CN106982217A - A kind of network security management mode of decentralization - Google Patents
A kind of network security management mode of decentralization Download PDFInfo
- Publication number
- CN106982217A CN106982217A CN201710240192.7A CN201710240192A CN106982217A CN 106982217 A CN106982217 A CN 106982217A CN 201710240192 A CN201710240192 A CN 201710240192A CN 106982217 A CN106982217 A CN 106982217A
- Authority
- CN
- China
- Prior art keywords
- terminal
- control server
- network security
- security management
- decentralization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of network security management mode of decentralization, it is characterised in that:Each terminal, not by mesotube control server, is directly operated in the action for carrying out network access or data storage by each terminal;The concrete operations of the respective management and control oneself of each terminal, central management and control server is responsible for distributing the authorization of each terminal;Similar and different operating right is distributed between each terminal;Described operating right includes:Consult, store, replicating, connect outer net, destroy data;The operation of each terminal of central management and control server real-time monitoring and real time modifying.The network security management mode that the present invention is provided does not have centralization device, so will not be captured causes all terminal ends to be paralysed.If capturing independent terminal, remaining terminal can find and send alarm to central management and control server, and central management and control server is that can stop the PC ends all permissions.Even without discovery, the storage file mode of single terminal is fragment store after encryption, even if taking file also can not decrypt and piece together.
Description
Technical field
The present invention relates to network security management technical field, in particular to a kind of network security pipe of decentralization
Reason mode.
Background technology
Informatization Development and differentiation have greatly changed the social life of the mankind, with informationization fast development Information Network
Network security situation is further severe.Information security attack meanses are developed to synthesization is simplified, and it is multiple to variation to attack form
Hydridization develops, and the attack sustainable growth such as virus, worm, spam, Botnet, various software and hardware security breaches are utilized simultaneously
The integrated cost attacked is more and more lower, and the calculated attack of internal staff is also hard to guard against, and network security is compromised increasingly
It is severe.Thus, the problem of data safety progressively turns into social growing interest, as new medium, Email, community etc. are various
The application of novel information spreading tool, leaking data is by all safety that threaten PC ends by all kinds of means, e.g., by USB flash disk, USB port,
The transmission mode such as mobile hard disk, infrared, bluetooth is carried or the important sensitive information of unofficial biography, causes the significant data leakage of PC ends;Pass through
For electronic equipment (such as PC) reconstructing electromagnetic information, important information is obtained in real time;Main frame medium is stolen by being implanted into wooden horse
Or the important information data on peripheral hardware;By intercepting and capturing the data message of the EMAIL information propagated in public network or radio transmission, obtain
Take sensitive information etc..Thus, how the safe of Logistics networks data just turns into an important technical barrier.
And change safety management centered on prevailing network way to manage, i.e., it is total to by a centralized management device and multiple pc end
With the network structure (as shown in Figure 1) of composition.Wherein, centralized management device is responsible for PC1, the bursting tube at multiple PC ends such as PC2
Reason, centralized management device can authorize secure access and the secure storage function at PC ends, and any PC has extranet access or money
The action of material storage is required to by centralized management device.The device can authorize whether PC ends have extranet access license, together
Sample can authorize whether the PC ends have inside information to consult the safety management authorities such as authority.But, it is big that the prior art technology has 3
Shortcoming:If 1) centralized management device is captured, all PC ends, server, data memory will be captured simultaneously, safety management
It is leaky;Moreover, ought wherein a certain PC ends captured, data, which will have, loses or the risk divulged a secret.2) when PC ends infinite expanding
When, server has the risk of collapse, the extension of limitation PC ends.If 3) PC ends file is lost, it is necessary to transfer Backup and Restore from storage
Data, speed is slower, if memory data is lost, file can not be given for change.
The content of the invention
The potential safety hazard occurred for network management in the prior art, the present invention proposes a kind of network security of decentralization
Way to manage, it is possible to achieve the effective management and safeguard protection carried out to the network information.
The technical scheme is that:A kind of network security management mode of decentralization, it is characterised in that:Each terminal exists
The action of network access or data storage is carried out not by mesotube control server, is directly operated by each terminal.
Further, the concrete operations of the respective management and control oneself of each terminal, central management and control server is responsible for distributing the behaviour of each terminal
Authorize.
Further, similar and different operating right is distributed between each terminal;Described operating right includes:Consult, deposit
Storage, duplication, connection outer net, destruction data.
Further, the operation of each terminal of central management and control server real-time monitoring and real time modifying:If any terminal occurs different
Normal situation, central management and control server can change or stop the operating right of the terminal immediately.
Further, each terminal monitoring authority of oneself, once itself unusual condition occurs, alarm can be sent immediately to center
Management and control server;Each terminal also monitors other-end authority simultaneously, and when unusual condition occurs in a certain terminal, other-end can be monitored
Acted to this and send alarm to central management and control server;Central management and control server is received after alarm, stops the terminal immediately
All permissions and implement isolation.
Further, the mode of the way to manage data storage is:Terminal is received after file, and central server is to file
It is encrypted, is then deposited in memory as backup and set access rights;Meanwhile, this document after encryption is dispersed as
Fragment, by fragment store in each terminal.
Further, recovery of stored data has two ways:Directly from memory Backup and Restore, or from each terminal according to
Fragment recovers.
Further, it is described that there is setting authority from each terminal recovery of stored data, when the terminal agreement more than half,
Backup Data can be recovered.
Further, the terminal is PC ends or mobile terminal or server.
Compared with prior art, the beneficial effects of the invention are as follows:
1. there is no centralization device, so will not be captured causes all terminal ends to be paralysed.If capturing independent terminal, remaining
Terminal can find and send alarm to central management and control server, and central management and control server is that can stop the PC ends all permissions.I.e.
Just do not find, the storage file mode of single terminal is fragment store after encryption, even if taking file also can not decrypt and spell
Gather.
2. each management and control of each terminal, does not have centralized management device, when terminal can infinite expanding, without servers go down
Risk.
3. because the manner carries out memory backup and each terminal difference debris management two ways, therefore data recovery also has
Two ways:Backup and Restore in memory, or recover according to fragment, speed.
Brief description of the drawings
Fig. 1 is existing centralized network way to manage figure;
Fig. 2 is the decentralization network managing mode figure that the present invention is provided.
Embodiment
Below in conjunction with drawings and examples, the present invention will be described in further detail.It should be appreciated that described herein
Specific embodiment only to explain the present invention, is not intended to limit the present invention.
Embodiment
As shown in Fig. 2 a kind of network security management mode of decentralization, it is characterised in that:Each terminal is carrying out network
Access or the action of data storage are directly operated not by mesotube control server by each terminal.The each management and control oneself of each terminal
Concrete operations, central management and control server is responsible for distributing the authorization of each terminal.Distribute similar and different between each terminal
Operating right;Described operating right includes:Consult, store, replicating, connect outer net, destroy data.Central management and control server is real
When monitoring and each terminal of real time modifying operation:If unusual condition occurs in any terminal, central management and control server can be changed immediately
Or stop the operating right of the terminal.Each terminal monitoring authority of oneself, once itself unusual condition occurs, police can be sent immediately
Report to central management and control server;Each terminal also monitors other-end authority simultaneously, when unusual condition occurs in a certain terminal, other ends
End can monitor this and act and send alarm to central management and control server;Central management and control server is received after alarm, is stopped immediately
Only all permissions of the terminal and implement isolation.The mode of the way to manage data storage is:Terminal is received after file, in
File is encrypted centre server, is then deposited in memory as backup and sets access rights;Meanwhile, after encryption
This document break up and fragmentate, by fragment store in each terminal.
The network security management mode recovery of stored data has two ways:The Backup and Restore directly from memory, or
Recover from each terminal according to fragment.The terminal is PC ends or mobile terminal.From each terminal recovery of stored data there is setting to weigh
Limit, when the terminal agreement more than half, could recover Backup Data.
The network security management mode that the present invention is provided does not have centralization device, so will not be captured causes all terminals
End paralysis.If capturing independent terminal, remaining terminal can find and send alarm to central management and control server, central management and control server
The PC ends all permissions can be stopped.Even without discovery, the storage file mode of single terminal is fragment store after encryption, i.e.,
Just taking file also can not decrypt and piece together.The each management and control of each terminal, does not have centralized management device, when terminal can infinitely expand
Exhibition, the risk without servers go down.Because the manner carries out memory backup and each terminal difference debris management two ways,
Therefore data recovery also has two ways:Backup and Restore in memory, or recover according to fragment, speed.
The preferred embodiments of the present invention have shown and described in described above, as previously described, it should be understood that not office of the invention
Be limited to form disclosed herein, be not to be taken as the exclusion to other embodiment, and available for various other combinations, modification and
Environment, and can be changed in invention contemplated scope described herein by the technology or knowledge of above-mentioned teaching or association area
It is dynamic., then all should be appended by the present invention and the change and change that those skilled in the art are carried out do not depart from the spirit and scope of the present invention
In scope of the claims.
Claims (9)
1. a kind of network security management mode of decentralization, it is characterised in that:Each terminal is deposited in progress network access or data
The action of storage by mesotube control server, is not operated directly by each terminal.
2. the network security management mode of decentralization according to claim 1, it is characterised in that:The each management and control of each terminal
The concrete operations of oneself, central management and control server is responsible for distributing the authorization of each terminal.
3. the network security management mode of decentralization according to claim 2, it is characterised in that:Distributed between each terminal
Similar and different operating right;Described operating right includes:Consult, store, replicating, connect outer net, destroy data.
4. the network security management mode of decentralization according to claim 2, it is characterised in that:Central management and control server
Monitoring in real time and the operation of each terminal of real time modifying:If unusual condition occurs in any terminal, central management and control server can be repaiied immediately
Change or stop the operating right of the terminal.
5. the network security management mode of decentralization according to claim 2, it is characterised in that:Each terminal monitoring oneself
Authority, once itself unusual condition occurs, alarm can be sent immediately to central management and control server;Each terminal also monitors it simultaneously
His terminal authorization, when unusual condition occurs in a certain terminal, other-end can monitor this and act and send alarm to central management and control
Server;Central management and control server is received after alarm, is stopped all permissions of the terminal immediately and is implemented isolation.
6. the network security management mode of decentralization according to claim 3, it is characterised in that:The way to manage is deposited
Storage data mode be:Terminal is received after file, and file is encrypted central server, is then stored in and is deposited as backup
In reservoir and set access rights;Meanwhile, this document after encryption is broken up and fragmentated, by fragment store in each terminal.
7. the network security management mode of decentralization according to claim 6, it is characterised in that:Recovery of stored data has
Two ways:The Backup and Restore directly from memory, or recover from each terminal according to fragment.
8. the network security management mode of decentralization according to claim 6, it is characterised in that:The terminal is PC ends
Or mobile terminal or server.
9. the network security management mode of decentralization according to claim 7, it is characterised in that:It is described extensive from each terminal
Multiple data storage has setting authority, when the terminal agreement more than half, could recover Backup Data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710240192.7A CN106982217A (en) | 2017-04-13 | 2017-04-13 | A kind of network security management mode of decentralization |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710240192.7A CN106982217A (en) | 2017-04-13 | 2017-04-13 | A kind of network security management mode of decentralization |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106982217A true CN106982217A (en) | 2017-07-25 |
Family
ID=59345463
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710240192.7A Pending CN106982217A (en) | 2017-04-13 | 2017-04-13 | A kind of network security management mode of decentralization |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106982217A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109615684A (en) * | 2018-12-12 | 2019-04-12 | 江苏赞奇科技股份有限公司 | A kind of method that decentralization renders online |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000155611A (en) * | 1998-11-20 | 2000-06-06 | Mitsubishi Electric Corp | Remote monitor control system |
CN101025702A (en) * | 2006-02-17 | 2007-08-29 | 深圳奇峰创智科技有限公司 | Method for automatic backup using computer network |
CN101651697A (en) * | 2009-09-21 | 2010-02-17 | 杭州华三通信技术有限公司 | Method and equipment for managing network access authority |
CN103312494A (en) * | 2012-03-14 | 2013-09-18 | 中国人民银行印制科学技术研究所 | Data scatter storage method, data recovery method and data card |
CN104361284A (en) * | 2014-10-26 | 2015-02-18 | 重庆智韬信息技术中心 | Third-party intrusion monitoring method for cloud storage data packet |
-
2017
- 2017-04-13 CN CN201710240192.7A patent/CN106982217A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000155611A (en) * | 1998-11-20 | 2000-06-06 | Mitsubishi Electric Corp | Remote monitor control system |
CN101025702A (en) * | 2006-02-17 | 2007-08-29 | 深圳奇峰创智科技有限公司 | Method for automatic backup using computer network |
CN101651697A (en) * | 2009-09-21 | 2010-02-17 | 杭州华三通信技术有限公司 | Method and equipment for managing network access authority |
CN103312494A (en) * | 2012-03-14 | 2013-09-18 | 中国人民银行印制科学技术研究所 | Data scatter storage method, data recovery method and data card |
CN104361284A (en) * | 2014-10-26 | 2015-02-18 | 重庆智韬信息技术中心 | Third-party intrusion monitoring method for cloud storage data packet |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109615684A (en) * | 2018-12-12 | 2019-04-12 | 江苏赞奇科技股份有限公司 | A kind of method that decentralization renders online |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109729180B (en) | Whole system intelligent community platform | |
Benias et al. | A review on the readiness level and cyber-security challenges in Industry 4.0 | |
CN109005189A (en) | A kind of access transmission platform suitable for double net isolation | |
Vijayakumaran et al. | A reliable next generation cyber security architecture for industrial internet of things environment | |
US20110113242A1 (en) | Protecting mobile devices using data and device control | |
JPWO2009031453A1 (en) | Network security monitoring device and network security monitoring system | |
CN101951364A (en) | Method and system for realizing security audit function in remote control process | |
Abouzakhar | Critical infrastructure cybersecurity: A review of recent threats and violations | |
Doshi et al. | A review paper on security concerns in cloud computing and proposed security models | |
CN113542339A (en) | Electric power Internet of things safety protection design method | |
Stewart et al. | CommunityGuard: A crowdsourced home cyber-security system | |
CN102333068A (en) | SSH and SFTP (Secure Shell and Ssh File Transfer Protocol)-based tunnel intelligent management and control system and method | |
KR101847618B1 (en) | Method for privacy object masking and key management for user authentication in video surveillance system and video surveillance system using the same | |
CN110708340A (en) | Enterprise private network security supervision system | |
CN105245336B (en) | A kind of file encryption management system | |
CN106982217A (en) | A kind of network security management mode of decentralization | |
KR101871406B1 (en) | Method for securiting control system using whitelist and system for the same | |
CN115834205A (en) | Monitoring system illegal external connection alarm system | |
CN105608342A (en) | Data management method and data management device | |
Li et al. | Research on security issues of military Internet of Things | |
CN113365277A (en) | Wireless network safety protection system | |
Matusek et al. | NIVSS: a nearly indestructible video surveillance system | |
Yao et al. | Design and Application of inter-network security transmission system of self-control | |
Vydarený | Ransomware Attacks and Defense Against Them | |
Ramluckan et al. | Security requirements for cloud computing in crisis management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 710119 the six level of new industrial park development avenue ten, new high-tech industrial park, Xi'an, Shaanxi. Applicant after: Xi'an Morebeck Semiconductor Technology Co., Ltd. Address before: 710119 the three layer of No. 10 hi-tech development road, Yanta District, Xi'an, Shaanxi. Applicant before: Xi'an Morebeck Semiconductor Technology Co., Ltd. |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170725 |