CN107346380A - A kind of anti-data-leakage system and method based on RDP - Google Patents

A kind of anti-data-leakage system and method based on RDP Download PDF

Info

Publication number
CN107346380A
CN107346380A CN201610294344.7A CN201610294344A CN107346380A CN 107346380 A CN107346380 A CN 107346380A CN 201610294344 A CN201610294344 A CN 201610294344A CN 107346380 A CN107346380 A CN 107346380A
Authority
CN
China
Prior art keywords
rdp
data
protocol
pipeline
behavior
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610294344.7A
Other languages
Chinese (zh)
Inventor
高曦
牟永鹏
王斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing VRV Software Corp Ltd
Original Assignee
Beijing VRV Software Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing VRV Software Corp Ltd filed Critical Beijing VRV Software Corp Ltd
Priority to CN201610294344.7A priority Critical patent/CN107346380A/en
Publication of CN107346380A publication Critical patent/CN107346380A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Abstract

The invention discloses a kind of anti-data-leakage system and method based on RDP, the system includes:Safety management module, authentication module, data acquisition module, protocol-analysis model and access control module.The present invention can carry out authentication to the RDP terminals at remote access data center, it is ensured that legal use;It is small to original RDP terminals and data center's change, do not influenceed by RDP remote virtualizations technical implementation way and framework;Data center can be prevented to flow to the unauthorised data of RDP terminals;The anti-data-leakage system records to the certification request of each RDP terminals, even if the situation of malicious access occurs, the certification request by inquiring about the anti-data-leakage system records can be with fast positioning to the RDP terminals for carrying out malicious access.

Description

One kind is based on RDP Anti-data-leakage system and method
Technical field
The present invention relates to remote virtualization security technology area, and in particular to one kind is based on RDP Anti-data-leakage system and method.
Background technology
Existing remote data center is usually used PC Terminal, and use RDP Agreement carries out data interaction, and RDP Remote protocol can be by sharing the local file copy with data center of the progress such as local disk, peripheral hardware.This agreement exchanging safety is weaker, and easily the agent-protected file of data center or data are just copied in the case of without permission and leaked.Simultaneously as RDP Long-range connection configuration is typically can have malicious user by shared local disk directly by user's selection to get the risk of data center's protected data.
The content of the invention
It is an object of the present invention in order to solve the above technical problems, provide it is a kind of can effectively prevent agent-protected file or data without permission in the case of be just copied leak based on RDP Anti-data-leakage system and method.
In order to solve the above technical problems, the present invention adopts the following technical scheme that:One kind is based on RDP Anti-data-leakage system, including safety management module, authentication module, data acquisition module, protocol-analysis model and access control module, wherein:
Safety management module, for carrying out safety management to the anti-data-leakage system, typing is legal RDP Terminal user and for its configuration access data center authorization message;
Authentication module, for described RDP The identity of terminal user is differentiated, the authentication information inputted according to user, judges whether user is legal RDP Terminal user;
Data acquisition module, the network data of the anti-data-leakage system is flowed through for gathering in real time, obtained RDP Terminal to anti-data-leakage system, RDP Terminal is to the data between data center;
Protocol-analysis model, for the network data progress to collection RDP Protocol analysis, it is non-to abandon the network data RDP Protocol data bag, obtain in the network data RDP Login, clipbook and data copy behavior;
Access control module, for pair RDP Data flow between terminal and data center conducts interviews control, according to the authorization message, described in judgement RDP Whether the operation behavior of terminal is legal, the data flow of being let pass if operation behavior is legal, otherwise blocks the data flow.
It is based on as the aforementioned RDP Anti-data-leakage system, the authentication information includes user name, password code and digital certificate, and the authorization message includes whether to allow clipbook operation behavior, the behavior of magnetic disc shares file copy and the shared behavior of printing.
The present invention also provides one kind and is based on RDP Data leakage prevention method, including:
S1 RDP Terminal access anti-data-leakage system, the authentication information that anti-data-leakage system is inputted by user, judge whether user is legal user;
S2 RDP Terminal is remotely connected by anti-data-leakage system with data center;
S3 , gather on bridge network interface RDP Terminal be remotely connected with data center in network data;
S4 , confirmed according to the network data analysis that collects the long-range connection whether be RDP Long-range connection, and the network data of collection is carried out RDP Protocol analysis, it is non-to abandon the network data RDP Protocol data bag, confirm operation behavior corresponding to duct size information in the long-range connection;
S5 , by analyzing operation behavior, confirm RDP Terminal is with the presence or absence of data transfer copy behavior;
S6 , it is right RDP Data flow between terminal and data center conducts interviews control, is matched according to authentication information with the authorization message being pre-configured with anti-data-leakage system, described in judgement RDP Whether the operation behavior of terminal is legal, the data flow of being let pass if operation behavior is legal, otherwise blocks the data flow.
It is based on as the aforementioned RDP Data leakage prevention method, it is described be analyzed to identify the long-range connection whether be RDP The specific method remotely connected is:First confiring that the destination interface remotely connected is 3389 , and confirm that preceding four bytes are in the first packet after three-way handshake RDP Protocol characteristic.
It is based on as the aforementioned RDP Data leakage prevention method, described be remotely connected as in described be analyzed to identify RDP Also include before long-range connection:Terminal is initiated to data center RDP After remote connection request, data acquisition module is established based on current by gathering into network interface packet by entering the five-tuple in network interface packet RDP The flow table information remotely connected;The five-tuple includes:Source IP , source port, purpose IP , destination interface and protocol type.
It is based on as the aforementioned RDP Data leakage prevention method, the operation behavior includes:Magnetic disc shares, file copy and printing are shared.
It is based on as the aforementioned RDP Data leakage prevention method, the duct size information includes:Pipeline A Protocol package, pipeline B Protocol package and pipeline C Protocol package.
It is based on as the aforementioned RDP Data leakage prevention method, step S4 It is middle to confirm that the method for operation behavior corresponding to duct size information is specially in the long-range connection:
Pipeline A When protocol package occurs, pipeline C Protocol package also occurred, then RDP User's login interface has been arrived in long-range connection, same constantly to initialize pipeline C Statistical information;
Occur by RDP The pipeline that terminal is initiated B During protocol package, then currently RDP Terminal carries out clipbook operation behavior;
Pipeline C After operating characteristics occurs in protocol package, then currently RDP Terminal interacts behavior.
It is based on as the aforementioned RDP Data leakage prevention method, the step S5 Specifically include following steps:
S5a , according to pipeline A Protocol package cumulative information statistics is drawn RDP Telnet behavior;
S5b , after login according to terminal initiate pipeline B Protocol package cumulative information statistics draws clipbook behavior;
S5c , after login according to pipeline C Protocol package cumulative information statistics draws magnetic disc shares or the shared behavior of printing;
S5d , after magnetic disc shares or printing shared behavior are met, according to pipeline C Signature analysis draws data copy behavior in protocol package.
Compared with prior art, the present invention is by setting safety management module, authentication module, data acquisition module, protocol-analysis model and access control module, so as to remote access data center RDP Terminal carries out authentication, it is ensured that legal use;To original RDP Terminal and data center change it is small, not by RDP Remote virtualization technical implementation way and framework influence;Data center can be prevented to arrive RDP The unauthorised data flowing of terminal;The anti-data-leakage system is to each RDP The certification request of terminal is recorded, even if the situation of malicious access occurs, the certification request by inquiring about the anti-data-leakage system records can be with fast positioning to progress malicious access RDP Terminal.
Brief description of the drawings
Figure 1 For present system structural representation;
Figure 2 For the inventive method schematic flow sheet;
Figure 3 For in the present invention RDP The flow chart that terminal is remotely connected by anti-data-leakage system with data center;
Figure 4 The packet flow chart for being anti-data-leakage system in the present invention during acquisition terminal is remotely connected with data center on bridge network interface;
Figure 5 For anti-data-leakage system in the present invention according to the data packet analysis that collects confirm long-range connection whether be RDP Long-range connection flow chart.
The present invention is further illustrated with reference to the accompanying drawings and detailed description.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is explicitly described, it is clear that, described embodiment is part of the embodiment of the present invention, rather than whole embodiments.
The embodiment of the present invention 1 , such as scheme 1 Shown, present embodiment discloses one kind to be based on RDP Anti-data-leakage system 120 , including:
Including safety management module 121 , authentication module 122 , data acquisition module 123 , protocol-analysis model 124 And access control module 125 , wherein:
Safety management module 121 , for the anti-data-leakage system 120 Safety management is carried out, typing is legal RDP Terminal user and be its configuration access data center 130 Authorization message;
Authentication module 122 , for described RDP The identity of terminal user is differentiated, the authentication information inputted according to user, judges whether user is legal RDP Terminal user;
Data acquisition module 123 , the anti-data-leakage system is flowed through for gathering in real time 120 Network data, obtain RDP Terminal 110 To anti-data-leakage system 120 RDP Terminal 110 To data center 130 Between data;
Protocol-analysis model 124 , for the network data progress to collection RDP Protocol analysis, it is non-to abandon the network data RDP Protocol data bag, obtain in the network data RDP Login, clipbook and data copy behavior;
Access control module 125 , for pair RDP Terminal 110 With data center 130 Between data flow conduct interviews control, according to the authorization message, described in judgement RDP Terminal 110 Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
It is based on as the aforementioned RDP Anti-data-leakage system 120 , the authentication information includes user name, password code and digital certificate, and the authorization message includes whether to allow clipbook operation behavior, the behavior of magnetic disc shares file copy and the shared behavior of printing.
The embodiment of the present invention 2 , one kind is also provided present embodiment discloses the present invention and is based on RDP Data leakage prevention method, including:
S1 , terminal access anti-data-leakage system 120 , anti-data-leakage system 120 The authentication information inputted by user, judges whether user is legal user;
S2 , terminal pass through anti-data-leakage system 120 With data center 130 Remotely connected;Such as figure 3 It is shown, it is this step S2 A preferred embodiment :
Step 201 , keeper 140 The anti-data-leakage system is logged in by browser WEB Administration page.
Step 202 , keeper 140 In step 201 Added in middle management system RDP Terminal 110 Certification account, including username and password.
Step 203 , keeper 140 According to RDP Terminal 110 Access data center 130 Authority, configure above-mentioned steps 202 The operating right of the account of middle addition.
, gather on bridge network interface RDP Terminal 110 With data center 130 Network data in long-range connection;Such as figure 4 It is shown, it is this step S3 A preferred embodiment :
Step 301 , RDP Terminal 110 By the certification page of anti-data-leakage system described in browser access, username and password is inputted in certification page and clicks on login, now browser can pass through the username and password of user data HTTPS Agreement is sent to the authentication module in the anti-data-leakage system 122
Step 302 , authentication module 122 Receive RDP Terminal 11 After the certification request sent, the username and password information in request is extracted, is then matched with the account information of storage, obtains authentication result;
Step 303 , authentication module 122 Authentication result is passed through HTTPS Agreement returns to RDP Terminal 110
S4 , confirmed according to the network data analysis that collects the long-range connection whether be RDP Long-range connection, and the network data of collection is carried out RDP Protocol analysis, it is non-to abandon the network data RDP Protocol data bag, confirm operation behavior corresponding to the duct size information in the long-range connection;
Such as figure 5 It is shown, it is this step S4 A kind of preferred embodiment:
Step 401 , RDP Terminal 110 , can be to data center after certification success 130 Initiate RDP Remote connection request, the anti-data-leakage system pass through the five-tuple in packet by gathering into network interface packet(Source IP , source port, purpose IP , destination interface, protocol type)Establish based on current RDP The flow table information remotely connected;And the destination interface in analyze data bag whether be 3389 , and preceding four byte datas in the first packet whether be RDP Consensus standard feature.
Step 402 , RDP Terminal 110 With data center 130 Establish RDP After long-range connection, the anti-data-leakage system is based on above-mentioned steps 401 In flow table information, analysis record RDP Duct size information in long-range connection, works as pipeline A When protocol package occurs, pipeline C Protocol package also occurred, then illustrated RDP User's login interface has been arrived in long-range connection, now initializes pipeline C Statistical information;
Step 403 , RDP Terminal 110 Logon data center 130 Afterwards, the anti-data-leakage system 120 Pass through statistical analysis is all RDP The packet remotely connected.When occur by RDP Terminal 110 The pipeline of initiation B During protocol package, then show current RDP Terminal 110 Carry out clipbook operation behavior;By to pipeline C Protocol package is counted, and works as pipeline C After operating characteristics occurs in protocol package, it can confirm that current RDP Terminal 110 Carry out magnetic disc shares, file copy or print the operation behavior such as shared;The anti-data-leakage system 120 According to step 401 Described in the operation behavior that currently connects of flow table information record;
Step 404 , the anti-data-leakage system 120 Foundation RDP Terminal 110 In above-mentioned figure 4 The authority information of the authentication of middle progress, confirm current RDP Terminal 110 's RDP Whether long-range connection has above-mentioned steps 403 In operation behavior, related protocol bag is abandoned if without corresponding operating authority, it is ensured that data center 130 Leaking data;The normal retransmission protocol bag if having its respective operations authority.
, by analyzing operation behavior, confirm RDP Terminal 110 Behavior is copied with the presence or absence of data transfer;Specifically include following steps:
S5a , according to pipeline A Protocol package cumulative information statistics is drawn RDP Telnet behavior;
S5b , after login according to RDP Terminal 110 The pipeline of initiation B Protocol package cumulative information statistics draws clipbook behavior;
S5c , after login according to pipeline C Protocol package cumulative information statistics draws magnetic disc shares or the shared behavior of printing;
S5d , after magnetic disc shares or printing shared behavior are met, according to pipeline C Signature analysis draws data copy behavior in protocol package.
, it is right RDP Terminal 110 With data center 130 Between data flow conduct interviews control, according to authentication information and anti-data-leakage system 120 In the authorization message that is pre-configured with matched, described in judgement RDP Terminal 110 Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
The embodiment of the present invention 3 , such as scheme 2 It is shown, one kind is also provided present embodiment discloses the present invention and is based on RDP Data leakage prevention method, including:
S1 RDP Terminal 110 Access anti-data-leakage system 120 , anti-data-leakage system 120 The authentication information inputted by user, judges whether user is legal user;
S2 RDP Terminal 110 Pass through anti-data-leakage system 120 With data center 130 Remotely connected;
S3 , gather on bridge network interface RDP Terminal 110 With data center 130 Network data in long-range connection;
S4 , confirmed according to the network data analysis that collects the long-range connection whether be RDP Long-range connection, it is described be analyzed to identify the long-range connection whether be RDP Remotely connection specific method is:First confiring that the destination interface remotely connected is 3389 , and confirm that preceding four bytes are in the first packet after three-way handshake RDP Protocol characteristic;And the network data of collection is carried out RDP Protocol analysis, it is non-to abandon the network data RDP Protocol data bag, confirm operation behavior corresponding to the duct size information in the long-range connection;
S5 , by analyzing operation behavior, confirm RDP Terminal 110 Behavior is copied with the presence or absence of data transfer;
S6 , it is right RDP Terminal 110 With data center 130 Between data flow conduct interviews control, according to authentication information and anti-data-leakage system 120 In the authorization message that is pre-configured with matched, described in judgement RDP Terminal 110 Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
The embodiment of the present invention 4 , such as scheme 2 It is shown, one kind is also provided present embodiment discloses the present invention and is based on RDP Data leakage prevention method, including:
S1 RDP Terminal 110 Access anti-data-leakage system 120 , anti-data-leakage system 120 The authentication information inputted by user, judges whether user is legal user;
S2 RDP Terminal 110 Pass through anti-data-leakage system 120 With data center 130 Remotely connected;
S3 , gather on bridge network interface RDP Terminal 110 With data center 130 Network data in long-range connection;
S4 , confirmed according to the network data analysis that collects the long-range connection whether be RDP Long-range connection, and the network data of collection is carried out RDP Protocol analysis, it is non-to abandon the network data RDP Protocol data bag, confirm operation behavior corresponding to the duct size information in the long-range connection;The duct size information includes:Pipeline A Protocol package, pipeline B Protocol package and pipeline C Protocol package;Otherwise step is carried out S4c; It is described RDP The analytic method of agreement is:
S4a If, confirm that the long-range connection is RDP Connection is then obtained by protocol analysis RDP Duct size information in agreement,
S4b , record the packet cumulative information of each pipeline, and count interbehavior;The interbehavior includes:Magnetic disc shares, file copy and printing are shared.
, packet discard, block RDP Terminal 110 Access data center 130
S5 , by analyzing operation behavior, confirm RDP Terminal 110 Behavior is copied with the presence or absence of data transfer;
S6 , it is right RDP Terminal 110 With data center 130 Between data flow conduct interviews control, according to authentication information and anti-data-leakage system 120 In the authorization message that is pre-configured with matched, described in judgement RDP Terminal 110 Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
The embodiment of the present invention 6 , such as scheme 2 It is shown, one kind is also provided present embodiment discloses the present invention and is based on RDP Data leakage prevention method, including:
S1 RDP Terminal 110 Access anti-data-leakage system 120 , anti-data-leakage system 120 The authentication information inputted by user, judges whether user is legal user;
S2 RDP Terminal 110 Pass through anti-data-leakage system 120 With data center 130 Remotely connected;
S3 , gather on bridge network interface RDP Terminal 110 With data center 130 Network data in long-range connection; S4 RDP Terminal 110 To data center 130 Initiate RDP After remote connection request, the anti-data-leakage system 120 By gathering into network interface packet, established by entering the five-tuple in network interface packet based on current RDP The flow table information remotely connected;The five-tuple includes:Source IP , source port, purpose IP , destination interface and protocol type;
According to the network data analysis that collects confirm the long-range connection whether be RDP Long-range connection, and the network data of collection is carried out RDP Protocol analysis, it is non-to abandon the network data RDP Protocol data bag, confirm operation behavior corresponding to the duct size information in the long-range connection;
S5 , by analyzing operation behavior, confirm RDP Terminal 110 Behavior is copied with the presence or absence of data transfer;
S6 , it is right RDP Terminal 110 With data center 130 Between data flow conduct interviews control, according to authentication information and anti-data-leakage system 120 In the authorization message that is pre-configured with matched, described in judgement RDP Terminal 110 Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
The embodiment of the present invention 7 , such as scheme 2 It is shown, one kind is also provided present embodiment discloses the present invention and is based on RDP Data leakage prevention method, including:
S1 RDP Terminal 110 Access anti-data-leakage system 120 , anti-data-leakage system 120 The authentication information inputted by user, judges whether user is legal user;
S2 RDP Terminal 110 Pass through anti-data-leakage system 120 With data center 130 Remotely connected;
S3 , gather on bridge network interface RDP Terminal 110 With data center 130 Network data in long-range connection; S4 , confirmed according to the network data analysis that collects the long-range connection whether be RDP Long-range connection, and the network data of collection is carried out RDP Protocol analysis, it is non-to abandon the network data RDP Protocol data bag, confirm operation behavior corresponding to the duct size information in the long-range connection;The duct size information includes:Pipeline A Protocol package, pipeline B Protocol package and pipeline C Protocol package;
The method of operation behavior is specially corresponding to duct size information in the long-range connection of confirmation:
Pipeline A When protocol package occurs, pipeline C Protocol package also occurred, then RDP User's login interface has been arrived in long-range connection, same constantly to initialize pipeline C Statistical information;
Occur by RDP Terminal 110 The pipeline of initiation B During protocol package, then currently RDP Terminal 110 Carry out clipbook operation behavior;
Pipeline C After operating characteristics occurs in protocol package, then currently RDP Terminal 110 Interact behavior.
, by analyzing operation behavior, confirm RDP Terminal 110 Behavior is copied with the presence or absence of data transfer;
S6 , it is right RDP Terminal 110 With data center 130 Between data flow conduct interviews control, according to authentication information and anti-data-leakage system 120 In the authorization message that is pre-configured with matched, described in judgement RDP Terminal 110 Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
The embodiment of the present invention 8 , such as scheme 2 It is shown, one kind is also provided present embodiment discloses the present invention and is based on RDP Data leakage prevention method, including:
S1 RDP Terminal 110 Access anti-data-leakage system 120 , anti-data-leakage system 120 The authentication information inputted by user, judges whether user is legal user;
S2 RDP Terminal 110 Pass through anti-data-leakage system 120 With data center 130 Remotely connected;
S3 , gather on bridge network interface RDP Terminal 110 With data center 130 Network data in long-range connection;
S4 , confirmed according to the network data analysis that collects the long-range connection whether be RDP Long-range connection, and the network data of collection is carried out RDP Protocol analysis, it is non-to abandon the network data RDP Protocol data bag, confirm operation behavior corresponding to the duct size information in the long-range connection;The duct size information includes:Pipeline A Protocol package, pipeline B Protocol package and pipeline C Protocol package;The confirmation method of the interaction protocol is:
S5 , by analyzing operation behavior, confirm RDP Terminal 110 Behavior is copied with the presence or absence of data transfer;Specifically include following steps:
S5a , according to pipeline A Protocol package cumulative information statistics is drawn RDP Terminal 110 Telnet behavior;
S5b , after login according to terminal initiate pipeline B Protocol package cumulative information statistics draws clipbook behavior;
S5c , after login according to pipeline C Protocol package cumulative information statistics draws magnetic disc shares or the shared behavior of printing;
S5d , after magnetic disc shares or printing shared behavior are met, according to pipeline C Signature analysis draws data copy behavior in protocol package.
, it is right RDP Terminal 110 With data center 130 Between data flow conduct interviews control, according to authentication information and anti-data-leakage system 120 In the authorization message that is pre-configured with matched, described in judgement RDP Terminal 110 Operation behavior it is whether legal, the data flow of being let pass if operation behavior is legal, otherwise block the data flow.
It is described above; embodiment only of the invention, but protection scope of the present invention is not limited thereto, any one skilled in the art the invention discloses technical scope in; the change or replacement that can be readily occurred in, it should all be included within the scope of the present invention.Therefore, protection scope of the present invention described should be defined by scope of the claims.

Claims (9)

1. a kind of anti-data-leakage system based on RDP, including safety management module, authentication module, data acquisition module, protocol-analysis model and access control module, it is characterised in that:
Safety management module, for the anti-data-leakage system carry out safety management, the legal RDP terminal users of typing and for its configuration access data center authorization message;
Authentication module, for differentiating to the identity of the RDP terminal users, according to the authentication information of user's input, judge whether user is legal RDP terminal users;
Data acquisition module, the network data of the anti-data-leakage system is flowed through for gathering in real time, obtain RDP terminals to anti-data-leakage system, RDP terminals to the data between data center;
Protocol-analysis model, for carrying out RDP protocol analysis to the network data of collection, the non-RDP protocol datas bag of the network data is abandoned, obtains RDP logins, clipbook and the data copy behavior in the network data;
Access control module, for the control that conducted interviews to the data flow between RDP terminals and data center, according to the authorization message, judge whether the operation behavior of the RDP terminals is legal, let pass if operation behavior is legal the data flow, otherwise block the data flow.
2. the anti-data-leakage system based on RDP as claimed in claim 1, it is characterized in that, the authentication information includes user name, password code and digital certificate, and the authorization message includes whether to allow clipbook operation behavior, the behavior of magnetic disc shares file copy and the shared behavior of printing.
A kind of 3. data leakage prevention method based on RDP, it is characterised in that including:
S1, RDP terminal access anti-data-leakage system, the authentication information that anti-data-leakage system is inputted by user, judge whether user is legal user;
S2, RDP terminal are remotely connected by anti-data-leakage system with data center;
S3, on bridge network interface gather RDP terminals be remotely connected with data center in network data;
The network data analysis that S4, basis collect confirms whether the long-range connection is that RDP is remotely connected, and RDP protocol analysis is carried out to the network data of collection, the non-RDP protocol datas bag of the network data is abandoned, confirms operation behavior corresponding to duct size information in the long-range connection;
S5, by analyzing operation behavior, confirm RDP terminals with the presence or absence of data transfer copy behavior;
S6, conduct interviews control to the data flow between RDP terminals and data center, matched according to authentication information with the authorization message being pre-configured with anti-data-leakage system, judge whether the operation behavior of the RDP terminals is legal, let pass if operation behavior is legal the data flow, otherwise block the data flow.
4. the data leakage prevention method based on RDP as claimed in claim 3, it is characterised in that described to be analyzed to identify whether the long-range connection is that the specific method that RDP is remotely connected is:First confirm that the destination interface remotely connected is 3389, and confirm that preceding four bytes are RDP protocol characteristics in the first packet after three-way handshake.
5. the data leakage prevention method based on RDP as claimed in claim 3, it is characterised in that described long-range be connected as RDP in described be analyzed to identify and remotely also include before connection:After terminal initiates RDP remote connection requests to Visualized data centre, data acquisition module establishes the flow table information remotely connected based on current RDP by gathering into network interface packet, by entering the five-tuple in network interface packet;The five-tuple includes:Source IP, source port, purpose IP, destination interface and protocol type.
6. the data leakage prevention method based on RDP as claimed in claim 3, it is characterised in that the operation behavior includes:Magnetic disc shares, file copy and printing are shared.
7. the data leakage prevention method based on RDP as claimed in claim 3, it is characterised in that the duct size information includes:Pipeline A protocol packages, pipeline B protocol packages and pipeline C protocol packages.
8. the data leakage prevention method based on RDP as claimed in claim 7, it is characterised in that confirm that the method for operation behavior corresponding to duct size information is specially in the long-range connection in step S4:
When pipeline A protocol packages occur, pipeline C protocol packages also occurred, then remotely user's login interface has been arrived in connection to RDP, with the statistical information for constantly initializing pipeline C;
When there are the pipeline B protocol packages initiated by RDP terminals, then current RDP terminals carry out clipbook operation behavior;
After operating characteristics occur in pipeline C protocol packages, then current RDP terminals interact behavior.
9. the data leakage prevention method based on RDP as claimed in claim 7, it is characterised in that the step S5 specifically includes following steps:
S5a, according to pipeline A protocol packages cumulative information statistics draw RDP Telnet behaviors;
S5b, the pipeline B protocol packages cumulative information statistics initiated after login according to terminal draw clipbook behavior;
S5c, magnetic disc shares or the shared behavior of printing are drawn according to pipeline C protocol packages cumulative information statistics after login;
S5d, after magnetic disc shares or printing shared behavior are met, data copy behavior is drawn according to signature analysis in pipeline C protocol packages.
CN201610294344.7A 2016-05-05 2016-05-05 A kind of anti-data-leakage system and method based on RDP Pending CN107346380A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610294344.7A CN107346380A (en) 2016-05-05 2016-05-05 A kind of anti-data-leakage system and method based on RDP

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610294344.7A CN107346380A (en) 2016-05-05 2016-05-05 A kind of anti-data-leakage system and method based on RDP

Publications (1)

Publication Number Publication Date
CN107346380A true CN107346380A (en) 2017-11-14

Family

ID=60253876

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610294344.7A Pending CN107346380A (en) 2016-05-05 2016-05-05 A kind of anti-data-leakage system and method based on RDP

Country Status (1)

Country Link
CN (1) CN107346380A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102984159A (en) * 2012-12-05 2013-03-20 浙江省电力公司 Secure access logic control method based on terminal access behavior and platform server
CN104468491A (en) * 2013-09-25 2015-03-25 无锡华御信息技术有限公司 Virtual desktop system and method based on secure channel
CN104753887A (en) * 2013-12-31 2015-07-01 中国移动通信集团黑龙江有限公司 Safety control implementation method and system and cloud desktop system
CN105025000A (en) * 2015-06-03 2015-11-04 北京朋创天地科技有限公司 Data access internal audit method oriented to virtual desktop and information safety apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102984159A (en) * 2012-12-05 2013-03-20 浙江省电力公司 Secure access logic control method based on terminal access behavior and platform server
CN104468491A (en) * 2013-09-25 2015-03-25 无锡华御信息技术有限公司 Virtual desktop system and method based on secure channel
CN104753887A (en) * 2013-12-31 2015-07-01 中国移动通信集团黑龙江有限公司 Safety control implementation method and system and cloud desktop system
CN105025000A (en) * 2015-06-03 2015-11-04 北京朋创天地科技有限公司 Data access internal audit method oriented to virtual desktop and information safety apparatus

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
郑兴艳: ""安全虚拟桌面系统的设计与实现"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Similar Documents

Publication Publication Date Title
US7188365B2 (en) Method and system for securely scanning network traffic
US8443190B2 (en) Method for securing a two-way communications channel and device for implementing said method
US20050050362A1 (en) Content inspection in secure networks
CN104767748B (en) Opc server security protection system
CN109660546B (en) API gateway authentication realization method based on NetflixZuul
CN105007272A (en) Information exchange system with safety isolation
CN104426837B (en) The application layer message filtering method and device of FTP
CN107172020A (en) A kind of network data security exchange method and system
US20070011448A1 (en) Using non 5-tuple information with IPSec
CN104009972B (en) The Verification System and its authentication method of network security access
CN108810023A (en) Safe encryption method, key sharing method and safety encryption isolation gateway
US20150341317A1 (en) Unidirectional Deep Packet Inspection
Bibhu et al. A review of security of the cloud computing over business with implementation
CN106941491A (en) The safety application data link layer device and communication means of power information acquisition system
CN114598540A (en) Access control system, method, device and storage medium
CN111314381A (en) Safety isolation gateway
CN110266725A (en) Cryptosecurity isolation module and mobile office security system
CN114365129A (en) Simultaneous encryption enablement on an operational path at a storage port
CN109729099A (en) A kind of Internet of Things traffic flow analysis method based on Android VPNService
Ranjan et al. Security analysis of TLS authentication
Xu et al. Research on network security of VPN technology
Conklin et al. Principles of computer security: Comptia security+ and beyond
US20090271852A1 (en) System and Method for Distributing Enduring Credentials in an Untrusted Network Environment
US20220337591A1 (en) Controlling command execution in a computer network
CN107346380A (en) A kind of anti-data-leakage system and method based on RDP

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20171114

WD01 Invention patent application deemed withdrawn after publication