CN107124390A - Prevention-Security, implementation method, the apparatus and system of computing device - Google Patents
Prevention-Security, implementation method, the apparatus and system of computing device Download PDFInfo
- Publication number
- CN107124390A CN107124390A CN201610105483.0A CN201610105483A CN107124390A CN 107124390 A CN107124390 A CN 107124390A CN 201610105483 A CN201610105483 A CN 201610105483A CN 107124390 A CN107124390 A CN 107124390A
- Authority
- CN
- China
- Prior art keywords
- computing device
- log
- server
- message
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Abstract
This application discloses a kind of Prevention-Security of computing device, implementation method, apparatus and system.Wherein, this method includes:Server receives the log-on message that computing device is sent;Wherein, the log-on message logs in the information of the source work station of computing device for request;Server judges whether the specifies behavior of source work station corresponding to log-on message is legal, and above-mentioned specifies behavior is the behavior that source workstation requests log in computing device;In the case of specifies behavior is illegal, server notifies computing device to prevent source work stations log computing device.
Description
Technical field
The application is related to information security field, in particular to a kind of Prevention-Security of computing device, implementation method,
Apparatus and system.
Background technology
Traditional Windows prevents RDP (Remote Desktop Protocol, abbreviation RDP) violence
System is cracked, it is necessary to which Windows developer intercepts from driving layer, development cost is larger, it is difficult to accomplish stabilization,
And this defence can only defend separate unit computing device in time, and other computing devices are still exposed in face of attacker,
Attacker can proceed to crack, if while attacker carries out range explosion, it is likely that cause any calculating
Equipment is all without triggering defense mechanism.Thus, correlation technique development cost is higher, is single-point defence, i.e., only meeting
In the case that number of times is set, single computing device is on the defensive, and many computing devices can not be carried out effectively
Defence.
The content of the invention
According to the one side of the embodiment of the present application there is provided a kind of Prevention-Security implementation method of computing device, including:
Server receives the log-on message that computing device is sent;Wherein, the log-on message logs in the source work of computing device for request
Make the information stood;Server judges whether the specifies behavior of source work station corresponding to log-on message is legal, above-mentioned nominated bank
To log in the behavior of computing device for source workstation requests;In the case of specifies behavior is illegal, server notifies meter
Calculate apparatus for blocking source work stations log computing device.
According to the another aspect of the embodiment of the present application, a kind of safety defense method of computing device is additionally provided, including:
Computing device sends log-on message to server;Wherein, log-on message logs in the source work station letter of computing device for request
Breath;The announcement information that computing device the reception server is sent;Wherein, announcement information is that server is judging log-on message
The information sent in the case of the specifies behavior of corresponding source work station is illegal;Computing device prevents source according to announcement information
Work stations log computing device.
According to the another aspect of the embodiment of the present application, additionally provide a kind of Prevention-Security of computing device and realize device, should
For server, including:Receiving module, the log-on message for receiving computing device transmission;Wherein, log-on message
The information of the source work station of computing device is logged in for request;Judge module, for judging that source corresponding to log-on message works
Whether the specifies behavior stood is legal, and specifies behavior is the behavior that source workstation requests log in computing device;Notification module,
For in the case of specifies behavior is illegal, notifying computing device to prevent source work stations log computing device.
According to the another aspect of the embodiment of the present application, a kind of Prevention-Security device of computing device is additionally provided, is applied to
Computing device, including:Sending module, for sending log-on message to server;Wherein, log-on message is stepped on for request
Record the source station information of computing device;Receiving module, the announcement information sent for the reception server;Wherein, lead to
Know what information sent for server in the case of the specifies behavior for judging source work station corresponding to log-on message is illegal;Place
Module is managed, for preventing source work stations log computing device according to announcement information.
According to the another aspect of the embodiment of the present application, a kind of safety defense system of computing device is additionally provided, including:
Server, computing device;Computing device, for log-on message to be sent into server;Wherein, log-on message is to ask
Seek the information for the source work station for logging in computing device;Server, the finger for judging source work station corresponding to log-on message
Determine whether behavior is legal, specifies behavior is the behavior that source workstation requests log in computing device;And in specifies behavior not
In the case of legal, computing device is notified to prevent source work stations log computing device.
In the embodiment of the present application, the log-on message that computing device is sent is received using server, judges the log-on message
Whether the behavior that corresponding source workstation requests log in computing device is legal, in the case of illegal, notifies computing device
The mode of the source work stations log computing device is prevented, source workstation requests are got by server logs in calculating and set
Standby log-on message, and analysis judgement is carried out to the log-on message, judging to show that source workstation requests log in calculating and set
In the case of standby behavior is illegal, in time computing device can be notified to be intercepted, i.e., due to point by server
Analysis judges to realize that the behavior to source work stations log computing device is intercepted, therefore can realize to many computing devices
Effectively defendd, and then solve many computing devices can not be defendd in correlation technique by source work station Brute Force
Technical problem.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding of the present application, constitutes the part of the application, this Shen
Schematic description and description please is used to explain the application, does not constitute the improper restriction to the application.In accompanying drawing
In:
Fig. 1 is a kind of hardware knot of the terminal of the Prevention-Security implementation method of computing device of the embodiment of the present application
Structure block diagram;
Fig. 2 is the flow chart of the Prevention-Security implementation method according to the computing device of the embodiment of the present application 1;
Fig. 3 is the schematic diagram of the computing device Prevention-Security implementation method in the scene 1 of the application alternative embodiment;
Fig. 4 is the flow chart of the safety defense method of the computing device of the embodiment of the present application;
Fig. 5 is that the Prevention-Security of the computing device of the embodiment of the present application realizes the structured flowchart of device;
Fig. 6 is the structured flowchart of the Prevention-Security device of the computing device of the embodiment of the present application;
Fig. 7 is the structured flowchart of the safety defense system of the computing device of the embodiment of the present application;
Fig. 8 is the structured flowchart of the safety defense system of the computing device of the application alternative embodiment;
Fig. 9 is a kind of structured flowchart of terminal according to the embodiment of the present application.
Embodiment
In order that those skilled in the art more fully understand application scheme, below in conjunction with the embodiment of the present application
Accompanying drawing, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described embodiment
The only embodiment of the application part, rather than whole embodiments.Based on the embodiment in the application, ability
The every other embodiment that domain those of ordinary skill is obtained under the premise of creative work is not made, should all belong to
The scope of the application protection.
It should be noted that term " first " in the description and claims of this application and above-mentioned accompanying drawing, "
Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that this
The data that sample is used can be exchanged in the appropriate case, so as to embodiments herein described herein can with except
Here the order beyond those for illustrating or describing is implemented.In addition, term " comprising " and " having " and they
Any deformation, it is intended that covering is non-exclusive to be included, for example, containing process, the side of series of steps or unit
Method, system, product or equipment are not necessarily limited to those steps clearly listed or unit, but may include unclear
It is that ground is listed or for the intrinsic other steps of these processes, method, product or equipment or unit.
Embodiment 1
According to the embodiment of the present application, a kind of embodiment of the method for the Prevention-Security implementation method of computing device is additionally provided,
It should be noted that the step of the flow of accompanying drawing is illustrated can such as one group computer executable instructions calculating
Performed in machine system, and, although logical order is shown in flow charts, but in some cases, can be with
Shown or described step is performed different from order herein.
The embodiment of the method that the embodiment of the present application 1 is provided can be in mobile terminal, terminal or similar fortune
Calculate in device and perform.Exemplified by running on computer terminals, Fig. 1 is a kind of computing device of the embodiment of the present application
The hardware block diagram of the terminal of Prevention-Security implementation method.As shown in figure 1, terminal 10 can be wrapped
Including one or more (one is only shown in figure) processors 102, (processor 102 can include but is not limited to microprocessor
Device MCU or PLD FPGA etc. processing unit), memory 104, Yi Jiyong for data storage
In the transmitting device 106 of communication function.It will appreciated by the skilled person that the structure shown in Fig. 1 is only to show
Meaning, it does not cause to limit to the structure of above-mentioned electronic installation.For example, terminal 10, which may also include, compares Fig. 1
Shown in more either less components or with the configuration different from shown in Fig. 1.
The calculating that memory 104 can be used in the software program and module of storage application software, such as the embodiment of the present application
Corresponding programmed instruction/the module of Prevention-Security implementation method of equipment, processor 102 is stored in memory by operation
Software program and module in 104, so as to perform various function application and data processing, that is, realize above-mentioned answer
With the Prevention-Security implementation method of the computing device of program.Memory 104 may include high speed random access memory, can also wrap
Nonvolatile memory is included, such as one or more magnetic storage device, flash memory or other nonvolatile solid states are deposited
Reservoir.In some instances, memory 104 can further comprise the memory remotely located relative to processor 102,
These remote memories can pass through network connection to terminal 10.The example of above-mentioned network includes but is not limited to mutually
Networking, intranet, LAN, mobile radio communication and combinations thereof.
Transmitting device 106 is used to data are received or sent via a network.Above-mentioned network instantiation may include
The wireless network that the communication providerses of terminal 10 are provided.In an example, transmitting device 106 includes one
Network adapter (Network Interface Controller, NIC), it can pass through base station and other network equipments
It is connected to be communicated with internet.In an example, transmitting device 106 can be radio frequency (Radio
Frequency, RF) module, it is used to wirelessly be communicated with internet.
Under above-mentioned running environment, this application provides the Prevention-Security implementation method of computing device as shown in Figure 2.
Fig. 2 is the flow chart of the Prevention-Security implementation method according to the computing device of the embodiment of the present application 1, and this method includes step
Rapid S202- steps S206:
Step S202, server receives the log-on message that computing device is sent;Wherein, the log-on message logs in for request
The information of the source work station of computing device;
In the alternative embodiment of the application, above-mentioned log-on message includes at least one of information:Request is logged in
The IP address information of the source work station of above-mentioned computing device, what the source work station that request logs in above-mentioned computing device was used
Username information.The log-on message can after computing device is acquired, then pass through the network mould of computing device
Block is sent to server.
It should be noted that above-mentioned steps, which can apply to Windows anti-violences, cracks system, it can also be applied to
The anti-violence of his operating system cracks system, such as Android system, ios systems etc..With applied to Window anti-violences
Crack exemplified by system, above-mentioned steps S202 can be shown as:In source, workstation requests log in the logged of the computing device
Sub- authorization module (i.e. SubAuth Module) in Cheng Zhong, the computing device is gathered after above-mentioned log-on message, is passed through
The mixed-media network modules mixed-media (i.e. NetWorker) of computing device reports server.
It should be noted that above-mentioned server can be the terminal shown in Fig. 1, can be similar computing dress
Put, however it is not limited to this.Above-mentioned server can be connected with many computing devices, and connecting many calculating by server sets
It is standby to allow server to carry out Prevention-Security to many computing devices;Above-mentioned computing device can show as client and set
It is standby, or server apparatus, but it is not limited to this;Above-mentioned source work station is asked to log in one of above-mentioned computing device
Person, it can show as computer equipment, mobile terminal, but be not limited to this.
Step S204, server judges whether the specifies behavior of source work station corresponding to log-on message is legal, above-mentioned to specify
Behavior is the behavior that source workstation requests log in computing device;
In one embodiment of the application, above-mentioned steps S204 can show as at least one of:Mode one:Clothes
Business device searches the corresponding record of log-on message in the database of server, and whether determines specifies behavior according to record
It is legal;Mode two:Whether the quantity for the log-on message that server is received in the given time according to the server surpasses
Cross the first predetermined threshold;And in the case where quantity is more than the first predetermined threshold, server determines that specifies behavior is illegal.
It is of course also possible to mode one and mode two are combined to determine whether above-mentioned specifies behavior is legal, for example, server
The log-on message of the quantity more than the first predetermined threshold is received in the given time, then server thinks the specifies behavior
It is probably illegal, further, server searches the corresponding record of log-on message in database again, according to the note
Record to determine whether above-mentioned specifies behavior is really illegal;But it is not limited to this.
It should be noted that storing active station information and login corresponding with the source work station in above-mentioned database
Computing device failure information and/or login computing device successful information, the login computing device failure information and/or login
Computing device successful information can be acquired by the log acquisition module of computing device after by the network of computing device
Module is uploaded to server.Aforesaid way one, can by record corresponding with the log-on message in searching data storehouse
The source work station is found rapidly when logging in this computing device or logging in other computing devices with the presence or absence of login failure
Information, i.e., find rapidly the source work station with the presence or absence of record of bad behavior, the record of bad behavior is the source work station to other
Computing device or this computing device carry out malicious attack or Brute Force, and then can draw above-mentioned specifies behavior not
It is legal.
Specifically, in one embodiment of the application, it can also determine that this refers to by one below mode in mode one
Whether legal determine behavior:First way:In the case where the content of record is the failure of source work stations log, server
Determine that specifies behavior is illegal;The second way:Server is in the record found, and the content of statistic record is source
The number of the record of work stations log failure;In the case where the number of record is more than the second predetermined threshold, server is true
Determine specifies behavior illegal.For first way, simply by the presence of the content of source work stations log failure, this is considered as
Specifies behavior is illegal, as long as that is, the source work station had record of bad behavior, is considered as be somebody's turn to do corresponding with the source work station
Specifies behavior is exactly illegal.For the second way, the note corresponding with the log-on message found in database
Record may more than one, the number of the record failed by Statistic Source work stations log, by the number with presetting
Good threshold value (i.e. the second predetermined threshold) compares to determine whether the specifies behavior is legal, i.e., worked with the source by Dui
Stand corresponding record of bad behavior statistical analysis, match and relatively determine whether specifies behavior legal.The second way is compared
In first way, the legitimacy of above-mentioned specifies behavior can be more accurately judged.
It should be noted that the above-mentioned process for carrying out searching statistics to record can be by the logic analysis in server
Module is performed, and above-mentioned second predetermined threshold can be preset in rule match module in the server,
Specifically, it can be preset based on configuration file, and then can be adjusted by the modification to configuration file
Two predetermined thresholds, add more preferable flexibility, are convenient for safeguarding and upgrade.
In aforesaid way one, following scene can apply to:One source work station does not conform to a computing device
After judicial act, then other computing devices are carried out not conform to judicial act, can also be applied to:One source work station is to one
Individual computing device do not conform to is further continued for that the computing device is carried out not conform to judicial act after judicial act, but is not limited to this.
In aforesaid way two, pass through the quantity of log-on message received in the scheduled time and the comparison of the first predetermined threshold
To obtain, whether specifies behavior is legal, and which can apply to the judicial act that do not conform to of range, such as one source work station
To a group computing device simultaneously carry out do not conform to judicial act, can also be applied to a source work station to a group computing device not
Carry out not conforming to judicial act simultaneously, but the judicial act number of times that do not conform to made to every computing device seldom (does not conform to judicial act
Number of times is less than predetermined threshold value) situation, however it is not limited to this.If receiving one within the regular hour in server
During the log-on message of fixed number amount, it is believed that above-mentioned specifies behavior is simultaneously illegal.
Step S206, in the case of specifies behavior is illegal, server notifies computing device to prevent source work stations log
Computing device.
In one embodiment of the application, in the case of specifies behavior is illegal, server can be by calculating
Equipment issues interception and requires to notify computing device to prevent source work stations log computing device.
By the above method, server gets source workstation requests and logs in the log-on message of computing device, and this is stepped on
Record information and carry out analysis judgement, in the case of judging that the behavior for drawing source workstation requests login computing device is illegal,
In time computing device can be notified to be intercepted, i.e., judge to realize to many computing devices by the analysis of server
Effectively defendd, and then solve many computing devices can not be defendd in correlation technique by source work station Brute Force
Technical problem.
In one embodiment of the application, after above-mentioned steps S206, following process step can also carry out:Clothes
Business device receives the login failure information that computing device is sent, wherein, the login failure information is used to indicate that source work station is stepped on
Record computing device failure;And by the database of login failure information record to server.By above-mentioned process step,
Due to by the database of login failure information record to server, therefore can be in subsequent source work station again to the meter
When calculation equipment or other computing devices carry out not conforming to judicial act, server can quickly be judged not conforming to judicial act, enter
And this can be prevented not conform to judicial act.
In one embodiment of the application, above-mentioned illegal behavior can be violence of the source work station to computing device
Crack the malicious attack behavior of behavior or source work station to computing device, however it is not limited to this.Below not conform to
The behavior of method is source work station to being illustrated exemplified by the Brute Force behavior of computing device:
Scene 1:A certain source work station malice carries out Brute Force to a certain computing device, and computing device will be set from calculating
The event for the login failure being collected into log collection module in standby (equivalent to the login failure information in embodiment 1)
Server is reported, server carries out data in database and analyzed, and is the discovery that Brute Force, so as to notify to calculate
SubAuth Module modules in equipment are prevented login behavior, while source work station attempts attack when other
During other computing devices, landing request information is sent to server by the SubAuth Module on other computing devices,
Server can directly issue interception and require (equivalent to the step S206 in embodiment 1), so as to directly prevent to log in
Request.
Scene 2:A certain source work station carries out Brute Force to a group computing device, but to the sudden and violent of every computing device
It is all seldom that power cracks number of times, when server receives multiple log-on message, is matched according to the rule of setting,
It was found that after meeting some rule of conduct of Brute Force, it is believed that the login of the source work station should be intercepted (equivalent to upper
State mode 1 and/or mode 2 in embodiment 1), afterwards when the SubAuth Module of other computing devices have found the source
When work station has the logging request to be sent to server, server will issue interception and require (equivalent in embodiment 1
Step S206), so as to prevent more Brute Forces from asking.
Scene 3:Continue to carry out violence to computing device after the Brute Force of certain source work station is found by computing device
Crack, landing request information is sent to server by the SubAuth Module modules of computing device, while to logged
Cheng Jinhang delay process, returns again to failure information after some time, so that the cost cracked is increased, and then can
Prevent the Brute Force.
Fig. 3 is the schematic diagram of the computing device Prevention-Security implementation method in the scene 1 of the application alternative embodiment, such as
Shown in Fig. 3, the login failure information of source work station passes through the mixed-media network modules mixed-media in main frame on main frame (computing device)
(NetWorker) database (Database) in uploading onto the server, when server knows that source work station may be right
When other main frames carry out Brute Force, the logic module (Logic Module) in server is extracted from Database
Data are analyzed, and obtain analysis result (the record number for such as, obtaining login failure corresponding with the source work station),
Analysis result is input to progress rule match in the rule match module (Rule Match) in server and (such as, will
The obtained record number is compared with the threshold value pre-set in rule match module), rule match module by than
What relatively result obtained that source work station carries out to other main frames is Brute Force behavior, thus by Logic Module to its
The SubAuth modules of his main frame issue interception instruction, are intercepted.
It should be noted that for foregoing each method embodiment, in order to be briefly described, therefore it is all expressed as to one it is
The combination of actions of row, but those skilled in the art should know, the application is not limited by described sequence of movement
System, because according to the application, some steps can be carried out sequentially or simultaneously using other.Secondly, art technology
Personnel should also know that embodiment described in this description belongs to preferred embodiment, involved action and module
Not necessarily necessary to the application.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation
The method of example can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but
The former is more preferably embodiment in many cases.Based on it is such understand, the technical scheme of the application substantially or
Say that the part contributed to prior art can be embodied in the form of software product, the computer software product is deposited
Storage is in a storage medium (such as ROM/RAM, magnetic disc, CD), including some instructions are to cause a station terminal
Described in each embodiment of equipment (can be mobile phone, computer, server, or network equipment etc.) execution the application
Method.
Embodiment 2
According to the embodiment of the present application, a kind of safety defense method of computing device is additionally provided, Fig. 4 is that the application is implemented
The flow chart of the safety defense method of the computing device of example, as shown in figure 4, the method comprising the steps of S402 is to step
S406:
Step S402, computing device sends log-on message to server;Wherein, log-on message logs in calculating for request and set
Standby source station information;
It should be noted that above-mentioned computing device can be the terminal or mobile terminal shown in Fig. 1,
But it is not limited to this.
Above-mentioned log-on message includes at least one of information:Request logs in the IP of the source work station of above-mentioned computing device
Address information, request logs in the username information that the source work station of above-mentioned computing device is used.The log-on message can be with
It is that after a module of computing device is gathered, server is sent to by the mixed-media network modules mixed-media of computing device.
It should be noted that the above method, which can apply to Windows anti-violences, cracks system, it can also be applied to
The anti-violence of his operating system cracks system, such as Android system, ios systems etc..With applied to Window anti-violences
Crack exemplified by system, above-mentioned steps S402 can be shown as:In source, workstation requests log in the logged of the computing device
SubAuthor Module in Cheng Zhong, the computing device are gathered after above-mentioned log-on message, pass through the network of computing device
Module (i.e. NetWorker) reports server.
Above-mentioned server can be connected with multiple above-mentioned computing devices, can be realized to multiple computing devices in server
Prevention-Security;Above-mentioned computing device can show as client device, or server apparatus, but be not limited to this;
Above-mentioned source work station is logs in a requestor of above-mentioned computing device, and it can show as computer equipment, mobile whole
End, but it is not limited to this.
Step S404, the announcement information that computing device the reception server is sent;Wherein, announcement information is that server is being sentenced
Determine source work station corresponding to log-on message specifies behavior it is illegal in the case of the information that sends;
It should be noted that server judges the whether legal method of the specifies behavior of source work station corresponding to log-on message,
Method with above-described embodiment 1 is identical, and here is omitted.
Step S406, computing device prevents source work stations log computing device according to announcement information.
By the above method, the log-on message sent by server to computing device carries out analysis judgement, judged
Go out source workstation requests log in computing device behavior it is illegal in the case of, it is logical that computing device the reception server is sent
Know information to notify computing device to be intercepted, i.e., judge to realize to many computing devices by the analysis of server
Effectively defendd, and then solve many computing devices can not be defendd in correlation technique by source work station Brute Force
Technical problem.
In one embodiment of the application, after step S406, the above method can also include:Computing device to
Server sends login failure information;Wherein, the login failure information is used to indicate source work stations log computing device mistake
Lose.Login failure information is sent to after server, login failure information stored in database in the server,
By that by the database of login failure information record to server, can be set again to the calculating in subsequent source work station
When standby or other computing devices carry out not conforming to judicial act, server can quickly be judged not conforming to judicial act, enter
And can fast notification computing device prevent this from not conforming to judicial act.
Embodiment 3
According to the embodiment of the present application, a kind of Prevention-Security implementation method for being used to implement above-mentioned computing device is additionally provided
Device, Fig. 5 is that the Prevention-Security of the computing device of the embodiment of the present application realizes the structured flowchart of device, as shown in figure 5,
The device includes:
Receiving module 52, the log-on message for receiving computing device transmission;Wherein, the log-on message logs in for request
The information of the source work station of computing device;
In one embodiment of the application, above-mentioned log-on message includes at least one of information:Request logs in above-mentioned
The IP address information of the source work station of computing device, request logs in the user that the source work station of above-mentioned computing device is used
Name information.
Said apparatus can be located in server, and the server can be connected with multiple computing devices, and many can be counted
Calculate equipment and carry out Prevention-Security;Above-mentioned computing device can show as client device, or server apparatus, but simultaneously
Not limited to this;Above-mentioned source work station is logs in a requestor of above-mentioned computing device, and it can show as computer and set
It is standby, mobile terminal, but it is not limited to this.
Judge module 54, is connected with above-mentioned receiving module 52, for judging source work station corresponding to above-mentioned log-on message
Specifies behavior it is whether legal, above-mentioned specifies behavior is the behavior that above-mentioned source workstation requests log in the computing device;
In one embodiment of the application, judge module 54 is additionally operable to search log-on message in the database of server
Corresponding record, and determine whether specifies behavior is legal according to record, and/or according to receiving in the given time
Whether the quantity of log-on message is more than the first predetermined threshold;And in the case where quantity is more than the first predetermined threshold, service
Device determines that specifies behavior is illegal.
It should be noted that storing active station information and login corresponding with the source work station in above-mentioned database
Computing device failure information and/or login computing device successful information.By above-mentioned judge module 54 by searching the number
According to record corresponding with the log-on message in storehouse, the source work station can be found rapidly and is logging in this computing device or is stepping on
With the presence or absence of the information of login failure when recording other computing devices, i.e., above-mentioned judge module 54 can find the source work rapidly
Make station and whether there is record of bad behavior, the record of bad behavior is the source work station to other computing devices or this computing device
Malicious attack or Brute Force are carried out, and then may determine that and show that above-mentioned specifies behavior may be illegal.
Specifically, in one embodiment of the application, it is source work that above-mentioned judge module 54, which is additionally operable in the content of record,
In the case of making station login failure, determine that specifies behavior is illegal.As long as the record content that i.e. judge module 54 is obtained is
The content of source work stations log failure, it is illegal to be considered as the specifies behavior, as long as that is, judge module 54 obtains the source work
There is record of bad behavior as station, it is exactly illegal to be considered as the specifies behavior corresponding with the source work station.
Above-mentioned judge module 54 is additionally operable in the record found, and the content of statistic record fails for source work stations log
Record number;In the case where the number of record is more than the second predetermined threshold, determine that specifies behavior is illegal.On
State judge module 54 by a pair statistical analysis for record of bad behavior corresponding with the source work station, match and relatively determine to specify
Whether behavior is legal.
It should be noted that said apparatus can also include rule match module, for entering to above-mentioned second predetermined threshold
Row is preset.Above-mentioned rule match module can be preset based on configuration file, so can by
Put the modification of file to adjust the second predetermined threshold, add more preferable flexibility, be convenient for safeguarding and upgrade.
Whether above-mentioned judge module 54 is additionally operable to according to the quantity of log-on message received in the given time more than the
One predetermined threshold;And in the case where quantity is more than the first predetermined threshold, determine that specifies behavior is illegal.
Notification module 56, is connected with above-mentioned judge module 54, in the case of above-mentioned specifies behavior is illegal,
Above-mentioned computing device is notified to prevent computing device described in the source work stations log.
It should be noted that above-mentioned notification module 56 can prevent source work stations log from calculating by sending interception requirement
Equipment.
By said apparatus, receiving module 52 gets the log-on message that source workstation requests log in computing device, judges
54 pairs of log-on messages of module carry out analysis judgement, are judging to show that source workstation requests log in the behavior of computing device not
In the case of legal, notification module 56 can notify computing device to be intercepted in time, i.e., said apparatus passes through server
Analysis judge to realize many computing devices carried out with effective defence, and then solve in correlation technique and can not prevent
Many computing devices are driven by the technical problem of source work station Brute Force.
In one embodiment of the application, said apparatus can also include:Database module, based on receiving and storing
The login failure information that equipment is sent is calculated, wherein, the login failure information is used to indicate source work stations log computing device
Failure.Login failure information is stored in database module, can be in subsequent source work station again to the computing device
Or other computing devices are carried out when do not conform to judicial act, can quickly judge not conforming to judicial act, and then can hinder
Only this does not conform to judicial act.
It should be noted that said apparatus can apply to the above method can apply to Windows anti-violences and crack be
System, the anti-violence that can also be applied to other operating systems cracks system, such as Android system, ios systems etc., and
Not limited to this.In one embodiment of the application, above-mentioned illegal behavior can be source work station to computing device
Malicious attack behavior to computing device of Brute Force behavior or source work station, however it is not limited to this.
, can be with for the latter it should be noted that above-mentioned modules can be by software or hardware to realize
It is accomplished by the following way, but not limited to this:Above-mentioned modules (such as receiving module 52, judge module 54, logical
Know module 56) it may be in same processor, or above-mentioned modules are located in different processors respectively.
Embodiment 4
According to the embodiment of the present application, a kind of device for being used to implement the safety defense method of above-mentioned computing device is additionally provided,
Fig. 6 is the structured flowchart of the Prevention-Security device of the computing device of the embodiment of the present application, as shown in fig. 6, the device bag
Include:
Sending module 62, for sending log-on message to server;Wherein, the log-on message logs in described for request
The source station information of computing device;
It should be noted that the device can apply in computing device, the computing device can be the meter shown in Fig. 1
Calculation machine terminal or mobile terminal, but it is not limited to this;The computing device can show as client device,
Or server apparatus, but it is not limited to this;Above-mentioned source work station is a requestor for logging in above-mentioned computing device,
It can show as computer equipment, mobile terminal, but be not limited to this..
Above-mentioned log-on message includes at least one of information:Request logs in the IP of the source work station of above-mentioned computing device
Address information, request logs in the username information that the source work station of above-mentioned computing device is used.The log-on message can be with
It is the acquisition module collection of above-mentioned computing device, then server is sent to by sending module 62.Above-mentioned server
Multiple above-mentioned computing devices can be connected with, the Prevention-Security to multiple computing devices can be realized in server.
Receiving module 64, is connected with above-mentioned sending module 62, the announcement information sent for the reception server;Wherein,
The announcement information is that server is sent in the case of the specifies behavior for judging source work station corresponding to log-on message is illegal;
It should be noted that above-mentioned server judge whether the specifies behavior of source work station corresponding to log-on message legal can
To be realized by the judge module 54 in embodiment 3, the description of specific implementation detailed in Example 3, herein not
Repeat again.
Processing module 66, is connected with above-mentioned receiving module 64, for preventing the source from working according to the announcement information
Stand and log in the computing device.
The notice that said apparatus is sent by sending module 62, receiving module 64 and processing module 66, the reception server
Information notifies computing device to be intercepted, wherein, the announcement information is that the login that server is sent to computing device is believed
Breath carries out analysis judgement, is serviced in the case of judging that the behavior for drawing source workstation requests login computing device is illegal
What device was sent, i.e., said apparatus judge to realize by the analysis of server many computing devices are carried out it is effective anti-
It is imperial, and then solve many computing devices can not be defendd in correlation technique by the technical problem of source work station Brute Force.
In one embodiment of the application, said apparatus can also include:Log acquisition module, for from day aspiration
Login failure information is collected in system, and is sent to by sending module 62 in the database of server, in case subsequent source work
Stand when carry out not conforming to judicial act to the computing device or other computing devices again, when server is analyzed
Use.
It should be noted that said apparatus can also crack system applied to Windows anti-violences, it can also be applied to
The anti-violence of other operating systems cracks system, such as Android system, ios systems etc., however it is not limited to this.In this Shen
In one embodiment please, above-mentioned illegal behavior can be Brute Force behavior of the source work station to computing device,
Can also be malicious attack behavior of the source work station to computing device, however it is not limited to this.
, can be with for the latter it should be noted that above-mentioned modules can be by software or hardware to realize
It is accomplished by the following way, but not limited to this:Above-mentioned modules (such as transmission block 62, receiving module 64, processing
Module 66) it may be in same processor, or above-mentioned modules are located in different processors respectively.
Embodiment 5
According to the embodiment of the present application, a kind of safety defense system of computing device is additionally provided, Fig. 7 is that the application is implemented
The structured flowchart of the safety defense system of the computing device of example, as shown in fig. 7, the system includes:Server, is calculated
Equipment;
Computing device 72, for log-on message to be sent into server;Wherein, the log-on message is logged in for request and calculated
The information of the source work station of equipment;
Server 74, is connected with computing device 72, the specifies behavior for judging source work station corresponding to log-on message
Whether legal, the specifies behavior is the behavior that source workstation requests log in computing device;And do not conform in the specifies behavior
In the case of method, computing device is notified to prevent source work stations log computing device.
It should be noted that above-mentioned log-on message includes at least one of information:Request logs in above-mentioned computing device
The IP address information of source work station, request logs in the username information that the source work station of above-mentioned computing device is used.
It should be noted that above-mentioned computing device 72 can include the Prevention-Security device of the computing device in embodiment 4,
The Prevention-Security that above-mentioned server 74 can include the computing device in embodiment 3 realizes device.Specific detailed in Example
3 and the introduction of embodiment 4, here is omitted.Server 74 can be connected with multiple computing devices 72, realization pair
The Prevention-Security of many computing devices.
By said system, server gets source workstation requests and logs in the log-on message of computing device, and this is stepped on
Record information and carry out analysis judgement, in the case of judging that the behavior for drawing source workstation requests login computing device is illegal,
In time computing device can be notified to be intercepted, i.e., judge to realize to many computing devices by the analysis of server
Effectively defendd, and then solve many computing devices can not be defendd in correlation technique by source work station Brute Force
Technical problem.
The safety defense system of computing device is further explained below in conjunction with optional embodiment.
The application alternative embodiment provides a kind of safety defense system of computing device in Windows, and Fig. 8 is this Shen
Please alternative embodiment computing device safety defense system structured flowchart, as shown in figure 8, said system is mainly wrapped
Include computing device (main frame) 82 (host, equivalent to computing device 72), (server, equivalent to clothes of server 84
Business device 74).
Main frame can also include:RDP Login Proc822 (RDP login process device):Windows RDP login process:
SubAuth Module824 (sub- authorization module, equivalent to acquisition module and processing module 66), for gathering what is logged in
Source work station, username information, login behavior are intercepted during the serial process of login authentication, i.e., for accessing
Into Windows RDP login process, IP, user name to login upload to clothes after being collected by mixed-media network modules mixed-media
Business device, while the result returned according to server determines that this login is let pass or prevented;
NetworkWorker826 (mixed-media network modules mixed-media, equivalent to sending module 62 and receiving module 64):Mainframe network communication section
Point, for carrying out network communication transmitting and receiving data with Server (server) ends;Log Collect Module828
(log acquisition module, equivalent to the log acquisition module implemented in 4), for gathering the result whether logined successfully letter
Breath, i.e., for the information that associated login success and failure are collected from Windows log systems, while passing through network
Module is sent to server.
Server can also include:Logic Module842 (logic module), the login letter for handling main frame upload
Breath, while decide whether to let off or intercept according to data in database and rule etc., i.e., using main frame log-on message as
Basis is analyzed, and whether be malicious attack behavior, analysis process is based on multiple simple logins if judging logging request
Information and result carry out comprehensive analysis, when finding that source work station is carrying out Brute Force, on other main frames
Interception order is issued after report behavior and intercepts login;Database Module844 (database modules, equivalent to implementation
Database in example 3):Database module in Server, for preserving the information such as logon data.Log Module846
(log pattern);Rule Match (rule match) module 848, for the matching logic of implementation rule, i.e. root
The rule match rule that can be carried out with behavior analyzed according to logic module be based on configuration file, therefore with height
Flexibility, can be by the maintenance and upgrading changed into line discipline of configuration file.Rule Manager8410 (rule pipes
Manage module), for the management to rule, update etc.;White List8412 (white list module) are special for avoiding
In the case of erroneous judgement.Above-mentioned logic module, rule match module are equivalent to the judge module 54. in embodiment 3
In said system, SubAuth Module are controlled there is provided reliable login process.Log Collect Module
There is provided reliable information gathering mode.Logic Module are based on big data processing, and can effectively analyze login please
The behavior purpose asked, is different from simple single host information record and judges.Rule Match by flexibly can match somebody with somebody mode,
Final testing result is made in behavioural analysis based on Logic Module.And the analysis based on big data, can be certainly
It is dynamic to realize the judgement for logging in purpose.
It should be noted that in the alternative embodiment of the application, above-mentioned server can connect multiple main frames, pass through
Unified server (Server) is connected to, log-on message is analyzed, the attack that may occur timely is defendd.
When the source work station of Server machine discovery this machine be connected to when one having Brute Force behavior, can and
Shi Tongzhi Server, Server is recorded to data, when this source work station also carries out Brute Force to other machines
When, Server can timely notify this to be cracked machine to defend what this source work station carried out to crack behavior.
Meanwhile, if attacker carries out the Brute Force behavior based on range, Server also can timely have found that the source works
Stand to multiple host carry out login behavior, for common user this be an exception behavior, in certain rule
This behavior can be ranged Brute Force in the case of then, while triggering the defense mechanism of main frame.Can be greatly
Improve the security of the cost and difficulty, preferably protected host of attacker.
Embodiment 6
Embodiments herein can provide a kind of terminal, the terminal can be terminal group in
Any one computer terminal.Alternatively, in the present embodiment, above computer terminal can also be replaced with
The terminal devices such as mobile terminal.
Alternatively, in the present embodiment, above computer terminal can be located in multiple network equipments of computer network
At least one network equipment.
In the present embodiment, above computer terminal can perform the Prevention-Security realization side of the computing device of application program
The program code of following steps in method:Receive the log-on message that computing device is sent;Wherein, the log-on message is request
Log in the information of the source work station of computing device;Judge whether the specifies behavior of source work station corresponding to log-on message is legal,
Above-mentioned specifies behavior is the behavior that source workstation requests log in computing device;In the case of specifies behavior is illegal, lead to
Know that computing device prevents source work stations log computing device.
It should be noted that the terminal can be connected with many computing devices, to realize to many computing devices
Prevention-Security.Specifically, reference can be made to the description of embodiment 1, here is omitted.
Alternatively, Fig. 9 is a kind of structured flowchart of terminal according to the embodiment of the present application.As shown in figure 9,
Terminal A can include:One or more (one is only shown in figure) processors 92, memory 94, with
And transmitting device 96.
Wherein, memory 94 can be used for storage software program and module, such as the computing device in the embodiment of the present application
Prevention-Security implementation method and the corresponding programmed instruction/module of device, processor 92 are stored in memory 94 by operation
Interior software program and module, so as to perform various function application and data processing, that is, realize that above-mentioned calculating is set
Standby Prevention-Security implementation method.Memory 94 may include high speed random access memory, can also include non-volatile memories
Device, such as one or more magnetic storage device, flash memory or other non-volatile solid state memories.In some realities
In example, memory 94 can further comprise the memory remotely located relative to processor 92, these remote memories
Network connection to terminal A can be passed through.The example of above-mentioned network includes but is not limited to internet, enterprises
Net, LAN, mobile radio communication and combinations thereof.
Processor can call the information and application program of memory storage by transmitting device 96, to perform following step:
Receive the log-on message that computing device is sent;Wherein, the log-on message logs in the source work station of computing device for request
Information;Judge whether the specifies behavior of source work station corresponding to log-on message is legal, above-mentioned specifies behavior is source work station
Request logs in the behavior of computing device;In the case of specifies behavior is illegal, computing device is notified to prevent source work station
Log in computing device.
The scheme for the terminal realized using the embodiment of the present application there is provided a kind of Prevention-Security of computing device.
Source workstation requests are got by the terminal and log in the log-on message of computing device, and the log-on message is entered
Row analysis judges, in the case of judging that the behavior for drawing source workstation requests login computing device is illegal, Neng Gouji
Shi Tongzhi computing devices are intercepted, i.e., by analyzing judge that the defence effective to many computing devices progress can be realized,
And then solve many computing devices can not be defendd in correlation technique by the technical problem of source work station Brute Force.
It will appreciated by the skilled person that the structure shown in Fig. 9 is only signal, terminal can also be
Smart mobile phone (such as Android phone, iOS mobile phones), tablet personal computer, applause computer and mobile internet device
The terminal device such as (Mobile Internet Devices, MID), PAD.Fig. 9 its not to above-mentioned electronic installation
Structure causes to limit.For example, terminal A may also include the component more or less than shown in Fig. 9 (such as
Network interface, display device etc.), or with the configuration different from shown in Fig. 9.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can be with
Completed by program come the device-dependent hardware of command terminal, the program can be stored in a computer-readable storage medium
In matter, storage medium can include:Flash disk, read-only storage (Read-Only Memory, ROM), deposit at random
Take device (Random Access Memory, RAM), disk or CD etc..
Embodiment 7
Embodiments herein additionally provides a kind of storage medium.Alternatively, in the present embodiment, above-mentioned storage medium
It can be used for preserving the program code performed by the Prevention-Security implementation method for the computing device that above-described embodiment 1 is provided.
Alternatively, in the present embodiment, above-mentioned storage medium can be located in computer network Computer terminal group
In any one terminal, or in any one mobile terminal in mobile terminal group.
Alternatively, in the present embodiment, storage medium is arranged to the program code that storage is used to perform following steps:
Receive the log-on message that computing device is sent;Wherein, the log-on message logs in the source work station of computing device for request
Information;Judge whether the specifies behavior of source work station corresponding to log-on message is legal, above-mentioned specifies behavior is source work station
Request logs in the behavior of computing device;In the case of specifies behavior is illegal, computing device is notified to prevent source work station
Log in computing device.
Above-mentioned the embodiment of the present application sequence number is for illustration only, and the quality of embodiment is not represented.
In above-described embodiment of the application, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment
The part of detailed description, may refer to the associated description of other embodiment.
, can be by other in several embodiments provided herein, it should be understood that disclosed technology contents
Mode realize.Wherein, device embodiment described above is only schematical, such as division of described unit,
It is only a kind of division of logic function, there can be other dividing mode when actually realizing, such as multiple units or component
Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, institute
Display or the coupling each other discussed or direct-coupling or communication connection can be by some interfaces, unit or mould
The INDIRECT COUPLING of block or communication connection, can be electrical or other forms.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to
On multiple NEs.Some or all of unit therein can be selected to realize the present embodiment according to the actual needs
The purpose of scheme.
In addition, each functional unit in the application each embodiment can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.It is above-mentioned integrated
Unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit realized using in the form of SFU software functional unit and as independent production marketing or in use,
It can be stored in a computer read/write memory medium.Understood based on such, the technical scheme essence of the application
On all or part of the part that is contributed in other words to prior art or the technical scheme can be with software product
Form is embodied, and the computer software product is stored in a storage medium, including some instructions are to cause one
Platform computer equipment (can be personal computer, server or network equipment etc.) performs each embodiment institute of the application
State all or part of step of method.And foregoing storage medium includes:USB flash disk, read-only storage (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD
Etc. it is various can be with the medium of store program codes.
Described above is only the preferred embodiment of the application, it is noted that for the ordinary skill people of the art
For member, on the premise of the application principle is not departed from, some improvements and modifications can also be made, these improve and moistened
Decorations also should be regarded as the protection domain of the application.
Claims (14)
1. a kind of Prevention-Security implementation method of computing device, it is characterised in that including:
Server receives the log-on message that computing device is sent;Wherein, the log-on message logs in described for request
The information of the source work station of computing device;
The server judges whether the specifies behavior of source work station corresponding to the log-on message is legal, described to refer to
Determine the behavior that behavior logs in the computing device for the source workstation requests;
In the case of the specifies behavior is illegal, the server notifies the computing device to prevent the source
Computing device described in work stations log.
2. according to the method described in claim 1, it is characterised in that the log-on message includes at least one of information:
Request logs in the IP address information of the source work station of the computing device, and request logs in the source work of the computing device
Stand used username information.
3. according to the method described in claim 1, it is characterised in that the server is judged corresponding to the log-on message
Whether the specifies behavior of source work station is legal including at least one of:
The server searches the corresponding record of the log-on message, Yi Jigen in the database of the server
Determine whether the specifies behavior is legal according to the record;
Whether the quantity for the log-on message that the server is received in the given time according to the server
More than the first predetermined threshold;And in the case where the quantity exceedes first predetermined threshold, the server
Determine that the specifies behavior is illegal.
4. method according to claim 3, it is characterised in that the server determines described refer to according to the record
Determine behavior whether legal including at least one of:
In the case where the content of the record is source work stations log failure, the server determines described
Specifies behavior is illegal;
The server counts the content of the record and stepped on for the source work station in the record found
Record the number of the record of failure;It is described in the case where the number of the record is more than the second predetermined threshold
Server determines that the specifies behavior is illegal.
5. method according to any one of claim 1 to 4, it is characterised in that notify described in the server
Computing device is prevented after computing device described in the source work stations log, and methods described also includes:The service
Device receives the login failure information that the computing device is sent, wherein, the login failure information is used to indicate institute
Computing device described in the work stations log of source is stated to fail;And by the login failure information record to the server
Database in.
6. according to the method described in claim 1, it is characterised in that the server is connected with many computing devices.
7. a kind of safety defense method of computing device, it is characterised in that including:
Computing device sends log-on message to server;Wherein, the log-on message logs in described calculate for request
The source station information of equipment;
The computing device receives the announcement information that the server is sent;Wherein, the announcement information is described
The information that server is sent in the case of the specifies behavior for judging source work station corresponding to the log-on message is illegal;
Computing device computing device according to the announcement information prevents the source work stations log.
8. method according to claim 7, it is characterised in that the log-on message includes at least one of information:
Request logs in the IP address information of the source work station of the computing device, and request logs in the source work of the computing device
Stand used username information.
9. the method according to any one of claim 7 or 8, it is characterised in that in the computing device according to described
Announcement information is prevented after computing device described in the source work stations log, and methods described also includes:
The computing device sends login failure information to the server;Wherein, the login failure information is used
In computing device failure described in the instruction source work stations log.
10. a kind of Prevention-Security of computing device realizes device, it is characterised in that applied to server, including:
Receiving module, the log-on message for receiving computing device transmission;Wherein, the log-on message is request
Log in the information of the source work station of the computing device;
Judge module, for judging whether the specifies behavior of source work station corresponding to the log-on message is legal, institute
State the behavior that specifies behavior logs in the computing device for the source workstation requests;
Notification module, in the case of the specifies behavior is illegal, notifying the computing device to prevent institute
State computing device described in the work stations log of source.
11. device according to claim 10, it is characterised in that the log-on message includes at least one of information:
Request logs in the IP address information of the source work station of the computing device, and request logs in the source work of the computing device
Stand used username information.
12. the Prevention-Security device of a kind of computing device, it is characterised in that applied to computing device, including:
Sending module, for sending log-on message to server;Wherein, the log-on message logs in institute for request
State the source station information of computing device;
Receiving module, for receiving the announcement information that the server is sent;Wherein, the announcement information is institute
State what server was sent in the case of the specifies behavior for judging source work station corresponding to the log-on message is illegal;
Processing module, for the computing device according to the announcement information prevention source work stations log.
13. device according to claim 12, it is characterised in that the log-on message includes at least one of information:
Request logs in the IP address information of the source work station of the computing device, and request logs in the source work of the computing device
Stand used username information.
14. a kind of safety defense system of computing device, it is characterised in that including:Server, computing device;
The computing device, for log-on message to be sent into the server;Wherein, the log-on message is
Request logs in the information of the source work station of the computing device;
The server, for judging whether the specifies behavior of source work station corresponding to the log-on message is legal,
The specifies behavior is the behavior that the source workstation requests log in the computing device;And in the nominated bank
In the case of illegal, the computing device is notified to prevent computing device described in the source work stations log.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610105483.0A CN107124390B (en) | 2016-02-25 | 2016-02-25 | Security defense and implementation method, device and system of computing equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610105483.0A CN107124390B (en) | 2016-02-25 | 2016-02-25 | Security defense and implementation method, device and system of computing equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107124390A true CN107124390A (en) | 2017-09-01 |
| CN107124390B CN107124390B (en) | 2021-05-04 |
Family
ID=59717084
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610105483.0A Active CN107124390B (en) | 2016-02-25 | 2016-02-25 | Security defense and implementation method, device and system of computing equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107124390B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109842587A (en) * | 2017-11-27 | 2019-06-04 | 北京京东尚科信息技术有限公司 | The method and apparatus of monitoring system safety |
Citations (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588850A (en) * | 2004-06-30 | 2005-03-02 | 大唐微电子技术有限公司 | Network identifying method and system |
| CN1780206A (en) * | 2004-11-23 | 2006-05-31 | 华为技术有限公司 | Internet identity authentication and system |
| CN1874227A (en) * | 2006-06-09 | 2006-12-06 | 中国民生银行股份有限公司 | Network site system with defensive pseudo network, and defensive method of pseudo network site |
| CN2891499Y (en) * | 2005-12-21 | 2007-04-18 | 梁剑豪 | Network-based declaration system |
| CN101252436A (en) * | 2008-03-27 | 2008-08-27 | 上海柯斯软件有限公司 | Smart card dynamic password creating and judging system |
| CN101421968A (en) * | 2003-12-23 | 2009-04-29 | 万朝维亚有限公司 | Be used for the right discriminating system that networked computer is used |
| CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
| CN102307097A (en) * | 2011-09-02 | 2012-01-04 | 深圳中兴网信科技有限公司 | User identity authentication method and system |
| CN102333081A (en) * | 2011-08-03 | 2012-01-25 | 北京星网锐捷网络技术有限公司 | Authentication method, equipment and system |
| CN102368768A (en) * | 2011-10-12 | 2012-03-07 | 北京星网锐捷网络技术有限公司 | Identification method, equipment and system as well as identification server |
| US8151326B2 (en) * | 2006-12-08 | 2012-04-03 | Core Mobility, Inc. | Using audio in N-factor authentication |
| CN102469080A (en) * | 2010-11-11 | 2012-05-23 | 中国电信股份有限公司 | Method for pass user to realize safety login application client and system thereof |
| CN102487380A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Desktop virtual terminal entrusting method and system |
| CN102739658A (en) * | 2012-06-16 | 2012-10-17 | 华南师范大学 | Offline verification method for single sign on |
| CN102946397A (en) * | 2012-11-26 | 2013-02-27 | 北京奇虎科技有限公司 | User authentication method and user authentication system |
| CN103200169A (en) * | 2013-01-30 | 2013-07-10 | 中国科学院自动化研究所 | Method and system of user data protection based on proxy |
| CN103379108A (en) * | 2012-04-28 | 2013-10-30 | 中国邮政储蓄银行股份有限公司 | Flexible and safe concentrated identity authentication method |
| CN103746995A (en) * | 2014-01-03 | 2014-04-23 | 汉柏科技有限公司 | User management and control method and system for security network |
| CN103841091A (en) * | 2012-11-26 | 2014-06-04 | 中国移动通信集团公司 | safety login method, device and system |
| CN103888459A (en) * | 2014-03-25 | 2014-06-25 | 深信服网络科技(深圳)有限公司 | Method and device for detecting intranet intrusion of network |
| CN104301316A (en) * | 2014-10-13 | 2015-01-21 | 中国电子科技集团公司第二十八研究所 | Single sign-on system and implementation method thereof |
| CN104468599A (en) * | 2014-12-18 | 2015-03-25 | 浪潮(北京)电子信息产业有限公司 | Method and system for achieving session sharing among multiple applications |
| CN104639562A (en) * | 2015-02-27 | 2015-05-20 | 飞天诚信科技股份有限公司 | Work method of authentication pushing system and equipment |
| CN104902028A (en) * | 2015-06-19 | 2015-09-09 | 赛肯(北京)科技有限公司 | Onekey registration authentication method, device and system |
| US20150264027A1 (en) * | 2008-04-15 | 2015-09-17 | Desktone, Inc. | Remote Access Manager for Virtual Computing Services |
| CN105024819A (en) * | 2015-05-29 | 2015-11-04 | 北京中亦安图科技股份有限公司 | Multifactor authentication method and system based on mobile terminal |
| CN105162774A (en) * | 2015-08-05 | 2015-12-16 | 深圳市方迪科技股份有限公司 | Virtual machine login method and device used for terminal |
| CN105162775A (en) * | 2015-08-05 | 2015-12-16 | 深圳市方迪科技股份有限公司 | Logging method and device of virtual machine |
-
2016
- 2016-02-25 CN CN201610105483.0A patent/CN107124390B/en active Active
Patent Citations (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101421968A (en) * | 2003-12-23 | 2009-04-29 | 万朝维亚有限公司 | Be used for the right discriminating system that networked computer is used |
| CN1588850A (en) * | 2004-06-30 | 2005-03-02 | 大唐微电子技术有限公司 | Network identifying method and system |
| CN1780206A (en) * | 2004-11-23 | 2006-05-31 | 华为技术有限公司 | Internet identity authentication and system |
| CN2891499Y (en) * | 2005-12-21 | 2007-04-18 | 梁剑豪 | Network-based declaration system |
| CN1874227A (en) * | 2006-06-09 | 2006-12-06 | 中国民生银行股份有限公司 | Network site system with defensive pseudo network, and defensive method of pseudo network site |
| US8151326B2 (en) * | 2006-12-08 | 2012-04-03 | Core Mobility, Inc. | Using audio in N-factor authentication |
| CN101252436A (en) * | 2008-03-27 | 2008-08-27 | 上海柯斯软件有限公司 | Smart card dynamic password creating and judging system |
| US20150264027A1 (en) * | 2008-04-15 | 2015-09-17 | Desktone, Inc. | Remote Access Manager for Virtual Computing Services |
| CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
| CN102469080A (en) * | 2010-11-11 | 2012-05-23 | 中国电信股份有限公司 | Method for pass user to realize safety login application client and system thereof |
| CN102487380A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Desktop virtual terminal entrusting method and system |
| CN102333081A (en) * | 2011-08-03 | 2012-01-25 | 北京星网锐捷网络技术有限公司 | Authentication method, equipment and system |
| CN102307097A (en) * | 2011-09-02 | 2012-01-04 | 深圳中兴网信科技有限公司 | User identity authentication method and system |
| CN102368768A (en) * | 2011-10-12 | 2012-03-07 | 北京星网锐捷网络技术有限公司 | Identification method, equipment and system as well as identification server |
| CN103379108A (en) * | 2012-04-28 | 2013-10-30 | 中国邮政储蓄银行股份有限公司 | Flexible and safe concentrated identity authentication method |
| CN102739658A (en) * | 2012-06-16 | 2012-10-17 | 华南师范大学 | Offline verification method for single sign on |
| CN102946397A (en) * | 2012-11-26 | 2013-02-27 | 北京奇虎科技有限公司 | User authentication method and user authentication system |
| CN103841091A (en) * | 2012-11-26 | 2014-06-04 | 中国移动通信集团公司 | safety login method, device and system |
| CN103200169A (en) * | 2013-01-30 | 2013-07-10 | 中国科学院自动化研究所 | Method and system of user data protection based on proxy |
| CN103746995A (en) * | 2014-01-03 | 2014-04-23 | 汉柏科技有限公司 | User management and control method and system for security network |
| CN103888459A (en) * | 2014-03-25 | 2014-06-25 | 深信服网络科技(深圳)有限公司 | Method and device for detecting intranet intrusion of network |
| CN104301316A (en) * | 2014-10-13 | 2015-01-21 | 中国电子科技集团公司第二十八研究所 | Single sign-on system and implementation method thereof |
| CN104468599A (en) * | 2014-12-18 | 2015-03-25 | 浪潮(北京)电子信息产业有限公司 | Method and system for achieving session sharing among multiple applications |
| CN104639562A (en) * | 2015-02-27 | 2015-05-20 | 飞天诚信科技股份有限公司 | Work method of authentication pushing system and equipment |
| CN105024819A (en) * | 2015-05-29 | 2015-11-04 | 北京中亦安图科技股份有限公司 | Multifactor authentication method and system based on mobile terminal |
| CN104902028A (en) * | 2015-06-19 | 2015-09-09 | 赛肯(北京)科技有限公司 | Onekey registration authentication method, device and system |
| CN105162774A (en) * | 2015-08-05 | 2015-12-16 | 深圳市方迪科技股份有限公司 | Virtual machine login method and device used for terminal |
| CN105162775A (en) * | 2015-08-05 | 2015-12-16 | 深圳市方迪科技股份有限公司 | Logging method and device of virtual machine |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109842587A (en) * | 2017-11-27 | 2019-06-04 | 北京京东尚科信息技术有限公司 | The method and apparatus of monitoring system safety |
| CN109842587B (en) * | 2017-11-27 | 2021-11-12 | 北京京东尚科信息技术有限公司 | Method and device for monitoring system safety |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107124390B (en) | 2021-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20150131445A1 (en) | Similarity matching method and related device and communication system | |
| CN110611723B (en) | Scheduling method and device of service resources | |
| CN106161395A (en) | A kind of prevent the method for Brute Force, Apparatus and system | |
| CN110417778B (en) | Access request processing method and device | |
| CN110417717B (en) | Login behavior identification method and device | |
| CN107465651A (en) | Network attack detecting method and device | |
| CN110609937A (en) | Crawler identification method and device | |
| CN106295328A (en) | File test method, Apparatus and system | |
| CN109729044B (en) | Universal internet data acquisition reverse-crawling system and method | |
| CN107046518A (en) | The detection method and device of network attack | |
| CN105577670B (en) | A kind of warning system hitting library attack | |
| KR102160950B1 (en) | Data Distribution System and Its Method for Security Vulnerability Inspection | |
| CN105306414A (en) | Port vulnerability detection method, device and system | |
| CN113542227A (en) | Account security protection method and device, electronic device and storage medium | |
| CN108566363A (en) | Method and system is determined based on the Brute Force of streaming computing | |
| CN111740868A (en) | Alarm data processing method and device and storage medium | |
| CN109600395A (en) | A kind of device and implementation method of terminal network access control system | |
| CN112398786B (en) | Method and device for identifying penetration attack, system, storage medium and electronic device | |
| CN107124390A (en) | Prevention-Security, implementation method, the apparatus and system of computing device | |
| CN108055273A (en) | A kind of intranet server finds method, system and Network Security Audit System | |
| CN112165466B (en) | Method and device for false alarm identification, electronic device and storage medium | |
| CN114329449A (en) | System security detection method and device, storage medium and electronic device | |
| CN107454043A (en) | The monitoring method and device of a kind of network attack | |
| CN106657139A (en) | Login password processing method, apparatus and system | |
| CN111949980A (en) | Target client monitoring method and device, storage medium and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |