CN107819787A - One kind prevents LAN computer illegal external connection system and method - Google Patents

One kind prevents LAN computer illegal external connection system and method Download PDF

Info

Publication number
CN107819787A
CN107819787A CN201711239286.9A CN201711239286A CN107819787A CN 107819787 A CN107819787 A CN 107819787A CN 201711239286 A CN201711239286 A CN 201711239286A CN 107819787 A CN107819787 A CN 107819787A
Authority
CN
China
Prior art keywords
unit
monitoring
protective
protective unit
control unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711239286.9A
Other languages
Chinese (zh)
Other versions
CN107819787B (en
Inventor
石军
吴建辉
刘伟
匡琮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shangqiu Power Supply Co of State Grid Henan Electric Power Co Ltd
Original Assignee
Shangqiu Power Supply Co of State Grid Henan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shangqiu Power Supply Co of State Grid Henan Electric Power Co Ltd filed Critical Shangqiu Power Supply Co of State Grid Henan Electric Power Co Ltd
Priority to CN201711239286.9A priority Critical patent/CN107819787B/en
Publication of CN107819787A publication Critical patent/CN107819787A/en
Application granted granted Critical
Publication of CN107819787B publication Critical patent/CN107819787B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention relates to computer security technique field, and in particular to a kind of method for preventing LAN computer illegal external connection, this method are:Control unit sends authentication request to server end;Server end, come configuration monitoring strategy and prevention policies, and sends it to the control unit of application layer according to authentication request;Monitoring strategies and prevention policies are sent respectively to monitoring unit and protective unit by the control unit of application layer;The monitoring strategies of Surveillance center's cell call monitoring unit are loaded into object listing, are arranged in order in object listing according to the probability of triggering protective unit;File driving unit travels through and intercepted and captured the message that object element matches with object listing according to object listing;The message intercepted and captured is done to the operation of cut-off end processing by protective unit.The present invention using protective unit intercepting system process and is performed corresponding prevention policies, is reached the purpose for preventing LAN computer illegal external connection using monitoring and prevention policies.

Description

One kind prevents LAN computer illegal external connection system and method
Technical field
The present invention relates to computer security technique field, and in particular to it is a kind of prevent LAN computer illegal external connection be System and its method.
Background technology
Currently, some internal networks with higher-security, such as the network of government department, military service, are usually used And external network, such as Internet, implement physically-isolated method to ensure the security of its network.Physical isolation ensure that Any possible physical link is not present between external network and internal network, has cut off the passage of information leakage.It is but true proper Just conversely, because management system unsound or lacking effective terminal monitoring technology, individual user utilizes electricity in internal network Words dialing, the internet access facility of plug and play, outer even internet carry out private operation, and physical isolation environment is destroyed.Separately Outside, the mixed situation of terminal intranet and extranet is more universal, causes internal network convert channel occur, will after being utilized by hacker or virus Cause to divulge a secret or influence information system performance.These behaviors are referred to as illegal external connection.
In physically-isolated inner-mesh network is implemented, element of the host terminal as information system possesses point Cloth is wide, the characteristic such as enormous amount, due to the randomness of host terminal operation, it is difficult to management and control is carried out using technical measures, therefore it is main Machine terminal is as one of stolen source of malicious attack, viral transmission, information.
Illegal external connection makes script closed system environment and external network convert channel occur, internal network will face virus, A variety of security threats such as wooden horse, unauthorized access, data eavesdropping, Brute Force, cause network structure, server disposition, safety The information such as safeguard procedures are compromised, or even destroyed across security domain, across a network.
In summary, most rapid, most tight defence capability need to be formed from Gen Ben by reducing illegal external connection risk.One Aspect needs to improve security protection consciousness, and most important aspect, which needs remain for one kind, effectively prevents that LAN computer is illegally outer The method of connection.
The content of the invention
The invention provides a kind of system and method for preventing LAN computer illegal external connection, using monitoring and protection Strategy, using protective unit intercepting system process, and corresponding prevention policies are performed, reaching prevents that LAN computer is illegally outer The purpose of connection.
In order to reach above-mentioned technical purpose, the technical solution adopted in the present invention is as follows:
A kind of method for preventing LAN computer illegal external connection, it is characterised in that:Comprise the following steps:
S01:The control unit of application layer sends authentication request to server end;
S02:The server end is according to the authentication request by dispensing unit come configuration monitoring strategy and protection plan Slightly, the monitoring strategies and prevention policies are sent to the control unit of the application layer by the server end;
S03:The control unit of the application layer by the monitoring strategies and prevention policies be sent respectively to monitoring unit and Protective unit;
S04:The monitoring strategies of monitoring unit are loaded into object listing described in Surveillance center's cell call, the target column It is arranged in order in table according to the probability of triggering protective unit;
S05:File driving unit travels through according to the object listing and intercepts and captures what object element matched with the object listing Message, the message is calls USB to drive, CD-ROM drive drives and the one or more of trawl performance;
S06:The message intercepted and captured is done to the operation of cut-off end processing by the protective unit;
S07:After described control unit detects the self-prevention action of the protective unit, corresponding abnormal information is sent to exception Administrative unit, the probability data of the exception management unit statistics triggering protective unit.
Further, the monitoring unit and protective unit are respectively API HOOK modules and file driving module.
Further, the file driving unit can monitor artificial modification IP address or DHCP obtains change IP address, and By the feedback of the information of IP address variation to protective unit, the protective unit can intercept corresponding system program operation.
A kind of system for preventing LAN computer illegal external connection, it is characterised in that including positioned at server end and client End,
The server end includes:
Identity authenticating unit, for receiving authentication request;
Dispensing unit, for, come configuration monitoring strategy and prevention policies, and being sent it to according to the authentication request Client;
The client includes application layer and operating system layer, and the application layer includes:
Control unit, the monitoring strategies and prevention policies of the dispensing unit are come from for receiving, and are sent respectively to Monitoring unit and protective unit;The protection data that exception management unit comes from protective unit are additionally operable to receive and are transmitted to, and Receive and forward the probability data of triggering protective unit;
Monitoring unit, for being stored the monitoring strategies received and being transmitted to Surveillance center's unit;
Surveillance center's unit, for the object function to be loaded onto into object listing;
Object listing, for store need monitor and protect object listing, and by its according to triggering protective unit probability according to Secondary arrangement;
Protective unit, for the object element according to intercepting and capturing, combinative prevention strategy makes the operation that cut-off terminates processing, and should Secondary protection data are sent to described control unit;
Exception management unit, for receiving the protection data and the respectively probability data of statistics triggering protective unit.
Had the beneficial effect that caused by the present invention:
1st, the present invention uses the API HOOK technologies and file driving technology of the Windows bottoms, can be in operating system nucleus Layer real-time blocking USB device access action is driven, so as to not influenceed completely by registration table, USB drivings or group policy, is shut out The behavior of online is connected by U mouths absolutely.
2nd, invention increases the control to carry-on wifi and hot spot networks, and it is carry-on to what is increased newly on the market to follow up in real time Wifi or similar means function of shielding, the online net behavior of local is managed, protect computer security and information security secret.
3rd, meeting of the invention reads Computer IP information from operating system nucleus driving layer, when Computer IP address passes through people When obtaining change IP address for modification or DHCP, it can directly be defaulted as being that illegal external connection event occurs, direct action disabling calculates Machine network interface card, prevents network safety event.
4th, object listing of the present invention can be arranged successively according to the probability for the protective unit that the client is triggered Row object listing, when large-scale attack occurs, it is not necessary to be repeated and search matched object listing, can be fast Speed makes prevention policies.
Brief description of the drawings
Fig. 1 is the flow chart of the present invention;
Fig. 2 is the structured flowchart of the present invention.
In figure:1- server ends, 2- clients, 3- application layers, 4- operating system layers, 5- identity authenticating units, 6- Dispensing unit, 7- control units, 8- monitoring units, 9- protective units, 10- Surveillance center unit, 11- object listings, 12- files Driver element, 13- object elements, 14- exception management units.
Embodiment
Come the further details of explanation present invention, but protection scope of the present invention with specific embodiment below in conjunction with the accompanying drawings It is not limited to this.
At present, control of the conventional security protection means to USB storage device or mobile device, it is usually based on modification note Volume table or USB drive or hidden the mode of drive, and come what is realized, this mode is surfed the Net for connections such as control mobile phone, tablet personal computers Usually helpless, although because these equipment are transmitted using USB interface, communications protocol is then entirely different, in addition The assistance of third party software so that be difficult to successfully manage such deposit by way of registration table, modification USB drivings or hiding drive Equipment is stored up, while is also easy to slightly be understood the logical reversely edit the registry of technology people by some, repairs USB drivings or by modification group Strategy and show hiding equipment again and easily bypass.Therefore, the method that current domestic similar limitation U mouths use usually faces Functionally with it is for security deficiency and leak, the safety for the computer USB interface that can not adequately protect.And the present invention uses The HOOK technologies and file driving technology of the Windows bottoms, layer real-time blocking USB device can be driven in operating system nucleus Access acts, and so as to not influenceed completely by registration table, USB drivings or group policy, prevents the row by the connection online of U mouths For.
As depicted in figs. 1 and 2, a kind of method for preventing LAN computer illegal external connection, comprises the following steps:
S01:The control unit 7 of application layer 3 sends authentication request to the identity authenticating unit 5 of server end 1;
S02:According to the authentication request by dispensing unit 6 come configuration monitoring strategy and prevention policies, the service The monitoring strategies and prevention policies are sent to the control unit 7 of the application layer 3 by device end 1;
S03:The monitoring strategies and prevention policies are sent respectively to monitoring unit 8 by the control unit 7 of the application layer 3 With protective unit 9;
S04:Surveillance center's unit 10 calls the monitoring strategies of the monitoring unit 8 to be loaded into object listing 11, in institute State in object listing 11 and be arranged in order according to the probability of triggering protective unit 9;
S05:File driving unit 12 travels through according to the object listing 11 and intercepts and captures object element 13 and the object listing 11 The message to match, the message is calls USB to drive, CD-ROM drive drives and the one or more of trawl performance;
S06:The message intercepted and captured is done to the operation of cut-off end processing by the protective unit 9;
S07:After described control unit 7 detects the self-prevention action of the protective unit 9, corresponding abnormal information is sent to different Normal administrative unit 14, the probability data of the statistics of the exception management unit 14 triggering protective unit 9.
Preferably, the monitoring unit 8 and protective unit 9 are respectively API HOOK modules and file driving module.API .DLL files are translated into after HOOK modules reception monitoring strategies to be loaded into object listing 11, the object listing 11 is located at Operating system layer 4, intercept all calling USB drivings, CD-ROM drive driving and the operation of trawl performance using HOOK in application layer and enter Journey;And the association requests for being sent to file system are intercepted in file driving module, and carry out intercept process according to prevention policies. HOOK intercepts all calling USB drivings, CD-ROM drive drives and the method for the operation process of trawl performance is:.DLL files are loaded Into object listing 11, and the call address in .DLL files replaces with customized function, also i.e. by original system process Function is replaced by customized function, if occurring to call the situation of USB drivings, CD-ROM drive driving and trawl performance, what it was called Function is customized function, and to reach the purpose for fundamentally intercepting USB drivings, CD-ROM drive driving and trawl performance are similarly.
Preferably, the file driving unit 12 can monitor artificial modification IP address or DHCP obtains change IP address, And by the feedback of the information of IP address variation to protective unit 9, the protective unit 9 can intercept corresponding system program operation.
A kind of system for preventing LAN computer illegal external connection, including positioned at server end 1 and client 2, the clothes Business device end 1 includes:Identity authenticating unit 5, for receiving authentication request;Dispensing unit 6, for according to the authentication Request comes configuration monitoring strategy and prevention policies, and sends it to client 2;The client 2 includes application layer 3 With operating system layer 4, the application layer 3 includes:Control unit 7, the monitoring of the dispensing unit 6 is come from for receiving Strategy and prevention policies, and it is sent respectively to monitoring unit 8 and protective unit 9;It is additionally operable to receive and is transmitted to abnormal pipe Reason unit 14 comes from the protection data of protective unit 9, and receives and forward the probability data of triggering protective unit 9;Monitoring is single Member 8, for being stored the monitoring strategies received and being transmitted to Surveillance center's unit 10;Surveillance center's unit 10, for by institute State object function and be loaded onto object listing 11;Object listing 11, for storing the object function list for needing to monitor and protect, and It is arranged in order according to the probability of triggering protective unit 9;Protective unit 9, for the object element 13 according to intercepting and capturing, with reference to anti- Shield strategy makes cut-off and terminates the operation of processing, and the protection data of this time are sent into described control unit 7;Exception management list Member 14, for receiving the protection data and the respectively probability data of statistics triggering protective unit 9.
Preferably, the file driving unit 12, it is additionally operable to monitor artificial modification IP address or DHCP with obtaining change IP Location, and by the feedback of the information of IP address variation to protective unit 9, the protective unit 9 can intercept corresponding system program fortune OK.
The present invention can drive layer to read Computer IP information from operating system nucleus, when Computer IP address is by artificially repairing Change or DHCP is obtained when changing IP address, can directly be defaulted as being that illegal external connection event occurs, direct action disabling computer network Card, prevents network safety event.
The control of main logical local area network computer external interface of the invention, forbids computer to pass through mobile Internet access card, intelligence Energy mobile phone etc. accesses internet, prevents computer because illegal access, external connection cause information-leakage.Protected in allocation of computer Program and monitoring programme;When the computer for having completed to configure attempts a connection to internet by mobile Internet access card or smart mobile phone etc., Control program prevents USB Microsoft Loopback Adapters from producing, and prevents illegal external connection behavior from occurring;Guard process detects occurent local Computer network interface card can be disabled during the violation events such as net network interface card connection internet, and can not enable network interface card, ensures its behavior not shadow Ring network other users.
It is noted that above-described embodiment is general to the illustrative and not limiting of technical solution of the present invention, art The equivalent substitution of logical technical staff or the other modifications made according to prior art, as long as not exceeding technical solution of the present invention Thinking and scope, it should be included within interest field of the presently claimed invention.

Claims (4)

  1. A kind of 1. method for preventing LAN computer illegal external connection, it is characterised in that:Comprise the following steps:
    S01:The control unit of application layer sends authentication request to server end;
    S02:The server end is according to the authentication request by dispensing unit come configuration monitoring strategy and protection plan Slightly, the monitoring strategies and prevention policies are sent to the control unit of the application layer by the server end;
    S03:The control unit of the application layer by the monitoring strategies and prevention policies be sent respectively to monitoring unit and Protective unit;
    S04:The monitoring strategies of monitoring unit are loaded into object listing described in Surveillance center's cell call, in the target It is arranged in order in list according to the probability of triggering protective unit;
    S05:File driving unit travels through according to the object listing and intercepts and captures what object element matched with the object listing Message, the message is calls USB to drive, CD-ROM drive drives and the one or more of trawl performance;
    S06:The message intercepted and captured is done to the operation of cut-off end processing by the protective unit;
    S07:After described control unit detects the self-prevention action of the protective unit, corresponding abnormal information is sent to exception Administrative unit, the probability data of the exception management unit statistics triggering protective unit.
  2. A kind of 2. method for preventing LAN computer illegal external connection according to claim 1, it is characterised in that:The prison It is respectively API HOOK modules and file driving module to control unit and protective unit.
  3. A kind of 3. method for preventing LAN computer illegal external connection according to claim 1, it is characterised in that:The text Part driver element can monitor artificial modification IP address or DHCP obtains change IP address, and the feedback of the information that IP address is changed To protective unit, the protective unit can intercept corresponding system program operation.
  4. 4. a kind of system based on the method for preventing LAN computer illegal external connection, it is characterised in that including positioned at server End and client,
    The server end includes:
    Identity authenticating unit, for receiving authentication request;
    Dispensing unit, for, come configuration monitoring strategy and prevention policies, and being sent it to according to the authentication request Client;
    The client includes application layer and operating system layer, and the application layer includes:
    Control unit, the monitoring strategies and prevention policies of the dispensing unit are come from for receiving, and are sent respectively to Monitoring unit and protective unit;The protection data that exception management unit comes from protective unit are additionally operable to receive and are transmitted to, and Receive and forward the probability data of triggering protective unit;
    Monitoring unit, for being stored the monitoring strategies received and being transmitted to Surveillance center's unit;
    Surveillance center's unit, for the object function to be loaded onto into object listing;
    Object listing, for store need monitor and protect object listing, and by its according to triggering protective unit probability according to Secondary arrangement;
    Protective unit, for the object element according to intercepting and capturing, combinative prevention strategy makes the operation that cut-off terminates processing, and should Secondary protection data are sent to described control unit;
    Exception management unit, for receiving the protection data and the respectively probability data of statistics triggering protective unit.
CN201711239286.9A 2017-11-30 2017-11-30 System and method for preventing illegal external connection of local area network computer Active CN107819787B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711239286.9A CN107819787B (en) 2017-11-30 2017-11-30 System and method for preventing illegal external connection of local area network computer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711239286.9A CN107819787B (en) 2017-11-30 2017-11-30 System and method for preventing illegal external connection of local area network computer

Publications (2)

Publication Number Publication Date
CN107819787A true CN107819787A (en) 2018-03-20
CN107819787B CN107819787B (en) 2020-10-16

Family

ID=61605182

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711239286.9A Active CN107819787B (en) 2017-11-30 2017-11-30 System and method for preventing illegal external connection of local area network computer

Country Status (1)

Country Link
CN (1) CN107819787B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114499924A (en) * 2021-12-02 2022-05-13 厦门市美亚柏科信息股份有限公司 Data leakage prevention method based on network interface controller and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102315992A (en) * 2011-10-21 2012-01-11 北京海西赛虎信息安全技术有限公司 Detection method for illegal external connection
CN103391216A (en) * 2013-07-15 2013-11-13 中国科学院信息工程研究所 Alarm and blocking method for illegal external connections
CN105471857A (en) * 2015-11-19 2016-04-06 国网天津市电力公司 Power grid terminal invalid external connection monitoring blocking method
CN106302501A (en) * 2016-08-27 2017-01-04 浙江远望信息股份有限公司 A kind of method of real-time discovery internetwork communication behavior

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102315992A (en) * 2011-10-21 2012-01-11 北京海西赛虎信息安全技术有限公司 Detection method for illegal external connection
CN103391216A (en) * 2013-07-15 2013-11-13 中国科学院信息工程研究所 Alarm and blocking method for illegal external connections
CN105471857A (en) * 2015-11-19 2016-04-06 国网天津市电力公司 Power grid terminal invalid external connection monitoring blocking method
CN106302501A (en) * 2016-08-27 2017-01-04 浙江远望信息股份有限公司 A kind of method of real-time discovery internetwork communication behavior

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114499924A (en) * 2021-12-02 2022-05-13 厦门市美亚柏科信息股份有限公司 Data leakage prevention method based on network interface controller and storage medium

Also Published As

Publication number Publication date
CN107819787B (en) 2020-10-16

Similar Documents

Publication Publication Date Title
Panchal et al. Security issues in IIoT: A comprehensive survey of attacks on IIoT and its countermeasures
Pell et al. Your secret stingray's no secret anymore: The vanishing government monopoly over cell phone surveillance and its impact on national security and consumer privacy
Sun Critical security issues in cloud computing: a survey
CN101355459B (en) Method for monitoring network based on credible protocol
Wang et al. Attack and defence of ethereum remote apis
AL-Hawamleh Predictions of cybersecurity experts on future cyber-attacks and related cybersecurity measures
Srivastava et al. Smartphone triggered security challenges—Issues, case studies and prevention
Singh et al. Security attacks taxonomy on bring your own devices (BYOD) model
Li et al. Research on security issues of military Internet of Things
Agubor et al. Security challenges to telecommunication networks: An overview of threats and preventive strategies
Murthy et al. Firewalls for security in wireless networks
CN113365277A (en) Wireless network safety protection system
Alotaibi et al. Mobile computing security: issues and requirements
Mallik et al. Understanding Man-in-the-middle-attack through Survey of Literature
CN107819787A (en) One kind prevents LAN computer illegal external connection system and method
Zlatanov Computer security and mobile security challenges
Tekade et al. A Survey on different Attacks on Mobile Devices and its Security
Lee et al. Man-in-the-middle Attacks Detection Scheme on Smartphone using 3G network
Ren et al. Security protection under the environment of WiFi
Ojha et al. An Overview of Protocols-Based Security Threats and Countermeasures in WLAN
Choi IoT (Internet of Things) based Solution Trend Identification and Analysis Research
RU2779932C1 (en) Method for interrupting an incoming call on a mobile device
Shree et al. Security challenges in mobile communication networks
Al-Shebami et al. Wireless LAN Security
EP2109284A1 (en) Protection mechanism against denial-of-service attacks via traffic redirection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant