CN107835177B - Method, system, device and storage medium for virus protection - Google Patents
Method, system, device and storage medium for virus protection Download PDFInfo
- Publication number
- CN107835177B CN107835177B CN201711105434.8A CN201711105434A CN107835177B CN 107835177 B CN107835177 B CN 107835177B CN 201711105434 A CN201711105434 A CN 201711105434A CN 107835177 B CN107835177 B CN 107835177B
- Authority
- CN
- China
- Prior art keywords
- virus protection
- management server
- terminal
- server
- update
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
- H04L41/042—Network management architectures or arrangements comprising distributed management centres cooperatively managing the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
Abstract
The invention provides a method, a system, equipment and a storage medium for virus protection, which comprises the following steps: setting a management server; setting a plurality of distributed servers, wherein the distributed servers acquire the update of virus protection data from a management server; setting a plurality of updating ports; the management server divides the plurality of terminal servers into a plurality of system tree groups of the system tree respectively according to the marks or IP sections of the plurality of terminal servers, and divides the plurality of clients into the plurality of system tree groups of the system tree respectively through the synchronous domain controller; the terminal server and the client in at least one system tree group acquire the update of the virus protection data from the distributed server through the update port to perform virus protection.
Description
Technical Field
The present invention relates to the field of network security, and in particular, to a method, system, device, and storage medium for virus protection in a large network.
Background
Antivirus software is a computer program that detects, guards, and takes action to remove or delete malware programs, such as viruses and worms, from devices within a network.
The number of devices in a large network is usually large, for example, in a large enterprise network, the number of enterprise devices reaches tens of thousands, and in order to ensure the network security of the large network, a virus protection system suitable for the large network requires a management server with high concurrency, high availability, extensibility and high reliability.
However, commercial products or general products in the market at present have poor expansibility and complex daily management, have poor capability of processing high concurrent data of tens of thousands of devices, and cannot perform multi-site management.
Therefore, the present invention provides a method, a system, a device and a storage medium for virus protection to solve the above technical problems.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a virus protection method, a system, equipment and a storage medium, so that the online virus protection with high processing capacity, high concurrency, stability, reliability and lightweight management is realized, meanwhile, the low cost, good system fault tolerance and good expansibility are ensured, and the real-time virus monitoring of a server and a client is realized.
A first aspect of the present invention provides a method for protecting a network accessing a plurality of terminal servers and a plurality of clients, the plurality of clients being divided into a plurality of domains, each domain including at least one domain controller, comprising the steps of: s101, setting a management server; s102, setting a plurality of distributed servers, wherein the distributed servers acquire the update of virus protection data from a management server; s103, setting a plurality of updating ports, and interacting the management server with a terminal server or a client through the updating ports; s104, the management server divides the plurality of terminal servers into a plurality of system tree groups of the system tree respectively according to the marks or IP sections of the plurality of terminal servers, and the management server divides the plurality of clients into the plurality of system tree groups of the system tree respectively by executing synchronous operation in the domain controller; and S105, the terminal server and the client in at least one system tree group acquire the update of the virus protection data from the distributed server through the update port to perform virus protection, and the terminal servers and the clients in the rest system tree groups acquire the update of the virus protection data from the management server through the update port to perform virus protection.
Preferably, step S101 further includes setting a plurality of storage servers, where the storage servers are connected to the management server and are used for storing the virus protection information of the plurality of terminal servers and the plurality of clients collected by the management server.
Preferably, the method further comprises the steps of: s106, managing virus protection information of the terminal server and the client collected by the server; s107, the management server carries out virus protection information statistics and early warning setting through a user-defined query statement; and S108, the management server triggers a terminal server poisoning alarm or a large number of client poisoning alarms by setting an automatic response.
Preferably, the step S104 further includes the step of the management server setting virus protection policies of a plurality of system tree groups according to the system trees, and issuing the virus protection policies to the terminal server and the client through the update port.
Preferably, in step S105, when the terminal server fails to obtain the update of the virus protection data in the preset time period, the terminal server unloads and resets the update port through the distributed configuration management tool.
Preferably, in step S105, when the client cannot obtain the update of the virus protection data in the preset time period, the management server issues a client task, so that the client resets the update port.
The second aspect of the present invention also provides a system for protecting a network accessing a plurality of terminal servers and a plurality of clients, wherein the plurality of clients are divided into a plurality of domains, each domain includes at least one domain controller, and the system includes: the management server divides the plurality of terminal servers into a plurality of system tree groups of the system tree respectively according to the marks or IP sections of the plurality of terminal servers, and divides the plurality of clients into the plurality of system tree groups of the system tree respectively by executing synchronous operation in the domain controller; the distributed servers acquire the update of the virus protection data from the management server; the management server interacts with the terminal server or the client through the update ports; the terminal server and the client in at least one system tree group acquire the update of virus protection data from the distributed server through the update port to perform virus protection; and the terminal servers and the clients in the rest system tree groups acquire the update of the virus protection data from the management server through the update ports so as to perform virus protection.
Preferably, the method further comprises the following steps: and the storage servers are connected with the management server and are used for storing the virus protection information of the plurality of terminal servers and the plurality of clients, which is collected by the management server.
The third aspect of the present invention also provides a network security monitoring apparatus, including: a processor; a memory having stored therein executable instructions of the processor; wherein the processor is configured to perform the steps of the method of virus protection of the first aspect described above via execution of executable instructions.
The fourth aspect of the present invention also provides a computer-readable storage medium for storing a program which, when executed, implements the steps of the method for virus protection of the first aspect.
The management server of the virus protection method, the system, the equipment and the storage medium divides a plurality of terminal servers and clients in a network into different system tree groups, partial system tree groups acquire the update of virus protection data through the distributed server, and the update step of the virus protection data does not interact with the management server, so that high concurrent processing capacity is effectively distributed, the processing speed is improved, high availability is achieved, and multi-site management can be carried out. The distributed servers can be well set according to the increase of network requirements, so that the method has good expandability. The daily management work is uniformly completed by the interaction of the management server and the updating port, so the management is simple and the reliability is high.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, with reference to the accompanying drawings.
FIG. 1 is a flow chart of a method of virus protection according to an embodiment of the present invention;
FIG. 2 is a detailed flowchart of step S104 in FIG. 1;
FIG. 3 is a detailed flowchart of step S105 in FIG. 1;
FIG. 4 is a schematic structural diagram of a virus protection system according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of a virus protection apparatus according to an embodiment of the present invention; and
fig. 6 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar structures, and thus their repetitive description will be omitted.
The current virus protection product has weak concurrent processing capability on a large network, and cannot perform multi-site management. The invention divides a plurality of terminal servers and clients in the network into different system tree groups, part of the system tree groups acquire virus protection data through the distributed servers, and part of the system tree groups acquire the virus protection data through the management server, thereby effectively shunting high concurrent processing capacity, improving processing speed and having high availability, and being capable of performing multi-site management.
Fig. 1 is a flowchart of a method for virus protection according to an embodiment of the present invention. The method for virus protection is particularly suitable for large networks comprising a large number of terminal devices. The method of virus protection of the embodiment described in the first figure is used for protecting a network accessing a plurality of terminal servers and a plurality of clients, the plurality of clients are divided into a plurality of domains, and each domain comprises at least one domain controller. The terminal server and the client are collectively called as terminal equipment in the invention.
As shown in fig. 1, the method for protecting virus of the present invention comprises the following steps:
s101, setting a management server.
The management server is a server for managing network virus protection. The management service has the virus protection strategy of the whole network. The management server periodically updates virus protection data, wherein the virus protection data comprises virus library update data. In one embodiment, the management server has installed therein commercial virus protection management software, such as policyorchstra from Mcafee corporation.
Preferably, in order to further reduce the burden on the management server in this example, a plurality of management servers are provided. The storage server is connected with the management server and is used for storing the virus protection information of the plurality of terminal servers and the plurality of clients, which is collected by the management server.
S102, setting a plurality of distributed servers.
The distributed servers are respectively in data connection with the management server, obtain the update of the virus protection data from the management server, and issue the virus protection data to a plurality of specific terminal servers and the client. The arrangement of a plurality of distributed servers avoids the overhigh load of a single server as a virus protection data updating library, thereby improving the system efficiency. The number of the distributed servers can be set according to the network scale, so that the whole virus protection system has better expansibility.
S103, setting an updating port.
In the invention, the management server interacts with the terminal server or the client through the update port and manages the terminal server and the client. In this embodiment, the update port may be directly set on the terminal server and the client, or may be run on the terminal server and the client in the form of a software module or an application through a virtual machine, a container, a web server, or the like. And the virus protection strategy of the management server is issued to the terminal server and the client through the update port.
It should be noted that the above steps S101 to S103 are not limited to the execution sequence described in this embodiment, and the execution sequence may be changed arbitrarily or executed simultaneously in other embodiments.
And S104, dividing the plurality of terminal servers and the plurality of clients into a system tree by the management server.
Fig. 2 is a detailed flowchart of step S104 in fig. 1. As shown in fig. 2, first, in step S1041, the management server receives the terminal server initial communication and confirms that the communication is normal.
Next, in step S1042, the management server divides the plurality of terminal servers into a plurality of system tree groups of the system tree according to the labels or IP segments of the terminal servers. Specifically, the management server divides all terminals in the network into a system tree for management. After confirming that the communication of the current terminal server is normal in step S1041, automatically dividing the current terminal server into specific system tree groups of the system tree according to the IP address segment or the label of the current terminal server and the preset system tree division rule, and repeating until the division of all terminal servers in the network is completed. The marker may be a zone marker, a server function marker, for example.
In step S1043, the management server also performs system tree division for the client, and since the client has already been divided into a plurality of domains, the system tree division of the client refers to the domain division. The management server divides the plurality of clients into a plurality of system tree groups of the system tree by performing a synchronization operation in the domain controller.
In step S1044, the management server sets the virus protection policies of the plurality of system tree groups according to the system trees, and issues the virus protection policies to the terminal server and the client via the update port.
The management server formulates a virus protection strategy by taking the system tree group as a unit, thereby realizing differentiated virus protection management. Through the automatic system tree division of the terminal server and the client, the labor cost of system maintenance is reduced, and the efficiency is improved.
And S105, updating virus protection data. The virus protection data needs to be updated regularly, the management server firstly updates the virus protection data, and then the distributed server obtains the update of the virus protection data from the management server.
Fig. 3 is a detailed flowchart of step S105 in fig. 1. As shown in fig. 3, in step S1051 and step S1052, the terminal servers and clients in at least one system tree group obtain updates of the virus protection data from the distributed servers through the update ports, and the terminal servers and clients in the remaining system tree groups obtain updates of the virus protection data from the management server through the update ports, so as to perform virus protection. Specifically, the management server formulates a virus protection data updating strategy by taking the system tree group as a unit, and when virus protection data updating is executed, the terminal server and the client in at least one system tree group acquire the updating of virus protection data from the distributed server through the updating port without interacting with the management server, so that the network flow and load of the management server are effectively distributed, and large-concurrency data can be quickly processed.
Furthermore, a plurality of distributed servers are interacted with the terminal server and the client by adopting a load balancing algorithm, so that the resource allocation is further optimized, and the system operation efficiency is improved.
Further, steps S1053 to S1055 are processing methods when there is a problem with acquiring virus protection data. In step S1053, it is determined whether the update of the virus protection data cannot be obtained within the preset time period, that is, whether the terminal device has a problem during the update of the virus protection data is determined by setting the terminal server and monitoring the update of the virus protection data by the client.
If not, the virus protection data is updated normally, and step S1051 is executed periodically and circularly. If yes, the virus protection data updating is indicated to be in problem. When the terminal server cannot acquire the update of the virus protection data in the preset time period, step S1054 is executed, and the terminal server resets the update port through the distributed configuration management tool. The distributed configuration management tool may be, for example, SaltMinion, which is a terminal tool of SaltStack, which is a large distributed configuration management system for installing upgrade uninstall software and detecting environments, and salstack is also a remote command execution system mainly having two functions of remote execution and configuration management.
And the terminal server unloads and resets the update port through the distributed configuration management tool, so that the terminal server communicates with the management server again and executes the step of acquiring the virus protection data again.
When the client cannot acquire the update of the virus protection data in the preset time period, step S1055 is executed, the management server issues a client task, and the client executes the task to reset the update port. And after the update port is reset, the step of acquiring the virus protection data is executed again.
Through the steps S1053 to S1055, the invention effectively prevents the problem that the terminal server or the client cannot effectively protect the virus, thereby ensuring the fault-tolerant rate of the system and improving the virus protection reliability of the terminal equipment.
And S107, the management server performs information statistics and early warning setting.
And the management server collects the virus protection information of the client and the terminal server through the update port. The virus protection information comprises virus killing information, violation operation logs and the like. The management server stores the virus protection information in the storage server. And customizing the query statement in the management server, and performing virus protection information statistics on the virus protection information in the storage server by the management server through the customized query statement so as to further perform early warning setting. And respectively carrying out early warning setting conditions according to the statistical information, wherein the early warning setting conditions comprise early warning conditions for judging the poisoning of the terminal server and early warning conditions for a large number of client sides.
The management server manages the virus protection information in a unified manner, so that the virus protection of the whole network is simply and reliably performed, and the network is intuitive and light.
The virus protection information in the storage server is periodically subjected to redundant deletion, so that reasonable distribution of system resources and operation efficiency are guaranteed.
Furthermore, other systems except the existing virus protection system or own data are stored in the storage server, so that the management server can be combined with the other systems or the other own data to perform data interaction analysis.
And S108, the management server performs terminal server poisoning warning or a large number of client poisoning warning.
An automatic response is set in the management service, and the condition of the automatic response is the warning setting condition in step S107. The management server collects virus protection information of the client and the terminal server, and when the virus protection information meets an early warning setting condition, automatic response is automatically executed, and a terminal server poisoning alarm or a large number of client poisoning alarms are triggered. The way of the alarm may be to send an alarm mail to a specific mailbox.
And the network operation safety is further ensured and the reliability is improved through the poisoning alarm of the terminal server or the poisoning alarm of a large number of clients.
The method for protecting the virus is provided with the management server and the plurality of distributed servers, the management server divides the plurality of terminal servers and the client sides in the network into different system tree groups, partial system tree groups obtain the update of virus protection data through the distributed servers, and the update of the virus protection data does not interact with the management server, so that high concurrent processing amount is effectively distributed, the processing speed is improved, the availability is high, and multi-site management can be carried out.
The distributed servers can be additionally arranged according to network requirements, so that the system has good expandability.
The daily management work is uniformly completed by the interaction of the management server and the updating port, so the management is simple and the reliability is high.
The virus protection data updating monitoring is carried out by setting the terminal server and the client, so that whether the terminal equipment has problems during virus protection data updating is judged, and virus protection data updating obstacles are solved by resetting the updating port, so that the virus protection safety of the terminal equipment is guaranteed.
Fig. 4 is a schematic structural diagram of a virus protection system according to an embodiment of the present invention. As shown in fig. 4, an embodiment of the present invention further provides a virus protection system, which is used for protecting a network accessing to a plurality of terminal servers 201 and a plurality of clients 202, and is used for implementing the above-mentioned virus protection method. The plurality of clients 202 are divided into a plurality of domains, each domain including at least one domain controller. The virus protection system comprises: a management server 101, a plurality of distributed servers 103, and a plurality of update ports.
The management server 101 manages the terminal devices by dividing the system tree. Specifically, the management server 101 divides each of the plurality of terminal servers 201 into a plurality of system tree groups of the system tree according to the flags or IP segments of the plurality of terminal servers 201. The management server 101 divides the plurality of clients 202 into a plurality of system tree groups of the system tree, respectively, by performing a synchronization operation in the domain controller.
Several distributed servers 103 obtain updates of virus protection data from the management server 101.
The management server 101 interacts 202 with the terminal server 201 or the client through the update port. In this embodiment, the update port may be directly provided on the terminal server and the client, or may be run on the terminal server and the client in the form of a software module or an application through a virtual machine, a container, a web server, or the like. And the virus protection strategy of the management server is issued to the terminal server and the client through the update port.
The terminal server 201 and the client 202 in at least one system tree group obtain the update of the virus protection data from the distributed server 103 through the update port to perform virus protection. The terminal server 201 and the client 202 in the remaining system tree group acquire the update of the virus protection data from the management server 101 through the update port to perform virus protection.
Preferably, the virus protection system further comprises a plurality of storage servers 102, and the storage servers 102 are connected to the management server 101 and are used for storing the virus protection information of the plurality of terminal servers 201 and the plurality of clients 202 collected by the management server 101.
Therefore, the virus protection system provided by the invention divides a plurality of terminal servers and clients in the network into different system tree groups through the management server, obtains virus protection data through the distributed servers in part of the system tree groups, and obtains the virus protection data through the management server in part of the system tree groups, thereby effectively shunting high concurrent processing capacity, improving processing speed and having high availability, and being capable of performing multi-site management.
The embodiment of the invention also provides virus protection equipment which comprises a processor. A memory having stored therein executable instructions of the processor. Wherein the processor is configured to perform the steps of the method of virus protection described above via execution of the executable instructions.
As described above, in the embodiment, the multiple terminal servers and the clients in the network are divided into different system tree groups by the virus protection device, a part of the system tree groups acquire virus protection data through the distributed servers, and a part of the system tree groups acquire virus protection data through the virus protection device, so that high concurrent throughput is effectively distributed, the processing speed is increased, high availability is provided, and multi-site management can be performed.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" platform.
Fig. 5 is a schematic structural diagram of a virus protection apparatus according to an embodiment of the present invention. The virus prevention apparatus 600 according to this embodiment of the present invention is described below with reference to fig. 5. The virus protection apparatus 600 shown in fig. 3 is only an example, and should not bring any limitation to the function and the scope of use of the embodiment of the present invention.
As shown in FIG. 5, the virus guard 600 is in the form of a general purpose computing device. The components of the virus protection device 600 may include, but are not limited to: at least one processing unit 610, at least one memory unit 620, a bus 630 connecting the different platform components (including the memory unit 620 and the processing unit 610), a display unit 640, etc.
Wherein the storage unit stores program code executable by the processing unit 610 to cause the processing unit 610 to perform steps according to various exemplary embodiments of the present invention described in the above-mentioned electronic prescription flow processing method section of the present specification. For example, processing unit 610 may perform the steps as shown in fig. 1.
The storage unit 620 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)6201 and/or a cache memory unit 6202, and may further include a read-only memory unit (ROM) 6203.
The memory unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The virus guard 600 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the virus guard 600, and/or with any devices (e.g., router, modem, etc.) that enable the virus guard 600 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 650. Moreover, virus protection device 600 may also communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet) via network adapter 660. The network adapter 660 may communicate with the other modules of the virus protection device 600 via the bus 630. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the virus protection apparatus 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage platforms, to name a few.
The embodiment of the present invention further provides a computer-readable storage medium, which is used for storing a program, and when the program is executed, the steps of the method for protecting a virus in the foregoing embodiments are implemented. In some possible embodiments, the aspects of the present invention may also be implemented in the form of a program product comprising program code for causing a terminal device to perform the steps according to various exemplary embodiments of the present invention described in the above-mentioned electronic prescription flow processing method section of this specification, when the program product is run on the terminal device.
As described above, when the program of the computer-readable storage medium of this embodiment is executed, by dividing a plurality of terminal servers and clients in a network into different system tree groups, a part of the system tree groups acquire virus protection data through a distributed server, and a part of the system tree groups acquire virus protection data through a management server, high concurrent throughput is effectively distributed, processing speed is increased, high availability is provided, and multi-site management is possible.
Fig. 6 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present invention. Referring to fig. 6, a program product 800 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The method, the system, the equipment and the storage medium for virus protection divide a plurality of terminal servers and clients in a network into different system tree groups, obtain the update of virus protection data by a part of the system tree groups through the distributed servers, and do not interact with the management server in the update step of the virus protection data, thereby effectively shunting high concurrent processing capacity, improving processing speed and having high availability, and being capable of performing multi-site management.
The distributed servers can be well set according to the increase of network requirements, so that the method has good expandability.
The daily management work is uniformly completed by the interaction of the management server and the updating port, so that the management is simple, the reliability is high, and the stable, reliable and lightweight management on-line virus protection is realized.
The virus protection data updating monitoring is carried out by setting the terminal server and the client, so that whether the terminal equipment has problems during virus protection data updating is judged, and virus protection data updating obstacles are solved by resetting the updating port, so that the virus protection safety of the terminal equipment is guaranteed.
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.
Claims (10)
1. A method of virus protection for protecting a network having access to a plurality of terminal servers and a plurality of clients, the plurality of clients being divided into a plurality of domains, each domain including at least one domain controller, comprising the steps of:
s101, setting a management server;
s102, setting a plurality of distributed servers, wherein the distributed servers acquire the update of virus protection data from the management server;
s103, setting a plurality of updating ports, wherein the management server interacts with the terminal server or the client through the updating ports;
s104, the management server divides the terminal servers into a plurality of system tree groups of a system tree respectively according to marks or IP sections of the terminal servers, and the management server divides the client terminals into the system tree groups of the system tree respectively by executing synchronous operation in a domain controller; and
s105, the terminal server and the client in at least one system tree group acquire the update of the virus protection data from the distributed server through the update port to perform virus protection, and the terminal servers and the clients in the rest system tree groups acquire the update of the virus protection data from the management server through the update port to perform virus protection.
2. The method of viral protection according to claim 1,
step S101 further includes setting a plurality of storage servers, where the storage servers are connected to the management server and are used to store the virus protection information of the plurality of terminal servers and the plurality of clients collected by the management server.
3. The method of viral protection according to claim 1, further comprising the steps of:
s106, the virus protection information of the terminal server and the client side, which is collected by the management server;
s107, the management server carries out virus protection information statistics and early warning setting through a user-defined query statement;
and S108, the management server triggers a terminal server poisoning alarm or a large number of client poisoning alarms by setting an automatic response.
4. The method of viral protection according to claim 1,
the step S104 further includes that the management server sets virus protection policies of a plurality of system tree groups according to the system trees, and issues the virus protection policies to the terminal server and the client through the update port.
5. The method of viral protection according to claim 4,
in step S105, when the terminal server cannot obtain the update of the virus protection data in the preset time period, the terminal server unloads and resets the update port through a distributed configuration management tool.
6. The method of viral protection according to claim 5,
in step S105, when the client cannot obtain the update of the virus protection data in the preset time period, the management server issues a client task, so that the client resets the update port.
7. A virus protection system for implementing the virus protection method of any one of claims 1 to 6, wherein the protection system has access to a network of a plurality of terminal servers and a plurality of clients, the plurality of clients are divided into a plurality of domains, and each domain includes at least one domain controller, and the virus protection system comprises:
a management server, said management server dividing said plurality of terminal servers into a plurality of system tree groups of a system tree respectively according to the labels or IP segments of said plurality of terminal servers, said management server dividing said plurality of clients into a plurality of system tree groups of said system tree respectively by performing a synchronization operation in a domain controller;
a plurality of distributed servers that obtain updates of virus protection data from the management server;
a plurality of update ports through which the management server interacts with the terminal server or the client;
the terminal server and the client in at least one system tree group acquire the update of virus protection data from the distributed server through an update port to perform virus protection;
and the terminal servers and the clients in the rest system tree groups acquire the update of virus protection data from the management server through update ports so as to perform virus protection.
8. The system for viral protection according to claim 7, further comprising:
and the storage servers are connected with the management server and are used for storing the virus protection information of the terminal servers and the clients, which is collected by the management server.
9. A virus-protected apparatus, comprising:
a processor;
a memory having stored therein executable instructions of the processor;
wherein the processor is configured to perform the steps of the method of virus protection of any one of claims 1 to 6 via execution of the executable instructions.
10. A computer-readable storage medium storing a program which, when executed, performs the steps of the method of virus protection of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711105434.8A CN107835177B (en) | 2017-11-10 | 2017-11-10 | Method, system, device and storage medium for virus protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711105434.8A CN107835177B (en) | 2017-11-10 | 2017-11-10 | Method, system, device and storage medium for virus protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107835177A CN107835177A (en) | 2018-03-23 |
| CN107835177B true CN107835177B (en) | 2020-04-21 |
Family
ID=61655089
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711105434.8A Active CN107835177B (en) | 2017-11-10 | 2017-11-10 | Method, system, device and storage medium for virus protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107835177B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112307476A (en) * | 2020-11-05 | 2021-02-02 | 陕西弈聪软件信息技术股份有限公司 | Computer security system based on big data and device thereof |
| CN114500020B (en) * | 2022-01-18 | 2024-01-16 | 成都网域探行科技有限公司 | Network security management method based on big data |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003063431A2 (en) * | 2002-01-25 | 2003-07-31 | F-Secure Oyj | Anti-virus protection at a network gateway |
| CN101184088A (en) * | 2007-12-14 | 2008-05-21 | 浙江工业大学 | Multi-point interlinked LAN firewall cooperating method |
| CN101719842A (en) * | 2009-11-20 | 2010-06-02 | 中国科学院软件研究所 | Cloud computing environment-based distributed network security pre-warning method |
| CN101938460A (en) * | 2010-06-22 | 2011-01-05 | 北京豪讯美通科技有限公司 | Coordinated defense method of full process and full network safety coordinated defense system |
| US8255926B2 (en) * | 2007-11-06 | 2012-08-28 | International Business Machines Corporation | Virus notification based on social groups |
| CN104184725A (en) * | 2014-07-25 | 2014-12-03 | 汉柏科技有限公司 | Engine detection data updating method and device of intrusion prevention system |
-
2017
- 2017-11-10 CN CN201711105434.8A patent/CN107835177B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003063431A2 (en) * | 2002-01-25 | 2003-07-31 | F-Secure Oyj | Anti-virus protection at a network gateway |
| US8255926B2 (en) * | 2007-11-06 | 2012-08-28 | International Business Machines Corporation | Virus notification based on social groups |
| CN101184088A (en) * | 2007-12-14 | 2008-05-21 | 浙江工业大学 | Multi-point interlinked LAN firewall cooperating method |
| CN101719842A (en) * | 2009-11-20 | 2010-06-02 | 中国科学院软件研究所 | Cloud computing environment-based distributed network security pre-warning method |
| CN101938460A (en) * | 2010-06-22 | 2011-01-05 | 北京豪讯美通科技有限公司 | Coordinated defense method of full process and full network safety coordinated defense system |
| CN104184725A (en) * | 2014-07-25 | 2014-12-03 | 汉柏科技有限公司 | Engine detection data updating method and device of intrusion prevention system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107835177A (en) | 2018-03-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11108859B2 (en) | Intelligent backup and recovery of cloud computing environment | |
| US11190544B2 (en) | Updating security controls or policies based on analysis of collected or created metadata | |
| US9652271B2 (en) | Autonomously managed virtual machine anti-affinity rules in cloud computing environments | |
| JP6025753B2 (en) | Computer-implemented method, computer-readable storage medium, and system for monitoring performance metrics | |
| JP5088517B2 (en) | Quarantine device, quarantine system, quarantine method, and program | |
| EP2055049B1 (en) | A push update system | |
| WO2016160523A1 (en) | Conditional declarative policies | |
| US10860714B2 (en) | Technologies for cache side channel attack detection and mitigation | |
| US9086942B2 (en) | Software discovery by an installer controller | |
| CN111108733B (en) | System, method and computer program for providing security in Network Function Virtualization (NFV) -based communication networks and Software Defined Networks (SDNS) | |
| US20220222345A1 (en) | Automatic ransomware detection with an on-demand file system lock down and automatic repair function | |
| CN111538558A (en) | System and method for automatically selecting secure virtual machines | |
| CN108551449B (en) | Anti-virus management system and method | |
| US11693963B2 (en) | Automatic ransomware detection with an on-demand file system lock down and automatic repair function | |
| CN107835177B (en) | Method, system, device and storage medium for virus protection | |
| US20200351293A1 (en) | Out-of-band management security analysis and monitoring | |
| CN112306802A (en) | Data acquisition method, device, medium and electronic equipment of system | |
| US20130340074A1 (en) | Managing software patch installations | |
| EP3591530B1 (en) | Intelligent backup and recovery of cloud computing environment | |
| JP2013222313A (en) | Failure contact efficiency system | |
| CN107682166B (en) | Implementation method for remote data acquisition of safety operation and maintenance service platform based on big data | |
| US8380729B2 (en) | Systems and methods for first data capture through generic message monitoring | |
| US9110865B2 (en) | Virtual machine dynamic routing | |
| US8677184B2 (en) | System, method, and computer program product for gathering device information to enable identification of potential risks in a network environment | |
| CN115292004A (en) | Fault emergency method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |