then stop described feedback information from being sent to should Use program.
Step B3:According to the destination address of described feedback message, by network redirection device, described feedback message is sent To corresponding application program.
Second embodiment of the invention, a kind of method of security audit, including step in detail below:
Step S201:Application program in PC terminal to destination server send request message, described request message former Destination address is the interface IP address of destination server.
Step S202:TDI (Transport Driver Interface, TDI) driver part is intercepted and captured Described request message, the former destination address in described request message is revised as the interface IP address of SOCKET proxy server, thus hindering Only described request message is sent to destination server.Described TDI driver part is equivalent to the network in first embodiment of the invention Redirector, is all used for for the request message of level of application being redirected to SOCKET proxy server.
Step S203:Amended request message is sent to SOCKET proxy server by TDI driver part.
Specifically, described TDI driver part is by the former destination address of amended request message and described request message It is sent to SOCKET proxy server;Or,
Described TDI driver part stores to the former destination address of described request message.
Step S204:SOCKET proxy server carries out security audit to described request message, and judges that described request message is No meet default security audit requirement, if so, then execution step S205, if it is not, then stop be sent to described request message Destination server.
Specifically, described default security audit requires to include:Illegal character, link and interior is not comprised in request message Hold.
Step S205:The interface IP address of the SOCKET proxy server in described request message is reverted to institute by SOCKET proxy server State the former destination address of request message.
Specifically, the former destination of the described request message that SOCKET proxy server sends according to described TDI driver part Location, the address information on the destination address position of described request message is reverted to described asking by the interface IP address of SOCKET proxy server Seek the former destination address of message, and described request message is sent to corresponding destination server;Or,
Described SOCKET proxy server sends inquiry request to described TDI driver part, and described TDI driver part is according to described Inquiry request, searches the former destination address of described request message, and the former destination address of described request message is sent to SOCKET proxy server, described SOCKET proxy server is by the address information on the destination address position of described request message by SOCKET generation The interface IP address of reason device reverts to the former destination address of described request message, and described request message is sent to corresponding target Server.
Step S206:Request message after remodifying is sent to described destination server by SOCKET proxy server.
Further, as shown in figure 3, methods described also includes:
Step S301:The solicited message that destination server sends according to SOCKET proxy server is to described SOCKET proxy server Send feedback information.
Step S302:Described SOCKET proxy server, to described feedback information row security audit, judges that described feedback information is No meet default security audit requirement, if so, then execution step S303;If it is not, then stop described feedback information is sent to Application program.
Step S303:The feedback information meeting default security audit requirement is sent to TDI and drives by SOCKET proxy server Part.
Step S304:When TDI driver part receives the feedback message that SOCKET proxy server sends, according to described anti- Described feedback message is sent to corresponding application program in PC terminal by TDI driver part by the destination address of feedback message.
Third embodiment of the invention, a kind of PC device, as shown in figure 4, include consisting of part:
1) network redirection device 401, the request message for sending the application program in PC terminal is redirected to SOCKET proxy server.
Specifically, network redirection device 401, is used for:
Intercept and capture the request message that application program sends, the former destination address in described request message is revised as SOCKET generation The interface IP address of reason device is simultaneously sent to described SOCKET proxy server.Network redirection device 401 passes through to change in described request message Former destination address stoping described request message from being sent to destination server.
2) SOCKET proxy server 402, for carrying out security audit to described request message, if described request message meets in advance If security audit require, then described request message is sent to destination server.
Specifically, SOCKET proxy server 402, is used for:
The interface IP address of the SOCKET proxy server in described request message is reverted to the former destination of described request message Location, and the former destination address according to described request message, described request message is sent to corresponding destination server.
Described default security audit requires to include:Illegal character, link and content is not comprised in request message.
Further, network redirection device 401, is additionally operable to:
Receive the feedback message that destination server sends, and security audit is carried out to described feedback message, if described anti- Feedback message meets default security audit requirement, then described feedback message is sent to network redirection device.
SOCKET proxy server 402, is additionally operable to:
When receiving the feedback message that SOCKET proxy server sends, according to the destination address of described feedback message, will Described feedback message is sent to corresponding application program.
The method of security audit introduced in the embodiment of the present invention and PC terminal, there is provided a kind of transparent security audit Method, network redirection device is redirected to the request message of application program in SOCKET proxy server, SOCKET proxy server to please The content of message is asked to be audited and monitor.The request message of application program can be automatically redirected to by network redirection device It is not necessary to add any assembly in the application on SOCKET proxy server, thus without with application program in fail-safe software Clash, thus ensure that the normal work of application program.SOCKET proxy server can receive complete application program Request message, thus being audited to whole request message and being monitored.
By the explanation of specific embodiment it should to the present invention can be reach the technological means that predetermined purpose taken and Effect is able to more deeply and specifically understand, but appended diagram is only to provide reference and purposes of discussion, is not used for this Invention is any limitation as.

Claims (8)

1. a kind of method of security audit is it is characterised in that include:
By the network redirection device in PC terminal, the request message that the application program in described PC terminal sends is redirected to In SOCKET proxy server in described PC terminal;
Security audit is carried out to described request message by described SOCKET proxy server, if described request message meets default peace Full audit requirement, then be sent to destination server by described request message.
2. the method for security audit according to claim 1 is it is characterised in that the network in the described terminal by PC resets To device, the request message that the application program in described PC terminal sends is redirected to the SOCKET proxy server in described PC terminal In, including:
The request message that application program sends is intercepted and captured by described network redirection device, by the former destination in described request message Location is revised as the interface IP address of SOCKET proxy server and is sent to described SOCKET proxy server.
3. the method for security audit according to claim 2 is it is characterised in that described SOCKET proxy server is default by meeting Security audit require described request message be sent to destination server, including:
The interface IP address of the SOCKET proxy server in described request message is reverted to the former destination address of described request message, and According to the former destination address of described request message, described request message is sent to corresponding destination server.
4. the method for security audit according to claim 1 is it is characterised in that methods described also includes:
The feedback message that destination server sends is received by described SOCKET proxy server, and safety is carried out to described feedback message Audit, if described feedback message meets default security audit requirement, according to the destination address of described feedback message, by institute State network redirection device and described feedback message is sent to corresponding application program.
5. a kind of PC terminal is it is characterised in that include:
Network redirection device, the request message for sending the application program in PC terminal is redirected to SOCKET proxy server;
SOCKET proxy server, for carrying out security audit to described request message, if described request message meets default safety Audit requirement, then be sent to destination server by described request message.
6. PC terminal according to claim 5 is it is characterised in that described network redirection device, specifically for:
Intercept and capture the request message that application program sends, the former destination address in described request message is revised as SOCKET proxy server Interface IP address and be sent to described SOCKET proxy server.
7. PC terminal according to claim 6 is it is characterised in that described SOCKET proxy server, specifically for:
The interface IP address of the SOCKET proxy server in described request message is reverted to the former destination address of described request message, and According to the former destination address of described request message, described request message is sent to corresponding destination server.
8. PC terminal according to claim 5, it is characterised in that described SOCKET proxy server, is additionally operable to, and receives target clothes The feedback message that business device sends, and security audit is carried out to described feedback message, if described feedback message meets default peace Full audit requirement, then be sent to network redirection device by described feedback message;
Described network redirection device, is additionally operable to when receiving the feedback message that SOCKET proxy server sends, according to described anti- The destination address of feedback message, described feedback message is sent to corresponding application program.
CN201610885955.9A 2016-10-11 2016-10-11 Security audit method and PC terminal Active CN106453309B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610885955.9A CN106453309B (en) 2016-10-11 2016-10-11 Security audit method and PC terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610885955.9A CN106453309B (en) 2016-10-11 2016-10-11 Security audit method and PC terminal

Publications (2)

Publication Number Publication Date
CN106453309A true CN106453309A (en) 2017-02-22
CN106453309B CN106453309B (en) 2020-04-17

Family

ID=58173349

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610885955.9A Active CN106453309B (en) 2016-10-11 2016-10-11 Security audit method and PC terminal

Country Status (1)

Country Link
CN (1) CN106453309B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109218203A (en) * 2018-09-20 2019-01-15 上海龙弈信息科技有限公司 A kind of Financial Management and risk control processing system and its operation method
CN109672744A (en) * 2018-12-28 2019-04-23 中电福富信息科技有限公司 A kind of image fort machine method and system of user's unaware
CN109889468A (en) * 2017-12-06 2019-06-14 腾讯科技(武汉)有限公司 Transmission method, system, device, equipment and the storage medium of network data
CN114338087A (en) * 2021-12-03 2022-04-12 成都安恒信息技术有限公司 Directional operation and maintenance auditing method and system based on firewall

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043478A (en) * 2007-04-20 2007-09-26 北京航空航天大学 Service gateway and method for realizing message safe process
CN102469045A (en) * 2010-11-05 2012-05-23 中科正阳信息安全技术有限公司 Method for improving concurrency of WEB security gateway
CN103186739A (en) * 2012-01-03 2013-07-03 国际商业机器公司 Method for secure web browsing
CN104506644A (en) * 2014-12-30 2015-04-08 北京奇虎科技有限公司 Method, device and mobile terminal for accessing network data
CN105656943A (en) * 2016-03-15 2016-06-08 上海缔安科技股份有限公司 Application data interception system and method
CN105830414A (en) * 2013-10-01 2016-08-03 鲁库斯无线公司 Secure network access using credentials

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043478A (en) * 2007-04-20 2007-09-26 北京航空航天大学 Service gateway and method for realizing message safe process
CN102469045A (en) * 2010-11-05 2012-05-23 中科正阳信息安全技术有限公司 Method for improving concurrency of WEB security gateway
CN103186739A (en) * 2012-01-03 2013-07-03 国际商业机器公司 Method for secure web browsing
CN105830414A (en) * 2013-10-01 2016-08-03 鲁库斯无线公司 Secure network access using credentials
CN104506644A (en) * 2014-12-30 2015-04-08 北京奇虎科技有限公司 Method, device and mobile terminal for accessing network data
CN105656943A (en) * 2016-03-15 2016-06-08 上海缔安科技股份有限公司 Application data interception system and method

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889468A (en) * 2017-12-06 2019-06-14 腾讯科技(武汉)有限公司 Transmission method, system, device, equipment and the storage medium of network data
CN109889468B (en) * 2017-12-06 2022-06-14 腾讯科技(武汉)有限公司 Network data transmission method, system, device, equipment and storage medium
CN109218203A (en) * 2018-09-20 2019-01-15 上海龙弈信息科技有限公司 A kind of Financial Management and risk control processing system and its operation method
CN109672744A (en) * 2018-12-28 2019-04-23 中电福富信息科技有限公司 A kind of image fort machine method and system of user's unaware
CN114338087A (en) * 2021-12-03 2022-04-12 成都安恒信息技术有限公司 Directional operation and maintenance auditing method and system based on firewall
CN114338087B (en) * 2021-12-03 2024-03-15 成都安恒信息技术有限公司 Directional operation and maintenance auditing method and system based on firewall

Also Published As

Publication number Publication date
CN106453309B (en) 2020-04-17

Similar Documents

Publication Publication Date Title
US9544288B2 (en) Messaging gateway
KR101886946B1 (en) Relay proxy providing secure connectivity in a controlled network environment
CN106453309A (en) Safety audit method and PC (Personal Computer) terminal
KR101577920B1 (en) Location-based group generation method, apparatus and system
US10270835B2 (en) Determination of information relating to messages
WO2020164526A1 (en) Control method for nodes in distributed system and related device
CN108234439B (en) Attack protection for network real-time communication providers
CN103167031A (en) Communication between Web applications
CN107204873A (en) A kind of method and relevant device for switching target domain name resolution server
JP5980968B2 (en) Information processing apparatus, information processing method, and program
JPWO2015049825A1 (en) Terminal authentication registration system, terminal authentication registration method and program
US20190334938A1 (en) System, method, and computer program product for dynamically configuring a virtual environment for identifying unwanted data
CN111488581A (en) Weak password vulnerability detection method and device, electronic equipment and computer readable medium
CN103441923B (en) A kind of Implementation of File Transfer method and apparatus based on network application software
US11232205B2 (en) File storage service initiation of antivirus software locally installed on a user device
CN113923008B (en) Malicious website interception method, device, equipment and storage medium
JP5322288B2 (en) COMMUNICATION PROCESSING DEVICE, COMMUNICATION PROCESSING METHOD, AND PROGRAM
US9900756B2 (en) Dynamically updating policy controls for mobile devices and applications via policy notifications
WO2015088244A1 (en) Method for providing file aging service
US8812558B1 (en) Push notification of updates to antivirus programs
US10270784B1 (en) Systems, devices, software, and methods for location based device and application management
CN106572462B (en) Alarm information sending method and device
CN113785293B (en) File storage service initiation for anti-virus software locally installed on user device
JP4437259B2 (en) Network management method and network management system
CN114598524A (en) Method, device, equipment and storage medium for detecting agent tool

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant