CN107819787A - One kind prevents LAN computer illegal external connection system and method - Google Patents
One kind prevents LAN computer illegal external connection system and method Download PDFInfo
- Publication number
- CN107819787A CN107819787A CN201711239286.9A CN201711239286A CN107819787A CN 107819787 A CN107819787 A CN 107819787A CN 201711239286 A CN201711239286 A CN 201711239286A CN 107819787 A CN107819787 A CN 107819787A
- Authority
- CN
- China
- Prior art keywords
- unit
- monitoring
- protective
- protective unit
- control unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
The present invention relates to computer security technique field, and in particular to a kind of method for preventing LAN computer illegal external connection, this method are:Control unit sends authentication request to server end;Server end, come configuration monitoring strategy and prevention policies, and sends it to the control unit of application layer according to authentication request;Monitoring strategies and prevention policies are sent respectively to monitoring unit and protective unit by the control unit of application layer;The monitoring strategies of Surveillance center's cell call monitoring unit are loaded into object listing, are arranged in order in object listing according to the probability of triggering protective unit;File driving unit travels through and intercepted and captured the message that object element matches with object listing according to object listing;The message intercepted and captured is done to the operation of cut-off end processing by protective unit.The present invention using protective unit intercepting system process and is performed corresponding prevention policies, is reached the purpose for preventing LAN computer illegal external connection using monitoring and prevention policies.
Description
Technical field
The present invention relates to computer security technique field, and in particular to it is a kind of prevent LAN computer illegal external connection be
System and its method.
Background technology
Currently, some internal networks with higher-security, such as the network of government department, military service, are usually used
And external network, such as Internet, implement physically-isolated method to ensure the security of its network.Physical isolation ensure that
Any possible physical link is not present between external network and internal network, has cut off the passage of information leakage.It is but true proper
Just conversely, because management system unsound or lacking effective terminal monitoring technology, individual user utilizes electricity in internal network
Words dialing, the internet access facility of plug and play, outer even internet carry out private operation, and physical isolation environment is destroyed.Separately
Outside, the mixed situation of terminal intranet and extranet is more universal, causes internal network convert channel occur, will after being utilized by hacker or virus
Cause to divulge a secret or influence information system performance.These behaviors are referred to as illegal external connection.
In physically-isolated inner-mesh network is implemented, element of the host terminal as information system possesses point
Cloth is wide, the characteristic such as enormous amount, due to the randomness of host terminal operation, it is difficult to management and control is carried out using technical measures, therefore it is main
Machine terminal is as one of stolen source of malicious attack, viral transmission, information.
Illegal external connection makes script closed system environment and external network convert channel occur, internal network will face virus,
A variety of security threats such as wooden horse, unauthorized access, data eavesdropping, Brute Force, cause network structure, server disposition, safety
The information such as safeguard procedures are compromised, or even destroyed across security domain, across a network.
In summary, most rapid, most tight defence capability need to be formed from Gen Ben by reducing illegal external connection risk.One
Aspect needs to improve security protection consciousness, and most important aspect, which needs remain for one kind, effectively prevents that LAN computer is illegally outer
The method of connection.
The content of the invention
The invention provides a kind of system and method for preventing LAN computer illegal external connection, using monitoring and protection
Strategy, using protective unit intercepting system process, and corresponding prevention policies are performed, reaching prevents that LAN computer is illegally outer
The purpose of connection.
In order to reach above-mentioned technical purpose, the technical solution adopted in the present invention is as follows:
A kind of method for preventing LAN computer illegal external connection, it is characterised in that:Comprise the following steps:
S01:The control unit of application layer sends authentication request to server end;
S02:The server end is according to the authentication request by dispensing unit come configuration monitoring strategy and protection plan
Slightly, the monitoring strategies and prevention policies are sent to the control unit of the application layer by the server end;
S03:The control unit of the application layer by the monitoring strategies and prevention policies be sent respectively to monitoring unit and
Protective unit;
S04:The monitoring strategies of monitoring unit are loaded into object listing described in Surveillance center's cell call, the target column
It is arranged in order in table according to the probability of triggering protective unit;
S05:File driving unit travels through according to the object listing and intercepts and captures what object element matched with the object listing
Message, the message is calls USB to drive, CD-ROM drive drives and the one or more of trawl performance;
S06:The message intercepted and captured is done to the operation of cut-off end processing by the protective unit;
S07:After described control unit detects the self-prevention action of the protective unit, corresponding abnormal information is sent to exception
Administrative unit, the probability data of the exception management unit statistics triggering protective unit.
Further, the monitoring unit and protective unit are respectively API HOOK modules and file driving module.
Further, the file driving unit can monitor artificial modification IP address or DHCP obtains change IP address, and
By the feedback of the information of IP address variation to protective unit, the protective unit can intercept corresponding system program operation.
A kind of system for preventing LAN computer illegal external connection, it is characterised in that including positioned at server end and client
End,
The server end includes:
Identity authenticating unit, for receiving authentication request;
Dispensing unit, for, come configuration monitoring strategy and prevention policies, and being sent it to according to the authentication request
Client;
The client includes application layer and operating system layer, and the application layer includes:
Control unit, the monitoring strategies and prevention policies of the dispensing unit are come from for receiving, and are sent respectively to
Monitoring unit and protective unit;The protection data that exception management unit comes from protective unit are additionally operable to receive and are transmitted to, and
Receive and forward the probability data of triggering protective unit;
Monitoring unit, for being stored the monitoring strategies received and being transmitted to Surveillance center's unit;
Surveillance center's unit, for the object function to be loaded onto into object listing;
Object listing, for store need monitor and protect object listing, and by its according to triggering protective unit probability according to
Secondary arrangement;
Protective unit, for the object element according to intercepting and capturing, combinative prevention strategy makes the operation that cut-off terminates processing, and should
Secondary protection data are sent to described control unit;
Exception management unit, for receiving the protection data and the respectively probability data of statistics triggering protective unit.
Had the beneficial effect that caused by the present invention:
1st, the present invention uses the API HOOK technologies and file driving technology of the Windows bottoms, can be in operating system nucleus
Layer real-time blocking USB device access action is driven, so as to not influenceed completely by registration table, USB drivings or group policy, is shut out
The behavior of online is connected by U mouths absolutely.
2nd, invention increases the control to carry-on wifi and hot spot networks, and it is carry-on to what is increased newly on the market to follow up in real time
Wifi or similar means function of shielding, the online net behavior of local is managed, protect computer security and information security secret.
3rd, meeting of the invention reads Computer IP information from operating system nucleus driving layer, when Computer IP address passes through people
When obtaining change IP address for modification or DHCP, it can directly be defaulted as being that illegal external connection event occurs, direct action disabling calculates
Machine network interface card, prevents network safety event.
4th, object listing of the present invention can be arranged successively according to the probability for the protective unit that the client is triggered
Row object listing, when large-scale attack occurs, it is not necessary to be repeated and search matched object listing, can be fast
Speed makes prevention policies.
Brief description of the drawings
Fig. 1 is the flow chart of the present invention;
Fig. 2 is the structured flowchart of the present invention.
In figure:1- server ends, 2- clients, 3- application layers, 4- operating system layers, 5- identity authenticating units, 6-
Dispensing unit, 7- control units, 8- monitoring units, 9- protective units, 10- Surveillance center unit, 11- object listings, 12- files
Driver element, 13- object elements, 14- exception management units.
Embodiment
Come the further details of explanation present invention, but protection scope of the present invention with specific embodiment below in conjunction with the accompanying drawings
It is not limited to this.
At present, control of the conventional security protection means to USB storage device or mobile device, it is usually based on modification note
Volume table or USB drive or hidden the mode of drive, and come what is realized, this mode is surfed the Net for connections such as control mobile phone, tablet personal computers
Usually helpless, although because these equipment are transmitted using USB interface, communications protocol is then entirely different, in addition
The assistance of third party software so that be difficult to successfully manage such deposit by way of registration table, modification USB drivings or hiding drive
Equipment is stored up, while is also easy to slightly be understood the logical reversely edit the registry of technology people by some, repairs USB drivings or by modification group
Strategy and show hiding equipment again and easily bypass.Therefore, the method that current domestic similar limitation U mouths use usually faces
Functionally with it is for security deficiency and leak, the safety for the computer USB interface that can not adequately protect.And the present invention uses
The HOOK technologies and file driving technology of the Windows bottoms, layer real-time blocking USB device can be driven in operating system nucleus
Access acts, and so as to not influenceed completely by registration table, USB drivings or group policy, prevents the row by the connection online of U mouths
For.
As depicted in figs. 1 and 2, a kind of method for preventing LAN computer illegal external connection, comprises the following steps:
S01:The control unit 7 of application layer 3 sends authentication request to the identity authenticating unit 5 of server end 1;
S02:According to the authentication request by dispensing unit 6 come configuration monitoring strategy and prevention policies, the service
The monitoring strategies and prevention policies are sent to the control unit 7 of the application layer 3 by device end 1;
S03:The monitoring strategies and prevention policies are sent respectively to monitoring unit 8 by the control unit 7 of the application layer 3
With protective unit 9;
S04:Surveillance center's unit 10 calls the monitoring strategies of the monitoring unit 8 to be loaded into object listing 11, in institute
State in object listing 11 and be arranged in order according to the probability of triggering protective unit 9;
S05:File driving unit 12 travels through according to the object listing 11 and intercepts and captures object element 13 and the object listing 11
The message to match, the message is calls USB to drive, CD-ROM drive drives and the one or more of trawl performance;
S06:The message intercepted and captured is done to the operation of cut-off end processing by the protective unit 9;
S07:After described control unit 7 detects the self-prevention action of the protective unit 9, corresponding abnormal information is sent to different
Normal administrative unit 14, the probability data of the statistics of the exception management unit 14 triggering protective unit 9.
Preferably, the monitoring unit 8 and protective unit 9 are respectively API HOOK modules and file driving module.API
.DLL files are translated into after HOOK modules reception monitoring strategies to be loaded into object listing 11, the object listing 11 is located at
Operating system layer 4, intercept all calling USB drivings, CD-ROM drive driving and the operation of trawl performance using HOOK in application layer and enter
Journey;And the association requests for being sent to file system are intercepted in file driving module, and carry out intercept process according to prevention policies.
HOOK intercepts all calling USB drivings, CD-ROM drive drives and the method for the operation process of trawl performance is:.DLL files are loaded
Into object listing 11, and the call address in .DLL files replaces with customized function, also i.e. by original system process
Function is replaced by customized function, if occurring to call the situation of USB drivings, CD-ROM drive driving and trawl performance, what it was called
Function is customized function, and to reach the purpose for fundamentally intercepting USB drivings, CD-ROM drive driving and trawl performance are similarly.
Preferably, the file driving unit 12 can monitor artificial modification IP address or DHCP obtains change IP address,
And by the feedback of the information of IP address variation to protective unit 9, the protective unit 9 can intercept corresponding system program operation.
A kind of system for preventing LAN computer illegal external connection, including positioned at server end 1 and client 2, the clothes
Business device end 1 includes:Identity authenticating unit 5, for receiving authentication request;Dispensing unit 6, for according to the authentication
Request comes configuration monitoring strategy and prevention policies, and sends it to client 2;The client 2 includes application layer 3
With operating system layer 4, the application layer 3 includes:Control unit 7, the monitoring of the dispensing unit 6 is come from for receiving
Strategy and prevention policies, and it is sent respectively to monitoring unit 8 and protective unit 9;It is additionally operable to receive and is transmitted to abnormal pipe
Reason unit 14 comes from the protection data of protective unit 9, and receives and forward the probability data of triggering protective unit 9;Monitoring is single
Member 8, for being stored the monitoring strategies received and being transmitted to Surveillance center's unit 10;Surveillance center's unit 10, for by institute
State object function and be loaded onto object listing 11;Object listing 11, for storing the object function list for needing to monitor and protect, and
It is arranged in order according to the probability of triggering protective unit 9;Protective unit 9, for the object element 13 according to intercepting and capturing, with reference to anti-
Shield strategy makes cut-off and terminates the operation of processing, and the protection data of this time are sent into described control unit 7;Exception management list
Member 14, for receiving the protection data and the respectively probability data of statistics triggering protective unit 9.
Preferably, the file driving unit 12, it is additionally operable to monitor artificial modification IP address or DHCP with obtaining change IP
Location, and by the feedback of the information of IP address variation to protective unit 9, the protective unit 9 can intercept corresponding system program fortune
OK.
The present invention can drive layer to read Computer IP information from operating system nucleus, when Computer IP address is by artificially repairing
Change or DHCP is obtained when changing IP address, can directly be defaulted as being that illegal external connection event occurs, direct action disabling computer network
Card, prevents network safety event.
The control of main logical local area network computer external interface of the invention, forbids computer to pass through mobile Internet access card, intelligence
Energy mobile phone etc. accesses internet, prevents computer because illegal access, external connection cause information-leakage.Protected in allocation of computer
Program and monitoring programme;When the computer for having completed to configure attempts a connection to internet by mobile Internet access card or smart mobile phone etc.,
Control program prevents USB Microsoft Loopback Adapters from producing, and prevents illegal external connection behavior from occurring;Guard process detects occurent local
Computer network interface card can be disabled during the violation events such as net network interface card connection internet, and can not enable network interface card, ensures its behavior not shadow
Ring network other users.
It is noted that above-described embodiment is general to the illustrative and not limiting of technical solution of the present invention, art
The equivalent substitution of logical technical staff or the other modifications made according to prior art, as long as not exceeding technical solution of the present invention
Thinking and scope, it should be included within interest field of the presently claimed invention.
Claims (4)
- A kind of 1. method for preventing LAN computer illegal external connection, it is characterised in that:Comprise the following steps:S01:The control unit of application layer sends authentication request to server end;S02:The server end is according to the authentication request by dispensing unit come configuration monitoring strategy and protection plan Slightly, the monitoring strategies and prevention policies are sent to the control unit of the application layer by the server end;S03:The control unit of the application layer by the monitoring strategies and prevention policies be sent respectively to monitoring unit and Protective unit;S04:The monitoring strategies of monitoring unit are loaded into object listing described in Surveillance center's cell call, in the target It is arranged in order in list according to the probability of triggering protective unit;S05:File driving unit travels through according to the object listing and intercepts and captures what object element matched with the object listing Message, the message is calls USB to drive, CD-ROM drive drives and the one or more of trawl performance;S06:The message intercepted and captured is done to the operation of cut-off end processing by the protective unit;S07:After described control unit detects the self-prevention action of the protective unit, corresponding abnormal information is sent to exception Administrative unit, the probability data of the exception management unit statistics triggering protective unit.
- A kind of 2. method for preventing LAN computer illegal external connection according to claim 1, it is characterised in that:The prison It is respectively API HOOK modules and file driving module to control unit and protective unit.
- A kind of 3. method for preventing LAN computer illegal external connection according to claim 1, it is characterised in that:The text Part driver element can monitor artificial modification IP address or DHCP obtains change IP address, and the feedback of the information that IP address is changed To protective unit, the protective unit can intercept corresponding system program operation.
- 4. a kind of system based on the method for preventing LAN computer illegal external connection, it is characterised in that including positioned at server End and client,The server end includes:Identity authenticating unit, for receiving authentication request;Dispensing unit, for, come configuration monitoring strategy and prevention policies, and being sent it to according to the authentication request Client;The client includes application layer and operating system layer, and the application layer includes:Control unit, the monitoring strategies and prevention policies of the dispensing unit are come from for receiving, and are sent respectively to Monitoring unit and protective unit;The protection data that exception management unit comes from protective unit are additionally operable to receive and are transmitted to, and Receive and forward the probability data of triggering protective unit;Monitoring unit, for being stored the monitoring strategies received and being transmitted to Surveillance center's unit;Surveillance center's unit, for the object function to be loaded onto into object listing;Object listing, for store need monitor and protect object listing, and by its according to triggering protective unit probability according to Secondary arrangement;Protective unit, for the object element according to intercepting and capturing, combinative prevention strategy makes the operation that cut-off terminates processing, and should Secondary protection data are sent to described control unit;Exception management unit, for receiving the protection data and the respectively probability data of statistics triggering protective unit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711239286.9A CN107819787B (en) | 2017-11-30 | 2017-11-30 | System and method for preventing illegal external connection of local area network computer |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711239286.9A CN107819787B (en) | 2017-11-30 | 2017-11-30 | System and method for preventing illegal external connection of local area network computer |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107819787A true CN107819787A (en) | 2018-03-20 |
CN107819787B CN107819787B (en) | 2020-10-16 |
Family
ID=61605182
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711239286.9A Active CN107819787B (en) | 2017-11-30 | 2017-11-30 | System and method for preventing illegal external connection of local area network computer |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107819787B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114499924A (en) * | 2021-12-02 | 2022-05-13 | 厦门市美亚柏科信息股份有限公司 | Data leakage prevention method based on network interface controller and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102315992A (en) * | 2011-10-21 | 2012-01-11 | 北京海西赛虎信息安全技术有限公司 | Detection method for illegal external connection |
CN103391216A (en) * | 2013-07-15 | 2013-11-13 | 中国科学院信息工程研究所 | Alarm and blocking method for illegal external connections |
CN105471857A (en) * | 2015-11-19 | 2016-04-06 | 国网天津市电力公司 | Power grid terminal invalid external connection monitoring blocking method |
CN106302501A (en) * | 2016-08-27 | 2017-01-04 | 浙江远望信息股份有限公司 | A kind of method of real-time discovery internetwork communication behavior |
-
2017
- 2017-11-30 CN CN201711239286.9A patent/CN107819787B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102315992A (en) * | 2011-10-21 | 2012-01-11 | 北京海西赛虎信息安全技术有限公司 | Detection method for illegal external connection |
CN103391216A (en) * | 2013-07-15 | 2013-11-13 | 中国科学院信息工程研究所 | Alarm and blocking method for illegal external connections |
CN105471857A (en) * | 2015-11-19 | 2016-04-06 | 国网天津市电力公司 | Power grid terminal invalid external connection monitoring blocking method |
CN106302501A (en) * | 2016-08-27 | 2017-01-04 | 浙江远望信息股份有限公司 | A kind of method of real-time discovery internetwork communication behavior |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114499924A (en) * | 2021-12-02 | 2022-05-13 | 厦门市美亚柏科信息股份有限公司 | Data leakage prevention method based on network interface controller and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107819787B (en) | 2020-10-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Panchal et al. | Security issues in IIoT: A comprehensive survey of attacks on IIoT and its countermeasures | |
Pell et al. | Your secret stingray's no secret anymore: The vanishing government monopoly over cell phone surveillance and its impact on national security and consumer privacy | |
Sun | Critical security issues in cloud computing: a survey | |
CN101355459B (en) | Method for monitoring network based on credible protocol | |
Wang et al. | Attack and defence of ethereum remote apis | |
AL-Hawamleh | Predictions of cybersecurity experts on future cyber-attacks and related cybersecurity measures | |
Srivastava et al. | Smartphone triggered security challenges—Issues, case studies and prevention | |
Singh et al. | Security attacks taxonomy on bring your own devices (BYOD) model | |
Li et al. | Research on security issues of military Internet of Things | |
Agubor et al. | Security challenges to telecommunication networks: An overview of threats and preventive strategies | |
Murthy et al. | Firewalls for security in wireless networks | |
CN113365277A (en) | Wireless network safety protection system | |
Alotaibi et al. | Mobile computing security: issues and requirements | |
Mallik et al. | Understanding Man-in-the-middle-attack through Survey of Literature | |
CN107819787A (en) | One kind prevents LAN computer illegal external connection system and method | |
Zlatanov | Computer security and mobile security challenges | |
Tekade et al. | A Survey on different Attacks on Mobile Devices and its Security | |
Lee et al. | Man-in-the-middle Attacks Detection Scheme on Smartphone using 3G network | |
Ren et al. | Security protection under the environment of WiFi | |
Ojha et al. | An Overview of Protocols-Based Security Threats and Countermeasures in WLAN | |
Choi | IoT (Internet of Things) based Solution Trend Identification and Analysis Research | |
RU2779932C1 (en) | Method for interrupting an incoming call on a mobile device | |
Shree et al. | Security challenges in mobile communication networks | |
Al-Shebami et al. | Wireless LAN Security | |
EP2109284A1 (en) | Protection mechanism against denial-of-service attacks via traffic redirection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |