CN106982217A - A kind of network security management mode of decentralization - Google Patents

A kind of network security management mode of decentralization Download PDF

Info

Publication number
CN106982217A
CN106982217A CN201710240192.7A CN201710240192A CN106982217A CN 106982217 A CN106982217 A CN 106982217A CN 201710240192 A CN201710240192 A CN 201710240192A CN 106982217 A CN106982217 A CN 106982217A
Authority
CN
China
Prior art keywords
terminal
control server
network security
security management
decentralization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710240192.7A
Other languages
Chinese (zh)
Inventor
崔永波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Morebeck Semiconductor Technology Co Ltd
Original Assignee
Xi'an Morebeck Semiconductor Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an Morebeck Semiconductor Technology Co Ltd filed Critical Xi'an Morebeck Semiconductor Technology Co Ltd
Priority to CN201710240192.7A priority Critical patent/CN106982217A/en
Publication of CN106982217A publication Critical patent/CN106982217A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention provides a kind of network security management mode of decentralization, it is characterised in that:Each terminal, not by mesotube control server, is directly operated in the action for carrying out network access or data storage by each terminal;The concrete operations of the respective management and control oneself of each terminal, central management and control server is responsible for distributing the authorization of each terminal;Similar and different operating right is distributed between each terminal;Described operating right includes:Consult, store, replicating, connect outer net, destroy data;The operation of each terminal of central management and control server real-time monitoring and real time modifying.The network security management mode that the present invention is provided does not have centralization device, so will not be captured causes all terminal ends to be paralysed.If capturing independent terminal, remaining terminal can find and send alarm to central management and control server, and central management and control server is that can stop the PC ends all permissions.Even without discovery, the storage file mode of single terminal is fragment store after encryption, even if taking file also can not decrypt and piece together.

Description

A kind of network security management mode of decentralization
Technical field
The present invention relates to network security management technical field, in particular to a kind of network security pipe of decentralization Reason mode.
Background technology
Informatization Development and differentiation have greatly changed the social life of the mankind, with informationization fast development Information Network Network security situation is further severe.Information security attack meanses are developed to synthesization is simplified, and it is multiple to variation to attack form Hydridization develops, and the attack sustainable growth such as virus, worm, spam, Botnet, various software and hardware security breaches are utilized simultaneously The integrated cost attacked is more and more lower, and the calculated attack of internal staff is also hard to guard against, and network security is compromised increasingly It is severe.Thus, the problem of data safety progressively turns into social growing interest, as new medium, Email, community etc. are various The application of novel information spreading tool, leaking data is by all safety that threaten PC ends by all kinds of means, e.g., by USB flash disk, USB port, The transmission mode such as mobile hard disk, infrared, bluetooth is carried or the important sensitive information of unofficial biography, causes the significant data leakage of PC ends;Pass through For electronic equipment (such as PC) reconstructing electromagnetic information, important information is obtained in real time;Main frame medium is stolen by being implanted into wooden horse Or the important information data on peripheral hardware;By intercepting and capturing the data message of the EMAIL information propagated in public network or radio transmission, obtain Take sensitive information etc..Thus, how the safe of Logistics networks data just turns into an important technical barrier.
And change safety management centered on prevailing network way to manage, i.e., it is total to by a centralized management device and multiple pc end With the network structure (as shown in Figure 1) of composition.Wherein, centralized management device is responsible for PC1, the bursting tube at multiple PC ends such as PC2 Reason, centralized management device can authorize secure access and the secure storage function at PC ends, and any PC has extranet access or money The action of material storage is required to by centralized management device.The device can authorize whether PC ends have extranet access license, together Sample can authorize whether the PC ends have inside information to consult the safety management authorities such as authority.But, it is big that the prior art technology has 3 Shortcoming:If 1) centralized management device is captured, all PC ends, server, data memory will be captured simultaneously, safety management It is leaky;Moreover, ought wherein a certain PC ends captured, data, which will have, loses or the risk divulged a secret.2) when PC ends infinite expanding When, server has the risk of collapse, the extension of limitation PC ends.If 3) PC ends file is lost, it is necessary to transfer Backup and Restore from storage Data, speed is slower, if memory data is lost, file can not be given for change.
The content of the invention
The potential safety hazard occurred for network management in the prior art, the present invention proposes a kind of network security of decentralization Way to manage, it is possible to achieve the effective management and safeguard protection carried out to the network information.
The technical scheme is that:A kind of network security management mode of decentralization, it is characterised in that:Each terminal exists The action of network access or data storage is carried out not by mesotube control server, is directly operated by each terminal.
Further, the concrete operations of the respective management and control oneself of each terminal, central management and control server is responsible for distributing the behaviour of each terminal Authorize.
Further, similar and different operating right is distributed between each terminal;Described operating right includes:Consult, deposit Storage, duplication, connection outer net, destruction data.
Further, the operation of each terminal of central management and control server real-time monitoring and real time modifying:If any terminal occurs different Normal situation, central management and control server can change or stop the operating right of the terminal immediately.
Further, each terminal monitoring authority of oneself, once itself unusual condition occurs, alarm can be sent immediately to center Management and control server;Each terminal also monitors other-end authority simultaneously, and when unusual condition occurs in a certain terminal, other-end can be monitored Acted to this and send alarm to central management and control server;Central management and control server is received after alarm, stops the terminal immediately All permissions and implement isolation.
Further, the mode of the way to manage data storage is:Terminal is received after file, and central server is to file It is encrypted, is then deposited in memory as backup and set access rights;Meanwhile, this document after encryption is dispersed as Fragment, by fragment store in each terminal.
Further, recovery of stored data has two ways:Directly from memory Backup and Restore, or from each terminal according to Fragment recovers.
Further, it is described that there is setting authority from each terminal recovery of stored data, when the terminal agreement more than half, Backup Data can be recovered.
Further, the terminal is PC ends or mobile terminal or server.
Compared with prior art, the beneficial effects of the invention are as follows:
1. there is no centralization device, so will not be captured causes all terminal ends to be paralysed.If capturing independent terminal, remaining Terminal can find and send alarm to central management and control server, and central management and control server is that can stop the PC ends all permissions.I.e. Just do not find, the storage file mode of single terminal is fragment store after encryption, even if taking file also can not decrypt and spell Gather.
2. each management and control of each terminal, does not have centralized management device, when terminal can infinite expanding, without servers go down Risk.
3. because the manner carries out memory backup and each terminal difference debris management two ways, therefore data recovery also has Two ways:Backup and Restore in memory, or recover according to fragment, speed.
Brief description of the drawings
Fig. 1 is existing centralized network way to manage figure;
Fig. 2 is the decentralization network managing mode figure that the present invention is provided.
Embodiment
Below in conjunction with drawings and examples, the present invention will be described in further detail.It should be appreciated that described herein Specific embodiment only to explain the present invention, is not intended to limit the present invention.
Embodiment
As shown in Fig. 2 a kind of network security management mode of decentralization, it is characterised in that:Each terminal is carrying out network Access or the action of data storage are directly operated not by mesotube control server by each terminal.The each management and control oneself of each terminal Concrete operations, central management and control server is responsible for distributing the authorization of each terminal.Distribute similar and different between each terminal Operating right;Described operating right includes:Consult, store, replicating, connect outer net, destroy data.Central management and control server is real When monitoring and each terminal of real time modifying operation:If unusual condition occurs in any terminal, central management and control server can be changed immediately Or stop the operating right of the terminal.Each terminal monitoring authority of oneself, once itself unusual condition occurs, police can be sent immediately Report to central management and control server;Each terminal also monitors other-end authority simultaneously, when unusual condition occurs in a certain terminal, other ends End can monitor this and act and send alarm to central management and control server;Central management and control server is received after alarm, is stopped immediately Only all permissions of the terminal and implement isolation.The mode of the way to manage data storage is:Terminal is received after file, in File is encrypted centre server, is then deposited in memory as backup and sets access rights;Meanwhile, after encryption This document break up and fragmentate, by fragment store in each terminal.
The network security management mode recovery of stored data has two ways:The Backup and Restore directly from memory, or Recover from each terminal according to fragment.The terminal is PC ends or mobile terminal.From each terminal recovery of stored data there is setting to weigh Limit, when the terminal agreement more than half, could recover Backup Data.
The network security management mode that the present invention is provided does not have centralization device, so will not be captured causes all terminals End paralysis.If capturing independent terminal, remaining terminal can find and send alarm to central management and control server, central management and control server The PC ends all permissions can be stopped.Even without discovery, the storage file mode of single terminal is fragment store after encryption, i.e., Just taking file also can not decrypt and piece together.The each management and control of each terminal, does not have centralized management device, when terminal can infinitely expand Exhibition, the risk without servers go down.Because the manner carries out memory backup and each terminal difference debris management two ways, Therefore data recovery also has two ways:Backup and Restore in memory, or recover according to fragment, speed.
The preferred embodiments of the present invention have shown and described in described above, as previously described, it should be understood that not office of the invention Be limited to form disclosed herein, be not to be taken as the exclusion to other embodiment, and available for various other combinations, modification and Environment, and can be changed in invention contemplated scope described herein by the technology or knowledge of above-mentioned teaching or association area It is dynamic., then all should be appended by the present invention and the change and change that those skilled in the art are carried out do not depart from the spirit and scope of the present invention In scope of the claims.

Claims (9)

1. a kind of network security management mode of decentralization, it is characterised in that:Each terminal is deposited in progress network access or data The action of storage by mesotube control server, is not operated directly by each terminal.
2. the network security management mode of decentralization according to claim 1, it is characterised in that:The each management and control of each terminal The concrete operations of oneself, central management and control server is responsible for distributing the authorization of each terminal.
3. the network security management mode of decentralization according to claim 2, it is characterised in that:Distributed between each terminal Similar and different operating right;Described operating right includes:Consult, store, replicating, connect outer net, destroy data.
4. the network security management mode of decentralization according to claim 2, it is characterised in that:Central management and control server Monitoring in real time and the operation of each terminal of real time modifying:If unusual condition occurs in any terminal, central management and control server can be repaiied immediately Change or stop the operating right of the terminal.
5. the network security management mode of decentralization according to claim 2, it is characterised in that:Each terminal monitoring oneself Authority, once itself unusual condition occurs, alarm can be sent immediately to central management and control server;Each terminal also monitors it simultaneously His terminal authorization, when unusual condition occurs in a certain terminal, other-end can monitor this and act and send alarm to central management and control Server;Central management and control server is received after alarm, is stopped all permissions of the terminal immediately and is implemented isolation.
6. the network security management mode of decentralization according to claim 3, it is characterised in that:The way to manage is deposited Storage data mode be:Terminal is received after file, and file is encrypted central server, is then stored in and is deposited as backup In reservoir and set access rights;Meanwhile, this document after encryption is broken up and fragmentated, by fragment store in each terminal.
7. the network security management mode of decentralization according to claim 6, it is characterised in that:Recovery of stored data has Two ways:The Backup and Restore directly from memory, or recover from each terminal according to fragment.
8. the network security management mode of decentralization according to claim 6, it is characterised in that:The terminal is PC ends Or mobile terminal or server.
9. the network security management mode of decentralization according to claim 7, it is characterised in that:It is described extensive from each terminal Multiple data storage has setting authority, when the terminal agreement more than half, could recover Backup Data.
CN201710240192.7A 2017-04-13 2017-04-13 A kind of network security management mode of decentralization Pending CN106982217A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710240192.7A CN106982217A (en) 2017-04-13 2017-04-13 A kind of network security management mode of decentralization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710240192.7A CN106982217A (en) 2017-04-13 2017-04-13 A kind of network security management mode of decentralization

Publications (1)

Publication Number Publication Date
CN106982217A true CN106982217A (en) 2017-07-25

Family

ID=59345463

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710240192.7A Pending CN106982217A (en) 2017-04-13 2017-04-13 A kind of network security management mode of decentralization

Country Status (1)

Country Link
CN (1) CN106982217A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109615684A (en) * 2018-12-12 2019-04-12 江苏赞奇科技股份有限公司 A kind of method that decentralization renders online

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000155611A (en) * 1998-11-20 2000-06-06 Mitsubishi Electric Corp Remote monitor control system
CN101025702A (en) * 2006-02-17 2007-08-29 深圳奇峰创智科技有限公司 Method for automatic backup using computer network
CN101651697A (en) * 2009-09-21 2010-02-17 杭州华三通信技术有限公司 Method and equipment for managing network access authority
CN103312494A (en) * 2012-03-14 2013-09-18 中国人民银行印制科学技术研究所 Data scatter storage method, data recovery method and data card
CN104361284A (en) * 2014-10-26 2015-02-18 重庆智韬信息技术中心 Third-party intrusion monitoring method for cloud storage data packet

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000155611A (en) * 1998-11-20 2000-06-06 Mitsubishi Electric Corp Remote monitor control system
CN101025702A (en) * 2006-02-17 2007-08-29 深圳奇峰创智科技有限公司 Method for automatic backup using computer network
CN101651697A (en) * 2009-09-21 2010-02-17 杭州华三通信技术有限公司 Method and equipment for managing network access authority
CN103312494A (en) * 2012-03-14 2013-09-18 中国人民银行印制科学技术研究所 Data scatter storage method, data recovery method and data card
CN104361284A (en) * 2014-10-26 2015-02-18 重庆智韬信息技术中心 Third-party intrusion monitoring method for cloud storage data packet

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109615684A (en) * 2018-12-12 2019-04-12 江苏赞奇科技股份有限公司 A kind of method that decentralization renders online

Similar Documents

Publication Publication Date Title
CN109729180B (en) Whole system intelligent community platform
Benias et al. A review on the readiness level and cyber-security challenges in Industry 4.0
CN109005189A (en) A kind of access transmission platform suitable for double net isolation
Vijayakumaran et al. A reliable next generation cyber security architecture for industrial internet of things environment
US20110113242A1 (en) Protecting mobile devices using data and device control
JPWO2009031453A1 (en) Network security monitoring device and network security monitoring system
CN101951364A (en) Method and system for realizing security audit function in remote control process
Abouzakhar Critical infrastructure cybersecurity: A review of recent threats and violations
Doshi et al. A review paper on security concerns in cloud computing and proposed security models
CN113542339A (en) Electric power Internet of things safety protection design method
Stewart et al. CommunityGuard: A crowdsourced home cyber-security system
CN102333068A (en) SSH and SFTP (Secure Shell and Ssh File Transfer Protocol)-based tunnel intelligent management and control system and method
KR101847618B1 (en) Method for privacy object masking and key management for user authentication in video surveillance system and video surveillance system using the same
CN110708340A (en) Enterprise private network security supervision system
CN105245336B (en) A kind of file encryption management system
CN106982217A (en) A kind of network security management mode of decentralization
KR101871406B1 (en) Method for securiting control system using whitelist and system for the same
CN115834205A (en) Monitoring system illegal external connection alarm system
CN105608342A (en) Data management method and data management device
Li et al. Research on security issues of military Internet of Things
CN113365277A (en) Wireless network safety protection system
Matusek et al. NIVSS: a nearly indestructible video surveillance system
Yao et al. Design and Application of inter-network security transmission system of self-control
Vydarený Ransomware Attacks and Defense Against Them
Ramluckan et al. Security requirements for cloud computing in crisis management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 710119 the six level of new industrial park development avenue ten, new high-tech industrial park, Xi'an, Shaanxi.

Applicant after: Xi'an Morebeck Semiconductor Technology Co., Ltd.

Address before: 710119 the three layer of No. 10 hi-tech development road, Yanta District, Xi'an, Shaanxi.

Applicant before: Xi'an Morebeck Semiconductor Technology Co., Ltd.

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170725