CN107346380A - A kind of anti-data-leakage system and method based on RDP - Google Patents
A kind of anti-data-leakage system and method based on RDP Download PDFInfo
- Publication number
- CN107346380A CN107346380A CN201610294344.7A CN201610294344A CN107346380A CN 107346380 A CN107346380 A CN 107346380A CN 201610294344 A CN201610294344 A CN 201610294344A CN 107346380 A CN107346380 A CN 107346380A
- Authority
- CN
- China
- Prior art keywords
- rdp
- data
- protocol
- pipeline
- behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Abstract
The invention discloses a kind of anti-data-leakage system and method based on RDP, the system includes:Safety management module, authentication module, data acquisition module, protocol-analysis model and access control module.The present invention can carry out authentication to the RDP terminals at remote access data center, it is ensured that legal use;It is small to original RDP terminals and data center's change, do not influenceed by RDP remote virtualizations technical implementation way and framework;Data center can be prevented to flow to the unauthorised data of RDP terminals;The anti-data-leakage system records to the certification request of each RDP terminals, even if the situation of malicious access occurs, the certification request by inquiring about the anti-data-leakage system records can be with fast positioning to the RDP terminals for carrying out malicious access.
Description
Technical field
The present invention relates to remote virtualization security technology area, and in particular to one kind is based on
RDP
Anti-data-leakage system and method.
Background technology
Existing remote data center is usually used
PC
Terminal, and use
RDP
Agreement carries out data interaction, and
RDP
Remote protocol can be by sharing the local file copy with data center of the progress such as local disk, peripheral hardware.This agreement exchanging safety is weaker, and easily the agent-protected file of data center or data are just copied in the case of without permission and leaked.Simultaneously as
RDP
Long-range connection configuration is typically can have malicious user by shared local disk directly by user's selection to get the risk of data center's protected data.
The content of the invention
It is an object of the present invention in order to solve the above technical problems, provide it is a kind of can effectively prevent agent-protected file or data without permission in the case of be just copied leak based on
RDP
Anti-data-leakage system and method.
In order to solve the above technical problems, the present invention adopts the following technical scheme that:One kind is based on
RDP
Anti-data-leakage system, including safety management module, authentication module, data acquisition module, protocol-analysis model and access control module, wherein:
Safety management module, for carrying out safety management to the anti-data-leakage system, typing is legal
RDP
Terminal user and for its configuration access data center authorization message;
Authentication module, for described
RDP
The identity of terminal user is differentiated, the authentication information inputted according to user, judges whether user is legal
RDP
Terminal user;
Data acquisition module, the network data of the anti-data-leakage system is flowed through for gathering in real time, obtained
RDP
Terminal to anti-data-leakage system,
RDP
Terminal is to the data between data center;
Protocol-analysis model, for the network data progress to collection
RDP
Protocol analysis, it is non-to abandon the network data
RDP
Protocol data bag, obtain in the network data
RDP
Login, clipbook and data copy behavior;
Access control module, for pair
RDP
Data flow between terminal and data center conducts interviews control, according to the authorization message, described in judgement
RDP
Whether the operation behavior of terminal is legal, the data flow of being let pass if operation behavior is legal, otherwise blocks the data flow.
It is based on as the aforementioned
RDP
Anti-data-leakage system, the authentication information includes user name, password code and digital certificate, and the authorization message includes whether to allow clipbook operation behavior, the behavior of magnetic disc shares file copy and the shared behavior of printing.
The present invention also provides one kind and is based on
RDP
Data leakage prevention method, including:
S1
、
RDP
Terminal access anti-data-leakage system, the authentication information that anti-data-leakage system is inputted by user, judge whether user is legal user;
S2
、
RDP
Terminal is remotely connected by anti-data-leakage system with data center;
S3
, gather on bridge network interface
RDP
Terminal be remotely connected with data center in network data;
S4
, confirmed according to the network data analysis that collects the long-range connection whether be
RDP
Long-range connection, and the network data of collection is carried out
RDP
Protocol analysis, it is non-to abandon the network data
RDP
Protocol data bag, confirm operation behavior corresponding to duct size information in the long-range connection;
S5
, by analyzing operation behavior, confirm
RDP
Terminal is with the presence or absence of data transfer copy behavior;
S6
, it is right
RDP
Data flow between terminal and data center conducts interviews control, is matched according to authentication information with the authorization message being pre-configured with anti-data-leakage system, described in judgement
RDP
Whether the operation behavior of terminal is legal, the data flow of being let pass if operation behavior is legal, otherwise blocks the data flow.
It is based on as the aforementioned
RDP
Data leakage prevention method, it is described be analyzed to identify the long-range connection whether be
RDP
The specific method remotely connected is:First confiring that the destination interface remotely connected is
3389
, and confirm that preceding four bytes are in the first packet after three-way handshake
RDP
Protocol characteristic.
It is based on as the aforementioned
RDP
Data leakage prevention method, described be remotely connected as in described be analyzed to identify
RDP
Also include before long-range connection:Terminal is initiated to data center
RDP
After remote connection request, data acquisition module is established based on current by gathering into network interface packet by entering the five-tuple in network interface packet
RDP
The flow table information remotely connected;The five-tuple includes:Source
IP
, source port, purpose
IP
, destination interface and protocol type.
It is based on as the aforementioned
RDP
Data leakage prevention method, the operation behavior includes:Magnetic disc shares, file copy and printing are shared.
It is based on as the aforementioned
RDP
Data leakage prevention method, the duct size information includes:Pipeline
A
Protocol package, pipeline
B
Protocol package and pipeline
C
Protocol package.
It is based on as the aforementioned
RDP
Data leakage prevention method, step
S4
It is middle to confirm that the method for operation behavior corresponding to duct size information is specially in the long-range connection:
Pipeline
A
When protocol package occurs, pipeline
C
Protocol package also occurred, then
RDP
User's login interface has been arrived in long-range connection, same constantly to initialize pipeline
C
Statistical information;
Occur by
RDP
The pipeline that terminal is initiated
B
During protocol package, then currently
RDP
Terminal carries out clipbook operation behavior;
Pipeline
C
After operating characteristics occurs in protocol package, then currently
RDP
Terminal interacts behavior.
It is based on as the aforementioned
RDP
Data leakage prevention method, the step
S5
Specifically include following steps:
S5a
, according to pipeline
A
Protocol package cumulative information statistics is drawn
RDP
Telnet behavior;
S5b
, after login according to terminal initiate pipeline
B
Protocol package cumulative information statistics draws clipbook behavior;
S5c
, after login according to pipeline
C
Protocol package cumulative information statistics draws magnetic disc shares or the shared behavior of printing;
S5d
, after magnetic disc shares or printing shared behavior are met, according to pipeline
C
Signature analysis draws data copy behavior in protocol package.
Compared with prior art, the present invention is by setting safety management module, authentication module, data acquisition module, protocol-analysis model and access control module, so as to remote access data center
RDP
Terminal carries out authentication, it is ensured that legal use;To original
RDP
Terminal and data center change it is small, not by
RDP
Remote virtualization technical implementation way and framework influence;Data center can be prevented to arrive
RDP
The unauthorised data flowing of terminal;The anti-data-leakage system is to each
RDP
The certification request of terminal is recorded, even if the situation of malicious access occurs, the certification request by inquiring about the anti-data-leakage system records can be with fast positioning to progress malicious access
RDP
Terminal.
Brief description of the drawings
Figure
1
For present system structural representation;
Figure
2
For the inventive method schematic flow sheet;
Figure
3
For in the present invention
RDP
The flow chart that terminal is remotely connected by anti-data-leakage system with data center;
Figure
4
The packet flow chart for being anti-data-leakage system in the present invention during acquisition terminal is remotely connected with data center on bridge network interface;
Figure
5
For anti-data-leakage system in the present invention according to the data packet analysis that collects confirm long-range connection whether be
RDP
Long-range connection flow chart.
The present invention is further illustrated with reference to the accompanying drawings and detailed description.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is explicitly described, it is clear that, described embodiment is part of the embodiment of the present invention, rather than whole embodiments.
The embodiment of the present invention
1
, such as scheme
1
Shown, present embodiment discloses one kind to be based on
RDP
Anti-data-leakage system
120
, including:
Including safety management module
121
, authentication module
122
, data acquisition module
123
, protocol-analysis model
124
And access control module
125
, wherein:
Safety management module
121
, for the anti-data-leakage system
120
Safety management is carried out, typing is legal
RDP
Terminal user and be its configuration access data center
130
Authorization message;
Authentication module
122
, for described
RDP
The identity of terminal user is differentiated, the authentication information inputted according to user, judges whether user is legal
RDP
Terminal user;
Data acquisition module
123
, the anti-data-leakage system is flowed through for gathering in real time
120
Network data, obtain
RDP
Terminal
110
To anti-data-leakage system
120
、
RDP
Terminal
110
To data center
130
Between data;
Protocol-analysis model
124
, for the network data progress to collection
RDP
Protocol analysis, it is non-to abandon the network data
RDP
Protocol data bag, obtain in the network data
RDP
Login, clipbook and data copy behavior;
Access control module
125
, for pair
RDP
Terminal
110
With data center
130
Between data flow conduct interviews control, according to the authorization message, described in judgement
RDP
Terminal
110
Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
It is based on as the aforementioned
RDP
Anti-data-leakage system
120
, the authentication information includes user name, password code and digital certificate, and the authorization message includes whether to allow clipbook operation behavior, the behavior of magnetic disc shares file copy and the shared behavior of printing.
The embodiment of the present invention
2
, one kind is also provided present embodiment discloses the present invention and is based on
RDP
Data leakage prevention method, including:
S1
, terminal access anti-data-leakage system
120
, anti-data-leakage system
120
The authentication information inputted by user, judges whether user is legal user;
S2
, terminal pass through anti-data-leakage system
120
With data center
130
Remotely connected;Such as figure
3
It is shown, it is this step
S2
A preferred embodiment
:
Step
201
, keeper
140
The anti-data-leakage system is logged in by browser
WEB
Administration page.
Step
202
, keeper
140
In step
201
Added in middle management system
RDP
Terminal
110
Certification account, including username and password.
Step
203
, keeper
140
According to
RDP
Terminal
110
Access data center
130
Authority, configure above-mentioned steps
202
The operating right of the account of middle addition.
, gather on bridge network interface
RDP
Terminal
110
With data center
130
Network data in long-range connection;Such as figure
4
It is shown, it is this step
S3
A preferred embodiment
:
Step
301
,
RDP
Terminal
110
By the certification page of anti-data-leakage system described in browser access, username and password is inputted in certification page and clicks on login, now browser can pass through the username and password of user data
HTTPS
Agreement is sent to the authentication module in the anti-data-leakage system
122
;
Step
302
, authentication module
122
Receive
RDP
Terminal
11
After the certification request sent, the username and password information in request is extracted, is then matched with the account information of storage, obtains authentication result;
Step
303
, authentication module
122
Authentication result is passed through
HTTPS
Agreement returns to
RDP
Terminal
110
;
S4
, confirmed according to the network data analysis that collects the long-range connection whether be
RDP
Long-range connection, and the network data of collection is carried out
RDP
Protocol analysis, it is non-to abandon the network data
RDP
Protocol data bag, confirm operation behavior corresponding to the duct size information in the long-range connection;
Such as figure
5
It is shown, it is this step
S4
A kind of preferred embodiment:
Step
401
,
RDP
Terminal
110
, can be to data center after certification success
130
Initiate
RDP
Remote connection request, the anti-data-leakage system pass through the five-tuple in packet by gathering into network interface packet(Source
IP
, source port, purpose
IP
, destination interface, protocol type)Establish based on current
RDP
The flow table information remotely connected;And the destination interface in analyze data bag whether be
3389
, and preceding four byte datas in the first packet whether be
RDP
Consensus standard feature.
Step
402
,
RDP
Terminal
110
With data center
130
Establish
RDP
After long-range connection, the anti-data-leakage system is based on above-mentioned steps
401
In flow table information, analysis record
RDP
Duct size information in long-range connection, works as pipeline
A
When protocol package occurs, pipeline
C
Protocol package also occurred, then illustrated
RDP
User's login interface has been arrived in long-range connection, now initializes pipeline
C
Statistical information;
Step
403
,
RDP
Terminal
110
Logon data center
130
Afterwards, the anti-data-leakage system
120
Pass through statistical analysis is all
RDP
The packet remotely connected.When occur by
RDP
Terminal
110
The pipeline of initiation
B
During protocol package, then show current
RDP
Terminal
110
Carry out clipbook operation behavior;By to pipeline
C
Protocol package is counted, and works as pipeline
C
After operating characteristics occurs in protocol package, it can confirm that current
RDP
Terminal
110
Carry out magnetic disc shares, file copy or print the operation behavior such as shared;The anti-data-leakage system
120
According to step
401
Described in the operation behavior that currently connects of flow table information record;
Step
404
, the anti-data-leakage system
120
Foundation
RDP
Terminal
110
In above-mentioned figure
4
The authority information of the authentication of middle progress, confirm current
RDP
Terminal
110
's
RDP
Whether long-range connection has above-mentioned steps
403
In operation behavior, related protocol bag is abandoned if without corresponding operating authority, it is ensured that data center
130
Leaking data;The normal retransmission protocol bag if having its respective operations authority.
, by analyzing operation behavior, confirm
RDP
Terminal
110
Behavior is copied with the presence or absence of data transfer;Specifically include following steps:
S5a
, according to pipeline
A
Protocol package cumulative information statistics is drawn
RDP
Telnet behavior;
S5b
, after login according to
RDP
Terminal
110
The pipeline of initiation
B
Protocol package cumulative information statistics draws clipbook behavior;
S5c
, after login according to pipeline
C
Protocol package cumulative information statistics draws magnetic disc shares or the shared behavior of printing;
S5d
, after magnetic disc shares or printing shared behavior are met, according to pipeline
C
Signature analysis draws data copy behavior in protocol package.
, it is right
RDP
Terminal
110
With data center
130
Between data flow conduct interviews control, according to authentication information and anti-data-leakage system
120
In the authorization message that is pre-configured with matched, described in judgement
RDP
Terminal
110
Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
The embodiment of the present invention
3
, such as scheme
2
It is shown, one kind is also provided present embodiment discloses the present invention and is based on
RDP
Data leakage prevention method, including:
S1
、
RDP
Terminal
110
Access anti-data-leakage system
120
, anti-data-leakage system
120
The authentication information inputted by user, judges whether user is legal user;
S2
、
RDP
Terminal
110
Pass through anti-data-leakage system
120
With data center
130
Remotely connected;
S3
, gather on bridge network interface
RDP
Terminal
110
With data center
130
Network data in long-range connection;
S4
, confirmed according to the network data analysis that collects the long-range connection whether be
RDP
Long-range connection, it is described be analyzed to identify the long-range connection whether be
RDP
Remotely connection specific method is:First confiring that the destination interface remotely connected is
3389
, and confirm that preceding four bytes are in the first packet after three-way handshake
RDP
Protocol characteristic;And the network data of collection is carried out
RDP
Protocol analysis, it is non-to abandon the network data
RDP
Protocol data bag, confirm operation behavior corresponding to the duct size information in the long-range connection;
S5
, by analyzing operation behavior, confirm
RDP
Terminal
110
Behavior is copied with the presence or absence of data transfer;
S6
, it is right
RDP
Terminal
110
With data center
130
Between data flow conduct interviews control, according to authentication information and anti-data-leakage system
120
In the authorization message that is pre-configured with matched, described in judgement
RDP
Terminal
110
Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
The embodiment of the present invention
4
, such as scheme
2
It is shown, one kind is also provided present embodiment discloses the present invention and is based on
RDP
Data leakage prevention method, including:
S1
、
RDP
Terminal
110
Access anti-data-leakage system
120
, anti-data-leakage system
120
The authentication information inputted by user, judges whether user is legal user;
S2
、
RDP
Terminal
110
Pass through anti-data-leakage system
120
With data center
130
Remotely connected;
S3
, gather on bridge network interface
RDP
Terminal
110
With data center
130
Network data in long-range connection;
S4
, confirmed according to the network data analysis that collects the long-range connection whether be
RDP
Long-range connection, and the network data of collection is carried out
RDP
Protocol analysis, it is non-to abandon the network data
RDP
Protocol data bag, confirm operation behavior corresponding to the duct size information in the long-range connection;The duct size information includes:Pipeline
A
Protocol package, pipeline
B
Protocol package and pipeline
C
Protocol package;Otherwise step is carried out
S4c;
It is described
RDP
The analytic method of agreement is:
S4a
If, confirm that the long-range connection is
RDP
Connection is then obtained by protocol analysis
RDP
Duct size information in agreement,
S4b
, record the packet cumulative information of each pipeline, and count interbehavior;The interbehavior includes:Magnetic disc shares, file copy and printing are shared.
, packet discard, block
RDP
Terminal
110
Access data center
130
;
S5
, by analyzing operation behavior, confirm
RDP
Terminal
110
Behavior is copied with the presence or absence of data transfer;
S6
, it is right
RDP
Terminal
110
With data center
130
Between data flow conduct interviews control, according to authentication information and anti-data-leakage system
120
In the authorization message that is pre-configured with matched, described in judgement
RDP
Terminal
110
Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
The embodiment of the present invention
6
, such as scheme
2
It is shown, one kind is also provided present embodiment discloses the present invention and is based on
RDP
Data leakage prevention method, including:
S1
、
RDP
Terminal
110
Access anti-data-leakage system
120
, anti-data-leakage system
120
The authentication information inputted by user, judges whether user is legal user;
S2
、
RDP
Terminal
110
Pass through anti-data-leakage system
120
With data center
130
Remotely connected;
S3
, gather on bridge network interface
RDP
Terminal
110
With data center
130
Network data in long-range connection;
S4
、
RDP
Terminal
110
To data center
130
Initiate
RDP
After remote connection request, the anti-data-leakage system
120
By gathering into network interface packet, established by entering the five-tuple in network interface packet based on current
RDP
The flow table information remotely connected;The five-tuple includes:Source
IP
, source port, purpose
IP
, destination interface and protocol type;
According to the network data analysis that collects confirm the long-range connection whether be
RDP
Long-range connection, and the network data of collection is carried out
RDP
Protocol analysis, it is non-to abandon the network data
RDP
Protocol data bag, confirm operation behavior corresponding to the duct size information in the long-range connection;
S5
, by analyzing operation behavior, confirm
RDP
Terminal
110
Behavior is copied with the presence or absence of data transfer;
S6
, it is right
RDP
Terminal
110
With data center
130
Between data flow conduct interviews control, according to authentication information and anti-data-leakage system
120
In the authorization message that is pre-configured with matched, described in judgement
RDP
Terminal
110
Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
The embodiment of the present invention
7
, such as scheme
2
It is shown, one kind is also provided present embodiment discloses the present invention and is based on
RDP
Data leakage prevention method, including:
S1
、
RDP
Terminal
110
Access anti-data-leakage system
120
, anti-data-leakage system
120
The authentication information inputted by user, judges whether user is legal user;
S2
、
RDP
Terminal
110
Pass through anti-data-leakage system
120
With data center
130
Remotely connected;
S3
, gather on bridge network interface
RDP
Terminal
110
With data center
130
Network data in long-range connection;
S4
, confirmed according to the network data analysis that collects the long-range connection whether be
RDP
Long-range connection, and the network data of collection is carried out
RDP
Protocol analysis, it is non-to abandon the network data
RDP
Protocol data bag, confirm operation behavior corresponding to the duct size information in the long-range connection;The duct size information includes:Pipeline
A
Protocol package, pipeline
B
Protocol package and pipeline
C
Protocol package;
The method of operation behavior is specially corresponding to duct size information in the long-range connection of confirmation:
Pipeline
A
When protocol package occurs, pipeline
C
Protocol package also occurred, then
RDP
User's login interface has been arrived in long-range connection, same constantly to initialize pipeline
C
Statistical information;
Occur by
RDP
Terminal
110
The pipeline of initiation
B
During protocol package, then currently
RDP
Terminal
110
Carry out clipbook operation behavior;
Pipeline
C
After operating characteristics occurs in protocol package, then currently
RDP
Terminal
110
Interact behavior.
, by analyzing operation behavior, confirm
RDP
Terminal
110
Behavior is copied with the presence or absence of data transfer;
S6
, it is right
RDP
Terminal
110
With data center
130
Between data flow conduct interviews control, according to authentication information and anti-data-leakage system
120
In the authorization message that is pre-configured with matched, described in judgement
RDP
Terminal
110
Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
The embodiment of the present invention
8
, such as scheme
2
It is shown, one kind is also provided present embodiment discloses the present invention and is based on
RDP
Data leakage prevention method, including:
S1
、
RDP
Terminal
110
Access anti-data-leakage system
120
, anti-data-leakage system
120
The authentication information inputted by user, judges whether user is legal user;
S2
、
RDP
Terminal
110
Pass through anti-data-leakage system
120
With data center
130
Remotely connected;
S3
, gather on bridge network interface
RDP
Terminal
110
With data center
130
Network data in long-range connection;
S4
, confirmed according to the network data analysis that collects the long-range connection whether be
RDP
Long-range connection, and the network data of collection is carried out
RDP
Protocol analysis, it is non-to abandon the network data
RDP
Protocol data bag, confirm operation behavior corresponding to the duct size information in the long-range connection;The duct size information includes:Pipeline
A
Protocol package, pipeline
B
Protocol package and pipeline
C
Protocol package;The confirmation method of the interaction protocol is:
S5
, by analyzing operation behavior, confirm
RDP
Terminal
110
Behavior is copied with the presence or absence of data transfer;Specifically include following steps:
S5a
, according to pipeline
A
Protocol package cumulative information statistics is drawn
RDP
Terminal
110
Telnet behavior;
S5b
, after login according to terminal initiate pipeline
B
Protocol package cumulative information statistics draws clipbook behavior;
S5c
, after login according to pipeline
C
Protocol package cumulative information statistics draws magnetic disc shares or the shared behavior of printing;
S5d
, after magnetic disc shares or printing shared behavior are met, according to pipeline
C
Signature analysis draws data copy behavior in protocol package.
, it is right
RDP
Terminal
110
With data center
130
Between data flow conduct interviews control, according to authentication information and anti-data-leakage system
120
In the authorization message that is pre-configured with matched, described in judgement
RDP
Terminal
110
Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
It is described above; embodiment only of the invention, but protection scope of the present invention is not limited thereto, any one skilled in the art the invention discloses technical scope in; the change or replacement that can be readily occurred in, it should all be included within the scope of the present invention.Therefore, protection scope of the present invention described should be defined by scope of the claims.
Claims (9)
1. a kind of anti-data-leakage system based on RDP, including safety management module, authentication module, data acquisition module, protocol-analysis model and access control module, it is characterised in that:
Safety management module, for the anti-data-leakage system carry out safety management, the legal RDP terminal users of typing and for its configuration access data center authorization message;
Authentication module, for differentiating to the identity of the RDP terminal users, according to the authentication information of user's input, judge whether user is legal RDP terminal users;
Data acquisition module, the network data of the anti-data-leakage system is flowed through for gathering in real time, obtain RDP terminals to anti-data-leakage system, RDP terminals to the data between data center;
Protocol-analysis model, for carrying out RDP protocol analysis to the network data of collection, the non-RDP protocol datas bag of the network data is abandoned, obtains RDP logins, clipbook and the data copy behavior in the network data;
Access control module, for the control that conducted interviews to the data flow between RDP terminals and data center, according to the authorization message, judge whether the operation behavior of the RDP terminals is legal, let pass if operation behavior is legal the data flow, otherwise block the data flow.
2. the anti-data-leakage system based on RDP as claimed in claim 1, it is characterized in that, the authentication information includes user name, password code and digital certificate, and the authorization message includes whether to allow clipbook operation behavior, the behavior of magnetic disc shares file copy and the shared behavior of printing.
A kind of 3. data leakage prevention method based on RDP, it is characterised in that including:
S1, RDP terminal access anti-data-leakage system, the authentication information that anti-data-leakage system is inputted by user, judge whether user is legal user;
S2, RDP terminal are remotely connected by anti-data-leakage system with data center;
S3, on bridge network interface gather RDP terminals be remotely connected with data center in network data;
The network data analysis that S4, basis collect confirms whether the long-range connection is that RDP is remotely connected, and RDP protocol analysis is carried out to the network data of collection, the non-RDP protocol datas bag of the network data is abandoned, confirms operation behavior corresponding to duct size information in the long-range connection;
S5, by analyzing operation behavior, confirm RDP terminals with the presence or absence of data transfer copy behavior;
S6, conduct interviews control to the data flow between RDP terminals and data center, matched according to authentication information with the authorization message being pre-configured with anti-data-leakage system, judge whether the operation behavior of the RDP terminals is legal, let pass if operation behavior is legal the data flow, otherwise block the data flow.
4. the data leakage prevention method based on RDP as claimed in claim 3, it is characterised in that described to be analyzed to identify whether the long-range connection is that the specific method that RDP is remotely connected is:First confirm that the destination interface remotely connected is 3389, and confirm that preceding four bytes are RDP protocol characteristics in the first packet after three-way handshake.
5. the data leakage prevention method based on RDP as claimed in claim 3, it is characterised in that described long-range be connected as RDP in described be analyzed to identify and remotely also include before connection:After terminal initiates RDP remote connection requests to Visualized data centre, data acquisition module establishes the flow table information remotely connected based on current RDP by gathering into network interface packet, by entering the five-tuple in network interface packet;The five-tuple includes:Source IP, source port, purpose IP, destination interface and protocol type.
6. the data leakage prevention method based on RDP as claimed in claim 3, it is characterised in that the operation behavior includes:Magnetic disc shares, file copy and printing are shared.
7. the data leakage prevention method based on RDP as claimed in claim 3, it is characterised in that the duct size information includes:Pipeline A protocol packages, pipeline B protocol packages and pipeline C protocol packages.
8. the data leakage prevention method based on RDP as claimed in claim 7, it is characterised in that confirm that the method for operation behavior corresponding to duct size information is specially in the long-range connection in step S4:
When pipeline A protocol packages occur, pipeline C protocol packages also occurred, then remotely user's login interface has been arrived in connection to RDP, with the statistical information for constantly initializing pipeline C;
When there are the pipeline B protocol packages initiated by RDP terminals, then current RDP terminals carry out clipbook operation behavior;
After operating characteristics occur in pipeline C protocol packages, then current RDP terminals interact behavior.
9. the data leakage prevention method based on RDP as claimed in claim 7, it is characterised in that the step S5 specifically includes following steps:
S5a, according to pipeline A protocol packages cumulative information statistics draw RDP Telnet behaviors;
S5b, the pipeline B protocol packages cumulative information statistics initiated after login according to terminal draw clipbook behavior;
S5c, magnetic disc shares or the shared behavior of printing are drawn according to pipeline C protocol packages cumulative information statistics after login;
S5d, after magnetic disc shares or printing shared behavior are met, data copy behavior is drawn according to signature analysis in pipeline C protocol packages.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610294344.7A CN107346380A (en) | 2016-05-05 | 2016-05-05 | A kind of anti-data-leakage system and method based on RDP |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610294344.7A CN107346380A (en) | 2016-05-05 | 2016-05-05 | A kind of anti-data-leakage system and method based on RDP |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107346380A true CN107346380A (en) | 2017-11-14 |
Family
ID=60253876
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610294344.7A Pending CN107346380A (en) | 2016-05-05 | 2016-05-05 | A kind of anti-data-leakage system and method based on RDP |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107346380A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102984159A (en) * | 2012-12-05 | 2013-03-20 | 浙江省电力公司 | Secure access logic control method based on terminal access behavior and platform server |
CN104468491A (en) * | 2013-09-25 | 2015-03-25 | 无锡华御信息技术有限公司 | Virtual desktop system and method based on secure channel |
CN104753887A (en) * | 2013-12-31 | 2015-07-01 | 中国移动通信集团黑龙江有限公司 | Safety control implementation method and system and cloud desktop system |
CN105025000A (en) * | 2015-06-03 | 2015-11-04 | 北京朋创天地科技有限公司 | Data access internal audit method oriented to virtual desktop and information safety apparatus |
-
2016
- 2016-05-05 CN CN201610294344.7A patent/CN107346380A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102984159A (en) * | 2012-12-05 | 2013-03-20 | 浙江省电力公司 | Secure access logic control method based on terminal access behavior and platform server |
CN104468491A (en) * | 2013-09-25 | 2015-03-25 | 无锡华御信息技术有限公司 | Virtual desktop system and method based on secure channel |
CN104753887A (en) * | 2013-12-31 | 2015-07-01 | 中国移动通信集团黑龙江有限公司 | Safety control implementation method and system and cloud desktop system |
CN105025000A (en) * | 2015-06-03 | 2015-11-04 | 北京朋创天地科技有限公司 | Data access internal audit method oriented to virtual desktop and information safety apparatus |
Non-Patent Citations (1)
Title |
---|
郑兴艳: ""安全虚拟桌面系统的设计与实现"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7188365B2 (en) | Method and system for securely scanning network traffic | |
US8443190B2 (en) | Method for securing a two-way communications channel and device for implementing said method | |
US20050050362A1 (en) | Content inspection in secure networks | |
CN104767748B (en) | Opc server security protection system | |
CN109660546B (en) | API gateway authentication realization method based on NetflixZuul | |
CN105007272A (en) | Information exchange system with safety isolation | |
CN104426837B (en) | The application layer message filtering method and device of FTP | |
CN107172020A (en) | A kind of network data security exchange method and system | |
US20070011448A1 (en) | Using non 5-tuple information with IPSec | |
CN104009972B (en) | The Verification System and its authentication method of network security access | |
CN108810023A (en) | Safe encryption method, key sharing method and safety encryption isolation gateway | |
US20150341317A1 (en) | Unidirectional Deep Packet Inspection | |
Bibhu et al. | A review of security of the cloud computing over business with implementation | |
CN106941491A (en) | The safety application data link layer device and communication means of power information acquisition system | |
CN114598540A (en) | Access control system, method, device and storage medium | |
CN111314381A (en) | Safety isolation gateway | |
CN110266725A (en) | Cryptosecurity isolation module and mobile office security system | |
CN114365129A (en) | Simultaneous encryption enablement on an operational path at a storage port | |
CN109729099A (en) | A kind of Internet of Things traffic flow analysis method based on Android VPNService | |
Ranjan et al. | Security analysis of TLS authentication | |
Xu et al. | Research on network security of VPN technology | |
Conklin et al. | Principles of computer security: Comptia security+ and beyond | |
US20090271852A1 (en) | System and Method for Distributing Enduring Credentials in an Untrusted Network Environment | |
US20220337591A1 (en) | Controlling command execution in a computer network | |
CN107346380A (en) | A kind of anti-data-leakage system and method based on RDP |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20171114 |
|
WD01 | Invention patent application deemed withdrawn after publication |