CN107257302A - It is a kind of to strengthen the method and system of snmp protocol safety - Google Patents
It is a kind of to strengthen the method and system of snmp protocol safety Download PDFInfo
- Publication number
- CN107257302A CN107257302A CN201710710752.0A CN201710710752A CN107257302A CN 107257302 A CN107257302 A CN 107257302A CN 201710710752 A CN201710710752 A CN 201710710752A CN 107257302 A CN107257302 A CN 107257302A
- Authority
- CN
- China
- Prior art keywords
- snmp
- clients
- password
- checking
- servers
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000000875 corresponding Effects 0.000 claims abstract description 31
- 238000004891 communication Methods 0.000 claims abstract description 23
- 230000002708 enhancing Effects 0.000 claims description 15
- 238000000034 method Methods 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000006011 modification reaction Methods 0.000 description 2
- 230000000712 assembly Effects 0.000 description 1
- 230000000977 initiatory Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
- H04L63/083—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords using one-time-passwords
Abstract
Strengthen the method and system of snmp protocol safety the invention discloses a kind of, method comprises the following steps:S1, obtains the logging request that SNMP clients are sent;The corresponding communication modes of the user name of SNMP clients described in S2, SNMP whois lookup;S3, generates dynamic password and is sent to the corresponding checking equipment of the SNMP clients, and notify the SNMP clients to carry out password authentication;S4, obtains the checking password that SNMP clients are sent;S5, SNMP server are verified to the checking password of SNMP clients;S6, allows SNMP clients to conduct interviews and returned to SNMP clients and logs in success, otherwise return and log in failure by SNMP servers after password authentication.The present invention increases dynamic password authentication mode when SNMP is logged in, and adds the security of snmp protocol, and effective protection is provided for the security of authentication operation system.
Description
Technical field
The present invention relates to communication technical field, more particularly to a kind of method and system of enhancing snmp protocol safety.
Background technology
With the development of information technology, the continuous improvement of the level of informatization, information security is increasingly received significant attention, special
It is not the safety of server.Server is a kind of mode generally used during management, by remote management.
During SNMP (Simple Network Management Protocol, Simple Network Management Protocol) agreement is network
Standard application layer agreement for managing the network equipment.SNMP clients send use to by snmp protocol to corresponding server
Name in an account book and password are logged in, in SNMP landfall processes, and SNMP clients only carry out log on request by username and password,
Server judges whether username and password is correct, if it is, allowing the client to pass through the server by utilizing snmp protocol
Communicated.But, can also be based on snmp protocol and service after illegitimate client obtains the username and password of keeper
Device is communicated, now, it is impossible to ensure the safety of snmp protocol.
In summary, the existing SNMP landing approaches for only verifying username and password, have potential safety hazard.
The content of the invention
For the deficiency of above-mentioned technology, the embodiments of the invention provide a kind of method for strengthening snmp protocol safety and it is
System, it can strengthen the security of existing SNMP communication modes.
The embodiment of the present invention solves its technical problem and adopted the technical scheme that:
On the one hand the method for snmp protocol safety is strengthened there is provided a kind of, it comprises the following steps:
S1, obtains the logging request that SNMP clients are sent, and the logging request includes the use of the SNMP clients
Name in an account book and password;
The corresponding communication modes of the user name of SNMP clients described in S2, SNMP whois lookup;
S3, generates dynamic password and is sent to the corresponding checking equipment of the SNMP clients, and notifies the SNMP visitors
Family end carries out password authentication;
S4, obtains the checking password that SNMP clients are sent;
S5, SNMP server are verified to the checking password of SNMP clients;
S6, allows SNMP clients to conduct interviews and returned to SNMP clients and steps on by SNMP servers after password authentication
Lu Chenggong, otherwise returns and logs in failure.
As a kind of possible implementation of the present embodiment, the corresponding communication modes of the user name include user name correspondence
Phone number, instant messaging ID or E-mail address.
As a kind of possible implementation of the present embodiment, the checking equipment includes mobile phone or tablet personal computer.
It is used as a kind of possible implementation of the present embodiment, during password authentication is carried out to SNMP clients, checking
Whether the dynamic password in the checking password is effective.
As a kind of possible implementation of the present embodiment, in password authentication process, from generation dynamic password to SNMP
The time that the checking password of client is verified is no more than threshold time.In the present embodiment, threshold time may be configured as 5
Minute.
As a kind of possible implementation of the present embodiment, the user names of the SNMP clients, password and its corresponding
Communication modes are pre-reserved in the database of SNMP servers.
As a kind of possible implementation of the present embodiment, described SNMP servers respectively with SMS platform, electronics postal
Case server is connected with instant communication server.
On the other hand the system of snmp protocol safety is strengthened there is provided a kind of, it includes SNMP clients, SNMP servers
With checking equipment,
The SNMP clients, for sending logging request to SNMP servers, the logging request includes described
The username and password of SNMP clients;
The SNMP servers, for obtaining the logging request of SNMP clients transmission, and prestore the SNMP visitors
User name, password and its corresponding communication modes at family end:
The SNMP servers, are additionally operable to generate dynamic password and be sent to the corresponding checking of the SNMP clients to set
It is standby, and notify the SNMP clients to carry out password authentication;
The SNMP clients, are additionally operable to send checking password to SNMP servers;
The SNMP servers, are additionally operable to verify the checking password of SNMP clients;
The SNMP servers, are additionally operable to allow SNMP clients to conduct interviews and objective to SNMP after by password authentication
Family end returns and logs in success, otherwise returns and logs in failure.
As a kind of possible implementation of the present embodiment, the SNMP servers are taken by SMS platform, E-mail address
Business device or instant communication server are sent to the corresponding checking equipment of the SNMP clients by dynamic password is generated.
As a kind of possible implementation of the present embodiment, the checking equipment includes mobile phone or tablet personal computer.
Technical scheme provided in an embodiment of the present invention has the advantages that:
Embodiments of the invention technical scheme is first according to obtaining the logging request lookup that SNMP clients are sent
The corresponding communication modes of user name of SNMP clients, then generate dynamic password and are sent to that the SNMP clients are corresponding to be tested
Equipment is demonstrate,proved, and notifies the SNMP clients to carry out password authentication;Finally the checking password of SNMP clients is verified again,
Allow SNMP clients to conduct interviews and returned to SNMP clients by SNMP servers after password authentication and log in success, otherwise
Return logs in failure, increases this multiple-factor authentication mode of dynamic password when SNMP is logged in, adds the safety of snmp protocol
Property, effective protection is provided for the security of authentication operation system, and there is provided exclusive function.
By above-mentioned technical proposal provided in an embodiment of the present invention, authentication information send to SNMP access server it
Before, authentication information is authenticated by keeper, only keeper confirms that the corresponding client of authentication information is legitimate client
Afterwards, just primarily determine that permission client accesses server by SNMP and realizes the respective operations based on snmp protocol, and then will
Authentication information sends to SNMP and accesses server, determines that client whether can according to authentication information so that SNMP accesses server
Server is accessed by SNMP respective operations are realized based on snmp protocol, the safe of snmp protocol is ensured so as to considerably increase
Validity, improves the security of User logs in.
Brief description of the drawings
With reference to Figure of description, the present invention will be described.
Fig. 1 is a kind of flow chart of the method for enhancing snmp protocol safety according to an exemplary embodiment;
Fig. 2 is a kind of block diagram of the method system of enhancing snmp protocol safety according to an exemplary embodiment.
Embodiment
For the technical characterstic for illustrating this programme can be understood, below by embodiment, and its accompanying drawing is combined, to this hair
It is bright to be described in detail.Following disclosure provides many different embodiments or example is used for realizing the different knots of the present invention
Structure.In order to simplify disclosure of the invention, hereinafter the part and setting of specific examples are described.In addition, the present invention can be with
Repeat reference numerals and/or letter in different examples.This repetition is that for purposes of simplicity and clarity, itself is not indicated
Relation between various embodiments are discussed and/or set.It should be noted that part illustrated in the accompanying drawings is not necessarily to scale
Draw.Present invention omits the description to known assemblies and treatment technology and process to avoid being unnecessarily limiting the present invention.
Fig. 1 is a kind of flow chart of the method for enhancing snmp protocol safety according to an exemplary embodiment.Such as Fig. 1
Shown, the method for the enhancing snmp protocol safety in the present embodiment may comprise steps of:
S1, obtains the logging request that SNMP clients are sent, and the logging request includes the use of the SNMP clients
Name in an account book and password.
The corresponding communication modes of the user name of SNMP clients described in S2, SNMP whois lookup;The SNMP clients
User name, password and its corresponding communication modes be pre-reserved in the database of SNMP servers, user name correspondence
Communication modes can include the corresponding phone number of user name, instant messaging ID or E-mail address.
S3, generates dynamic password and is sent to institute by SMS platform, electronic mail server or instant communication server
The corresponding checking equipment of SNMP clients is stated, and notifies the SNMP clients to carry out password authentication;The checking equipment includes
Mobile phone or tablet personal computer.
S4, obtains the checking password that SNMP clients are sent.
S5, SNMP server are verified to the checking password of SNMP clients;In password authentication process, from generation dynamic
The time no more than threshold time (may be configured as 5 minutes) that password is verified to the checking password to SNMP clients, is tested
Whether effectively i.e. whether checking dynamic password exceedes threshold time and the dynamic mouth of checking to dynamic password in the card checking password
Whether the character string of order is corresponding with the user name of the SNMP clients;Failed after verifying dynamic password, must not be used for carrying out again
Secondary checking.
S6, allows SNMP clients to conduct interviews and returned to SNMP clients and steps on by SNMP servers after password authentication
Lu Chenggong, otherwise returns and logs in failure.
Instant messaging ID in the present embodiment may include WeChat ID, QQ number, Fetion number, No. ICQ etc. instant messaging service
Number.
The technical scheme of the present embodiment searches the SNMP visitors according to the logging request for obtaining the transmission of SNMP clients first
The corresponding communication modes of user name at family end, then generate dynamic password be sent to the SNMP clients it is corresponding checking set
It is standby, and notify the SNMP clients to carry out password authentication;Finally the checking password of SNMP clients is verified again, passed through
SNMP servers allow SNMP clients to conduct interviews and log in success to the return of SNMP clients after password authentication, otherwise return
Failure is logged in, increases this multiple-factor authentication mode of dynamic password when SNMP is logged in, adds the security of snmp protocol, be
The security of authentication operation system provides effective protection, and there is provided exclusive function.
Fig. 2 is a kind of block diagram of the method system of enhancing snmp protocol safety according to an exemplary embodiment.Such as
Shown in Fig. 2, the system of the enhancing snmp protocol safety in the present embodiment can include SNMP clients, SNMP servers and checking
Equipment,
The SNMP clients, for sending logging request to SNMP servers, the logging request includes described
The username and password of SNMP clients;
The SNMP servers, for obtaining the logging request of SNMP clients transmission, and prestore the SNMP visitors
User name, password and its corresponding communication modes at family end:
The SNMP servers, are additionally operable to generate dynamic password and be sent to the corresponding checking of the SNMP clients to set
It is standby, and notify the SNMP clients to carry out password authentication;
The SNMP clients, are additionally operable to send checking password to SNMP servers;
The SNMP servers, are additionally operable to verify the checking password of SNMP clients;
The SNMP servers, are additionally operable to allow SNMP clients to conduct interviews and objective to SNMP after by password authentication
Family end returns and logs in success, otherwise returns and logs in failure.
In a kind of possible implementation, the SNMP servers pass through SMS platform, electronic mail server or instant
Communication server is sent to the corresponding checking equipment of the SNMP clients by dynamic password is generated.
In a kind of possible implementation, the checking equipment includes mobile phone or tablet personal computer.
Embodiments of the invention technical scheme is initiating logging request during operating system is signed in, and carries out first
Intercept, by that could continue to access operating system after password authentication.
By above-mentioned technical proposal provided in an embodiment of the present invention, authentication information send to SNMP access server it
Before, authentication information is authenticated by keeper, only keeper confirms that the corresponding client of authentication information is legitimate client
Afterwards, just primarily determine that permission client accesses server by SNMP and realizes the respective operations based on snmp protocol, and then will
Authentication information sends to SNMP and accesses server, determines that client whether can according to authentication information so that SNMP accesses server
Server is accessed by SNMP respective operations are realized based on snmp protocol, the safe of snmp protocol is ensured so as to considerably increase
Validity, improves the security of User logs in.
Simply the preferred embodiment of the present invention described above, for those skilled in the art,
Without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications are also regarded as this hair
Bright protection domain.
Claims (10)
1. a kind of strengthen the method for snmp protocol safety, it is characterized in that, comprise the following steps:
S1, obtains the logging request that SNMP clients are sent, and the logging request includes the user name of the SNMP clients
And password;
The corresponding communication modes of the user name of SNMP clients described in S2, SNMP whois lookup;
S3, generates dynamic password and is sent to the corresponding checking equipment of the SNMP clients, and notify the SNMP clients
Carry out password authentication;
S4, obtains the checking password that SNMP clients are sent;
S5, SNMP server are verified to the checking password of SNMP clients;
S6, allows SNMP clients to conduct interviews and returned to SNMP clients and logs in into by SNMP servers after password authentication
Work(, otherwise returns and logs in failure.
2. a kind of method of enhancing snmp protocol safety according to claim 1, it is characterized in that, the user name is corresponding
Communication modes include the corresponding phone number of user name, instant messaging ID or E-mail address.
3. a kind of method of enhancing snmp protocol safety according to claim 1, it is characterized in that, the checking equipment includes
Mobile phone or tablet personal computer.
4. a kind of method of enhancing snmp protocol safety according to claim 1, it is characterized in that, enter to SNMP clients
During row password authentication, verify whether the dynamic password in the checking password is effective.
5. a kind of method of enhancing snmp protocol safety according to claim 1-4 any one, it is characterized in that, in password
Verification process, from generation time for being verified to the checking password to SNMP clients of dynamic password no more than threshold value when
Between.
6. a kind of method of enhancing snmp protocol safety according to claim 1-4 any one, it is characterized in that, it is described
User name, password and its corresponding communication modes of SNMP clients are pre-reserved in the database of SNMP servers.
7. a kind of method of enhancing snmp protocol safety according to claim 1-4 any one, it is characterized in that, it is described
SNMP servers are connected with SMS platform, electronic mail server and instant communication server respectively.
8. a kind of strengthen the system of snmp protocol safety, it is characterized in that, including SNMP clients, SNMP servers and checking set
It is standby,
The SNMP clients, for sending logging request to SNMP servers, the logging request includes the SNMP visitors
The username and password at family end;
The SNMP servers, for obtaining the logging request of SNMP clients transmission, and prestore the SNMP clients
User name, password and its corresponding communication modes:
The SNMP servers, are additionally operable to generation dynamic password and are sent to the corresponding checking equipment of the SNMP clients, and
The SNMP clients are notified to carry out password authentication;
The SNMP clients, are additionally operable to send checking password to SNMP servers;
The SNMP servers, are additionally operable to verify the checking password of SNMP clients;
The SNMP servers, are additionally operable to allow SNMP clients to conduct interviews and to SNMP clients after by password authentication
Return logs in success, otherwise returns and logs in failure.
9. a kind of system of enhancing snmp protocol safety according to claim 8, it is characterized in that, the SNMP servers lead to
Cross SMS platform, electronic mail server or instant communication server and be sent to the SNMP clients pair by dynamic password is generated
The checking equipment answered.
10. a kind of system of enhancing snmp protocol safety according to claim 8, it is characterized in that, the checking equipment bag
Include mobile phone or tablet personal computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710710752.0A CN107257302A (en) | 2017-08-18 | 2017-08-18 | It is a kind of to strengthen the method and system of snmp protocol safety |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710710752.0A CN107257302A (en) | 2017-08-18 | 2017-08-18 | It is a kind of to strengthen the method and system of snmp protocol safety |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107257302A true CN107257302A (en) | 2017-10-17 |
Family
ID=60026986
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710710752.0A Pending CN107257302A (en) | 2017-08-18 | 2017-08-18 | It is a kind of to strengthen the method and system of snmp protocol safety |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107257302A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1384642A (en) * | 2001-04-29 | 2002-12-11 | 华为技术有限公司 | Method of adding subscriber's security confirmation to simple network management protocol |
| CN101719259A (en) * | 2009-12-08 | 2010-06-02 | 交通银行股份有限公司 | Maintenance management method, device and system for bank network devices |
| US8612582B2 (en) * | 2008-12-19 | 2013-12-17 | Openpeak Inc. | Managed services portals and method of operation of same |
| US8661242B1 (en) * | 2010-12-22 | 2014-02-25 | Lockheed Martin Corporation | Autonomous password update in SNMPv3 computer network |
| CN106790166A (en) * | 2016-12-29 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of method of safety certification, apparatus and system |
| CN106790267A (en) * | 2017-02-13 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of method and apparatus of access server operating system |
-
2017
- 2017-08-18 CN CN201710710752.0A patent/CN107257302A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1384642A (en) * | 2001-04-29 | 2002-12-11 | 华为技术有限公司 | Method of adding subscriber's security confirmation to simple network management protocol |
| US8612582B2 (en) * | 2008-12-19 | 2013-12-17 | Openpeak Inc. | Managed services portals and method of operation of same |
| CN101719259A (en) * | 2009-12-08 | 2010-06-02 | 交通银行股份有限公司 | Maintenance management method, device and system for bank network devices |
| US8661242B1 (en) * | 2010-12-22 | 2014-02-25 | Lockheed Martin Corporation | Autonomous password update in SNMPv3 computer network |
| CN106790166A (en) * | 2016-12-29 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of method of safety certification, apparatus and system |
| CN106790267A (en) * | 2017-02-13 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of method and apparatus of access server operating system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103179098B (en) | A kind of password method for retrieving of network account and device | |
| CN101931533B (en) | Authentication method, device and system | |
| CN104954330B (en) | A kind of methods, devices and systems to be conducted interviews to data resource | |
| CN104735065B (en) | A kind of data processing method, electronic equipment and server | |
| CN106576041A (en) | Method of mutual verification between a client and a server | |
| CN101534192B (en) | System used for providing cross-domain token and method thereof | |
| CN103853950A (en) | Authentication method based on mobile terminal and mobile terminal | |
| CN107124433A (en) | Internet of things system, internet of things equipment access method, access authorization methods and equipment | |
| CN104410622A (en) | Safety authentication method, client side and system for logging in Web system | |
| CN106341428A (en) | Cross-domain access control method and system | |
| CN102868702B (en) | System login device and system login method | |
| US8732460B2 (en) | System and method for providing a one-time key for identification | |
| CN111698259B (en) | Dynamic authentication login equipment, system and method based on Bluetooth equipment | |
| CN103024706A (en) | Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication | |
| CN103401686B (en) | A kind of user's OTP WEB Authentication System and application process thereof | |
| JP2014090372A (en) | Information processing device, information processing system, information processing method, and computer program | |
| US10044735B2 (en) | System and method for authentication of electronic communications | |
| US20110078784A1 (en) | Vpn system and method of controlling operation of same | |
| CN106302539A (en) | A kind of embedded type WEB safety certifying method | |
| CN103179564A (en) | Network application logging in method based on mobile terminal authentication | |
| CN109726578B (en) | Dynamic two-dimensional code anti-counterfeiting solution | |
| CN106453321A (en) | Authentication server, system and method, and to-be-authenticated terminal | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| KR20160109582A (en) | User authentication system and user authentication method of Cell phone messaging service and CHATCHA bases | |
| CN102387016A (en) | Authentication method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171017 |