CN107846418A - Fire wall Initiative Defence System and means of defence - Google Patents

Fire wall Initiative Defence System and means of defence Download PDF

Info

Publication number
CN107846418A
CN107846418A CN201711339742.7A CN201711339742A CN107846418A CN 107846418 A CN107846418 A CN 107846418A CN 201711339742 A CN201711339742 A CN 201711339742A CN 107846418 A CN107846418 A CN 107846418A
Authority
CN
China
Prior art keywords
file
protected host
backup
warning information
threshold
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711339742.7A
Other languages
Chinese (zh)
Inventor
黄承慧
廖锦辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Skynet Security Mdt Infotech Ltd
Original Assignee
Guangdong Skynet Security Mdt Infotech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Skynet Security Mdt Infotech Ltd filed Critical Guangdong Skynet Security Mdt Infotech Ltd
Priority to CN201711339742.7A priority Critical patent/CN107846418A/en
Publication of CN107846418A publication Critical patent/CN107846418A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention relates to a kind of fire wall Initiative Defence System and means of defence, wherein, active protection method, including:Obtain outside access flow and whether form network attack according to outside access flow described in predetermined security policy analysis;When it is determined that the flowing of access forms network attack, risk assessment is carried out to the outside access flow and generates risk index, when risk index reaches predetermined threshold, warning information is sent to the control system of protected host;And the control system of protected host is according to the warning information, by the file backup stored in the hard disk of protected host into accumulator backup system.The control system of protected host is when receiving warning information, by the file backup stored in the hard disk of protected host into accumulator backup system, is distorted or is destroyed by network attack so as to reduce file, reduce the risk of loss of data.

Description

Fire wall Initiative Defence System and means of defence
Technical field
The present invention relates to firewall technology field, more specifically, it relates to a kind of fire wall Initiative Defence System and anti- Maintaining method.
Background technology
With the development and popularization of computer network, the illegal network attack such as various hackers, worm is becoming increasingly rampant on network, In order to protect computer network and system, fire wall arises at the historic moment.Fire wall is also known as Firewall, is that an assistance ensures information The equipment of safety, the equipment can be according to specific rule, it is allowed to or the data of limitation transmission pass through.Specifically, fire wall compared with Early is achieved in that the mode based on packet filtering, that is, simple comparison IP address and port, adds on this basis later The function of state-detection is entered, this becomes the groundwork mode of current fire wall.Fire wall can be one exclusive hard Part can also be a set of software being erected in typical hardware.
Although existing fire wall has stronger network attack protective capacities, increasingly increase with the species of internet worm More, harm is also increasing, once invasion computer can damage to the file in computer, and most people is when using computer Data backup will not be timely carried out, causes the loss of file.
The content of the invention
In view of the deficienciess of the prior art, first purpose of the embodiment of the present invention is to provide a kind of fire wall actively Means of defence, there is the advantages of reducing loss of data risk.
The above-mentioned technical purpose of the embodiment of the present invention technical scheme is that:A kind of fire wall is actively Means of defence, including:
Obtain outside access flow and attacked according to whether outside access flow described in predetermined security policy analysis forms network Hit;
When it is determined that the flowing of access forms network attack, risk assessment is carried out to the outside access flow and generates risk Index, when risk index reaches predetermined threshold, warning information is sent to the control system of protected host;And
The control system of protected host is according to the warning information, by the file backup stored in the hard disk of protected host extremely In accumulator backup system.
By using above-mentioned technical proposal, the security of outside flowing of access is commented according to predetermined security strategy Estimate, when it is determined that the outside access flow is network attack, risk assessment carried out to the network attack also according to security strategy, Risk index is generated according to the result of assessment, risk is bigger, and risk index is higher, when risk index is higher than predetermined threshold, i.e., Represent that the network attack has certain risk, now send warning information to the control system of protected host, protected The control system of main frame is when receiving warning information, by the file backup stored in the hard disk of protected host to slack storage In system, distorted or destroyed by network attack so as to reduce file, reduce the risk of loss of data.
Further, the predetermined threshold is grouped including multiple threshold values, and risk assessment is carried out to the outside access flow And risk index is generated, when risk index reaches predetermined threshold, warning information bag is sent to the control system of protected host Include:
Entered according to the access frequency of the outside access flow, the IP address accessed and/or port according to predetermined security strategy Row risk assessment is to generate the risk index;
The warning information is generated according to the threshold value packet where the risk index and sent to the control system of protected host System, the warning information correspond with threshold value packet.
By using above-mentioned technical proposal, if outside access flow occurs accessing protected host with higher frequency, Situations such as either same IP address or port are carried out continuous access or conducted interviews to all IP address or port, then say The bright outside access flow probably forms network attack, and risk index is generated after accordingly carrying out risk assessment, When risk index is in different threshold value packets, because risk class corresponding to different threshold value packets is different, what is generated is pre- The warning grade of alert information is also different, can be carried out according to the control system of the warning information protected host various tactful standby Part.
Further, the control system of protected host will deposit according to the warning information in the hard disk of protected host The file backup of storage to accumulator backup system includes:
The position stored according to file determines the priority of each file, and the priority represents the order of file backup;
According to the warning message according to priority orders successively by the file whole stored in the hard disk of protected host or portion Divide and back up in accumulator backup system.
By using above-mentioned technical proposal, can be classified the documents storage usually using person, the files of different storage locations its Importance is different, determines the priority of file according to the storage location of file, i.e., file configuration bigger to importance it is excellent First level is higher, when a backup is made, is backed up successively according to priority orders, so that important file is more not easy to lose Lose.
Further, the priority includes the first priority groups and the second priority, and first priority groups are more than Second priority groups, the threshold value packet include first threshold packet and Second Threshold packet, the first threshold packet It is grouped more than Second Threshold;When the warning information is in first threshold packet, the control system of protected host will be protected The file backup positioned at the first priority groups stored is protected in the hard disk of main frame into accumulator backup system;When the warning information When in Second Threshold packet, the control system of protected host backs up the All Files stored in the hard disk of protected host Into accumulator backup system.
By using above-mentioned technical proposal, when warning information is located in first threshold packet, illustrate that warning grade is higher, The urgency level that now file needs back up is higher, therefore the file of the first priority is backed up, it is possible to reduce data quilt The phenomenon of destruction occurs;And when warning information is located in Second Threshold packet, illustrate that warning grade is relatively low, now file needs The urgency level of backup is relatively low, and has time enough to be backed up, therefore can be backed up all files.
Further, file to be backed up is divided into editable by the control system of protected host according to the type of file File group and can not editing files group, during by the file backup stored in the hard disk of protected host into accumulator backup system, The hard disk for pair being stored in protected host simultaneously neutralizes file in the accumulator backup system, if be located at editable literary for this document In part group, then this document is backed up in accumulator backup system, if this document is positioned at can not be in editing files group, not to this article Part is backed up.
By using above-mentioned technical proposal, in backup, the file that pair is stored in simultaneously in hard disk and accumulator backup system, If file editable, may be changed during subsequent use, therefore the file of this part is copied into standby deposit In storage system, original file in accumulator backup system is replaced, this partial document is preserved;If file not editable, i.e., It will not be modified by user, if accumulator backup system also has this document, this partial document need not be backed up, from And improve the speed of backup and the efficiency of backup.
Second purpose of the embodiment of the present invention is to provide a kind of fire wall Initiative Defence System that there are reduction data to lose Go wrong the advantages of dangerous.
The above-mentioned technical purpose of the embodiment of the present invention technical scheme is that:A kind of fire wall is actively Guard system, including:
FWSM, for the outside access flow according to acquisition, outside access described according to predetermined security policy analysis Whether flow forms network attack;
Risk analysis unit, for when it is determined that the flowing of access forms network attack, being carried out to the outside access flow Risk assessment simultaneously generates risk index, when risk index reaches predetermined threshold, is sent to the control system of protected host pre- Alert information;And
Standby control unit, for when the control system of protected host receives the warning information, according to the early warning Information is by the file backup stored in the hard disk of protected host into accumulator backup system.
By using above-mentioned technical proposal, safety of the FWSM according to predetermined security strategy to outside flowing of access Property is assessed, and when it is determined that the outside access flow is network attack, risky analytic unit is according to security strategy to the net Network attack carries out risk assessment, generates risk index according to the result of assessment, risk is bigger, and risk index is higher, when risk refers to When number is higher than predetermined threshold, that is, represent that the network attack has certain risk, now i.e. to the control system of protected host Warning information is sent, the control system of protected host will be led when receiving warning information by Standby control unit by protection The file backup stored in the hard disk of machine is distorted or destroyed by network attack so as to reduce file, subtract into accumulator backup system The risk of few loss of data.
Further, the predetermined threshold is grouped including multiple threshold values, and the risk analysis unit includes:
Risk assessment computing module, for the access frequency according to the outside access flow, the IP address accessed and/or port Risk assessment is carried out according to predetermined security strategy to generate the risk index;
Warning information generation module, for generating the warning information according to the threshold value packet where the risk index and sending To the control system of protected host, the warning information corresponds with threshold value packet.
By using above-mentioned technical proposal, if outside access flow occurs accessing protected host with higher frequency, Situations such as either same IP address or port are carried out continuous access or conducted interviews to all IP address or port, then say The bright outside access flow probably forms network attack, and risk assessment computing module accordingly carries out risk assessment After generate risk index, when risk index is in different threshold value packets, due to risk class corresponding to different threshold value packets Difference, warning information generation module is to generate the different warning information of warning grade, according to the warning information protected host Control system can carry out various tactful backups.
Further, the Standby control unit includes:
File ordering module, the position for being stored according to file determine the priority of each file, and the priority represents file The order of backup;
File backup module, it will be stored successively in the hard disk of protected host according to priority orders according to the warning message File is completely or partially backed up in accumulator backup system.
By using above-mentioned technical proposal, can be classified the documents storage usually using person, the files of different storage locations its Importance is different, and file ordering module determines the priority of file according to the storage location of file, i.e., bigger to importance The priority of file configuration is higher, and when a backup is made, file backup module is backed up successively according to priority orders, so as to So that important file is not more easy to be lost.
Further, the priority includes the first priority groups and the second priority, and first priority groups are more than Second priority groups, the threshold value packet include first threshold packet and Second Threshold packet, the first threshold packet It is grouped more than Second Threshold;When the file backup module carries out file backup, when the warning information is grouped in first threshold When middle, the file backup positioned at the first priority groups that the control system of protected host will store in the hard disk of protected host Into accumulator backup system;When the warning information is in Second Threshold packet, the control system of protected host will be protected The All Files stored is protected in the hard disk of main frame to back up in accumulator backup system.
By using above-mentioned technical proposal, when warning information is located in first threshold packet, illustrate that warning grade is higher, The urgency level that now file needs back up is higher, therefore the file of the first priority is backed up, it is possible to reduce data quilt The phenomenon of destruction occurs;And when warning information is located in Second Threshold packet, illustrate that warning grade is relatively low, now file needs The urgency level of backup is relatively low, and has time enough to be backed up, therefore can be backed up all files.
Further, file to be backed up is divided into editable by the control system of protected host according to the type of file File group and can not editing files group, the file backup module is by the file backup stored in the hard disk of protected host to standby During with storage system, the hard disk for pair being stored in protected host simultaneously neutralizes file in the accumulator backup system, if should File is located in editable file group, then backs up to this document in accumulator backup system, if this document is positioned at not editable text In part group, then this document is not backed up.
By using above-mentioned technical proposal, in backup, the file that pair is stored in simultaneously in hard disk and accumulator backup system, If file editable, may be changed during subsequent use, therefore the file of this part is copied into standby deposit In storage system, original file in accumulator backup system is replaced, this partial document is preserved;If file not editable, i.e., It will not be modified by user, if accumulator backup system also has this document, this partial document need not be backed up, from And improve the speed of backup and the efficiency of backup.
In summary, the invention has the advantages that:
First, the text that the control system of protected host when receiving warning information, will store in the hard disk of protected host Part is backed up in accumulator backup system, is distorted or is destroyed by network attack so as to reduce file, reduces the risk of loss of data;
Second, file is backed up successively according to priority, so that important file is not more easy to be lost;
Third, the backup of Different Strategies is carried out to file according to warning grade so that the probability that file is lost is smaller;
Fourth, being backed up again to editable file, to not editable file without backing up, the speed of backup is improved With the efficiency of backup.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the system block diagram of guard system in the embodiment of the present invention;
Fig. 2 is the flow chart of means of defence in the embodiment of the present invention.
In figure:1st, FWSM;2nd, risk analysis unit;3rd, Standby control unit.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.Based on this Embodiment in invention, the every other reality that those of ordinary skill in the art are obtained under the premise of creative work is not made Example is applied, belongs to the scope of protection of the invention.
A kind of fire wall Initiative Defence System, as shown in figure 1, including:FWSM 1, for the outside according to acquisition Flowing of access, according to outside access flow described in predetermined security policy analysis whether form network attack;Risk analysis unit 2, for when it is determined that flowing of access forms network attack, carrying out risk assessment to outside flowing of access and generating risk index, When risk index reaches predetermined threshold, warning information is sent to the control system of protected host;And Standby control unit 3, for when the control system of protected host receives warning information, according to warning information by the hard disk of protected host The file backup of storage is into accumulator backup system.
Specifically, protecting wall module based on existing fire wall realize, predetermined threshold by protecting wall module protective capacities It is determined that predetermined threshold is grouped including multiple threshold values, the intensity of the corresponding warning information of each threshold value packet is different, threshold value packet Value it is bigger, the intensity of warning information is also bigger.
Risk analysis unit 2 includes:Risk assessment computing module, for the access frequency according to outside access flow, visit The IP address asked and/or port carry out risk assessment to generate risk index according to predetermined security strategy;Warning information generates Module, for the threshold value packet generation warning information according to where risk index and send to the control system of protected host, The control system of protected host is realized that warning information corresponds with threshold value packet by the software program being built in internal memory, That is the value of threshold value packet is bigger, and the warning grade of corresponding warning information is higher.
If outside access flow occurs accessing protected host with higher frequency, or to same IP address or port Continuous access is carried out, or situations such as conducted interviews to all IP address or port, then illustrating that the outside access flow has very much can Network attack can be formed, risk assessment computing module generates risk index after accordingly carrying out risk assessment, and risk refers to When number is in different threshold value packets, because risk class corresponding to different threshold value packets is different, warning information generation module The different warning information of warning grade is generated, various strategies can be carried out according to the control system of the warning information protected host Backup.
Standby control unit 3 includes:File ordering module, the position for being stored according to file determine the preferential of each file Level, the priority of the position of file storage can be accustomed to determine according to the storage of user, and priority represents the order of file backup; File backup module, it is successively that the file stored in the hard disk of protected host is whole according to priority orders according to warning message Or incremental backup, into accumulator backup system, accumulator backup system can be independent a set of main frame either high in the clouds storage system System.
It can be classified the documents storage usually using person, its importance of the file of different storage locations is difference, file ordering Module determines the priority of file according to the storage location of file, i.e., the priority of file configuration bigger to importance is higher, When a backup is made, file backup module is backed up successively according to priority orders, so that important file is more not It is easy to be lost.
Priority includes the first priority groups and the second priority, and the first priority groups are more than the second priority groups, accordingly Threshold value packet include first threshold packet and Second Threshold packet, first threshold packet be more than Second Threshold packet, i.e., first Warning grade of the warning grade of the corresponding warning information of threshold value packet higher than the warning information corresponding to Second Threshold packet; When file backup module carries out file backup, when the warning information is in first threshold packet, the control of protected host System is by the file backup positioned at the first priority groups stored in the hard disk of protected host into accumulator backup system;When pre- When alert information is in Second Threshold packet, all texts that the control system of protected host will store in the hard disk of protected host Part is backed up in accumulator backup system.
When warning information is located in first threshold packet, illustrate that warning grade is higher, now file needs back up tight Anxious degree is higher, therefore the file of the first priority is backed up, it is possible to reduce the destroyed phenomenon of data occurs;And when pre- When alert information is located in Second Threshold packet, illustrating that warning grade is relatively low, the urgency level that now file needs back up is relatively low, and And there is time enough to be backed up, therefore all files can be backed up.
The control system of protected host is divided into editable file group and not according to the type of file, by file to be backed up Editable file group, the type of file determine according to its suffix name, can in protected host storage file list of types, root According to the relativity of suffix name and the file type list of file, editable file group is splitted the file into and can not editing files Group;File backup module by the file backup stored in the hard disk of protected host into accumulator backup system when, pair deposit simultaneously The file in the hard disk of protected host and in accumulator backup system is stored up, will if this document is located in editable file group This document is backed up in accumulator backup system, if this document to this document positioned at can not back up in editing files group.
In backup, pair file in hard disk and accumulator backup system is stored in simultaneously, if file editable, follow-up It may be changed during use, therefore the file of this part copied in accumulator backup system, replace slack storage Original file in system, enables this partial document to preserve;If file not editable, i.e., will not be modified by user, If accumulator backup system also has this document, this partial document need not be backed up, so as to improve the speed of backup and The efficiency of backup.
Accordingly, as shown in Fig. 2 the present embodiment also provides a kind of fire wall active protection method, including:
401, obtain outside access flow and attacked according to whether predetermined security policy analysis outside access flow forms network Hit;
402, when it is determined that the flowing of access forms network attack, according to the access frequency of outside access flow, the IP accessed Address and/or port carry out risk assessment to generate risk index according to predetermined security strategy;
403, multiple threshold values packets are prestored in fire wall Initiative Defence System, threshold value is grouped the risk for judging risk index Degree, the threshold value packet according to where risk index generate warning information and sent to the control system of protected host, early warning Information corresponds with threshold value packet;
404, the position stored according to file determines the priority of each file, and priority represents the order of file backup, i.e., formerly The high file of backup priority;
405, according to warning message according to priority orders successively by the file whole stored in the hard disk of protected host or portion Point back up in accumulator backup system, priority includes the first priority groups and the second priority, and the first priority groups are more than the Two priority groups, threshold value packet include first threshold packet and Second Threshold packet, and first threshold packet is more than Second Threshold point Group;When warning information is in first threshold packet, the control system of protected host will store in the hard disk of protected host The file backup positioned at the first priority groups into accumulator backup system;When warning information is in Second Threshold packet, quilt The control system of protected host backs up to the All Files stored in the hard disk of protected host in accumulator backup system;
Simultaneously during backup, file to be backed up is divided into by the control system of protected host according to the type of file Editable file group and can not editing files group, by the file backup stored in the hard disk of protected host to accumulator backup system When middle, pair file in the hard disk of protected host and in accumulator backup system is stored in simultaneously, if this document is located at editable In file group, then this document is backed up in accumulator backup system, if this document is positioned at can not be in editing files group, not to this File is backed up.
FWSM 1 is assessed the security of outside flowing of access according to predetermined security strategy, when it is determined that should When outside access flow is network attack, risky analytic unit 2 carries out risk assessment according to security strategy to the network attack, Risk index is generated according to the result of assessment, risk is bigger, and risk index is higher, when risk index is higher than predetermined threshold, i.e., Represent that the network attack has certain risk, now send warning information to the control system of protected host, protected The control system of main frame is when receiving warning information, the text that will be stored by Standby control unit 3 in the hard disk of protected host Part is backed up in accumulator backup system, is distorted or is destroyed by network attack so as to reduce file, reduces the risk of loss of data.
In the above-described embodiments, the description to each embodiment emphasizes particularly on different fields, and does not have the part being described in detail in some embodiment, It may refer to the associated description of other embodiment.
It should be noted that for foregoing each method embodiment, in order to be briefly described, therefore it is all expressed as a series of Combination of actions, but those skilled in the art should know, the present invention is not limited by described sequence of movement because According to the present invention, some steps may use other orders or carry out simultaneously.Secondly, those skilled in the art should also know Know, embodiment described in this description belongs to preferred embodiment, the action being related to and module not necessarily this hair Necessary to bright.
In several embodiments provided herein, it should be understood that disclosed device, can be real in other way It is existing.For example, device embodiment described above is only schematical, such as the division of said units, only one kind are patrolled The division of volume function, can there is an other dividing mode when actually realizing, such as multiple units or component can combine or can be with Another system is integrated into, or some features can be ignored, or do not perform.It is another, it is shown or discussed mutual Coupling or communication connection can be INDIRECT COUPLING or communication connection between device or unit by some interfaces, can be electricity Letter or other forms.
The above-mentioned unit illustrated as separating component can be or may not be physically separate, show as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
Described above, the above embodiments are merely illustrative of the technical solutions of the present invention, and without limiting it;Although reference The present invention will be described in detail for previous embodiment, it will be understood by those within the art that:It still can be to preceding State the technical scheme described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic;And these Modification is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (10)

  1. A kind of 1. fire wall active protection method, it is characterised in that including:
    Obtain outside access flow and attacked according to whether outside access flow described in predetermined security policy analysis forms network Hit;
    When it is determined that the flowing of access forms network attack, risk assessment is carried out to the outside access flow and generates risk Index, when risk index reaches predetermined threshold, warning information is sent to the control system of protected host;And
    The control system of protected host is according to the warning information, by the file backup stored in the hard disk of protected host extremely In accumulator backup system.
  2. 2. fire wall active protection method according to claim 1, it is characterised in that the predetermined threshold includes multiple thresholds Value packet, risk assessment is carried out to the outside access flow and generates risk index, when risk index reaches predetermined threshold, Sending warning information to the control system of protected host includes:
    Entered according to the access frequency of the outside access flow, the IP address accessed and/or port according to predetermined security strategy Row risk assessment is to generate the risk index;
    The warning information is generated according to the threshold value packet where the risk index and sent to the control system of protected host System.
  3. 3. fire wall active protection method according to claim 2, it is characterised in that the control system root of protected host According to the warning information, the file backup stored in the hard disk of protected host to accumulator backup system is included:
    The position stored according to file determines the priority of each file, and the priority represents the order of file backup;
    According to the warning message according to priority orders successively by the file whole stored in the hard disk of protected host or portion Divide and back up in accumulator backup system.
  4. 4. fire wall active protection method according to claim 3, it is characterised in that it is preferential that the priority includes first Level group and the second priority, first priority groups are more than second priority groups, and the threshold value packet includes the first threshold Value packet and Second Threshold packet, the first threshold packet are more than Second Threshold and are grouped;When the warning information is in the first threshold When in value packet, the text positioned at the first priority groups that the control system of protected host will store in the hard disk of protected host Part is backed up in accumulator backup system;When the warning information is in Second Threshold packet, the control system of protected host The All Files stored in the hard disk of protected host is backed up in accumulator backup system.
  5. 5. fire wall active protection method according to claim 4, it is characterised in that the control system root of protected host According to the type of file, by file to be backed up be divided into editable file group and can not editing files group, by the hard of protected host When the file backup stored in disk is into accumulator backup system, pair simultaneously be stored in protected host hard disk neutralize it is described standby File in storage system, if this document is located in editable file group, this document is backed up in accumulator backup system, if This document to this document positioned at can not then not back up in editing files group.
  6. A kind of 6. fire wall Initiative Defence System, it is characterised in that including:
    FWSM (1), for the outside access flow according to acquisition, described according to predetermined security policy analysis, outside is visited Ask whether flow forms network attack;
    Risk analysis unit (2), for when it is determined that the flowing of access forms network attack, entering to the outside access flow Row risk assessment simultaneously generates risk index, when risk index reaches predetermined threshold, is sent to the control system of protected host Warning information;And
    Standby control unit (3), for when the control system of protected host receives the warning information, according to described pre- Alert information is by the file backup stored in the hard disk of protected host into accumulator backup system.
  7. 7. fire wall Initiative Defence System according to claim 6, it is characterised in that the predetermined threshold includes multiple thresholds Value packet, the risk analysis unit (2) include:
    Risk assessment computing module, for the access frequency according to the outside access flow, the IP address accessed and/or port Risk assessment is carried out according to predetermined security strategy to generate the risk index;
    Warning information generation module, for generating the warning information according to the threshold value packet where the risk index and sending To the control system of protected host, the warning information corresponds with threshold value packet.
  8. 8. fire wall Initiative Defence System according to claim 7, it is characterised in that Standby control unit (3) bag Include:
    File ordering module, the position for being stored according to file determine the priority of each file, and the priority represents file The order of backup;
    File backup module, it will be stored successively in the hard disk of protected host according to priority orders according to the warning message File is completely or partially backed up in accumulator backup system.
  9. 9. fire wall Initiative Defence System according to claim 8, it is characterised in that it is preferential that the priority includes first Level group and the second priority, first priority groups are more than second priority groups, and the threshold value packet includes the first threshold Value packet and Second Threshold packet, the first threshold packet are more than Second Threshold and are grouped;The file backup module enters style of writing When part backs up, when the warning information is in first threshold packet, the control system of protected host is by protected host The file backup positioned at the first priority groups stored in hard disk is into accumulator backup system;When the warning information is in the second threshold When in value packet, the All Files stored in the hard disk of protected host is backed up to standby deposit by the control system of protected host In storage system.
  10. 10. fire wall Initiative Defence System according to claim 9, it is characterised in that the control system of protected host According to the type of file, by file to be backed up be divided into editable file group and can not editing files group, the file backup mould Block by the file backup stored in the hard disk of protected host into accumulator backup system when, pair simultaneously be stored in protected host Hard disk neutralize file in the accumulator backup system, if this document is located in editable file group, this document is backed up Into accumulator backup system, if this document to this document positioned at can not back up in editing files group.
CN201711339742.7A 2017-12-14 2017-12-14 Fire wall Initiative Defence System and means of defence Pending CN107846418A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711339742.7A CN107846418A (en) 2017-12-14 2017-12-14 Fire wall Initiative Defence System and means of defence

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711339742.7A CN107846418A (en) 2017-12-14 2017-12-14 Fire wall Initiative Defence System and means of defence

Publications (1)

Publication Number Publication Date
CN107846418A true CN107846418A (en) 2018-03-27

Family

ID=61665013

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711339742.7A Pending CN107846418A (en) 2017-12-14 2017-12-14 Fire wall Initiative Defence System and means of defence

Country Status (1)

Country Link
CN (1) CN107846418A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109542678A (en) * 2018-11-07 2019-03-29 郑州云海信息技术有限公司 A kind of server key message timed backup method and device
CN110061998A (en) * 2019-04-25 2019-07-26 新华三信息安全技术有限公司 A kind of attack defense method and device
CN111147497A (en) * 2019-12-28 2020-05-12 杭州安恒信息技术股份有限公司 Intrusion detection method, device and equipment based on knowledge inequality
CN111614671A (en) * 2020-05-20 2020-09-01 西安佐尔电子技术有限公司 Network security implementation system and method based on big data platform
CN113596044A (en) * 2021-08-03 2021-11-02 北京恒安嘉新安全技术有限公司 Network protection method and device, electronic equipment and storage medium
CN115913665A (en) * 2022-11-01 2023-04-04 国家管网集团北方管道有限责任公司 Network security early warning method and device based on serial port firewall

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7886348B2 (en) * 2003-10-03 2011-02-08 Verizon Services Corp. Security management system for monitoring firewall operation
CN102307184A (en) * 2011-06-16 2012-01-04 北京峰盛博远科技有限公司 Information asset protection method based on intrusion tolerance
CN102346784A (en) * 2011-11-14 2012-02-08 苏州阔地网络科技有限公司 Database backup method and system
CN103139184A (en) * 2011-12-02 2013-06-05 中国电信股份有限公司 Intelligent network firewall device and network attack protection method
CN104702456A (en) * 2013-12-04 2015-06-10 大连东浦机电有限公司 Method for monitoring local area network transmission data risk based on keyword extraction strategy
CN105389521A (en) * 2015-12-18 2016-03-09 北京金山安全管理系统技术有限公司 Method for safely protecting file in computer system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7886348B2 (en) * 2003-10-03 2011-02-08 Verizon Services Corp. Security management system for monitoring firewall operation
CN102307184A (en) * 2011-06-16 2012-01-04 北京峰盛博远科技有限公司 Information asset protection method based on intrusion tolerance
CN102346784A (en) * 2011-11-14 2012-02-08 苏州阔地网络科技有限公司 Database backup method and system
CN103139184A (en) * 2011-12-02 2013-06-05 中国电信股份有限公司 Intelligent network firewall device and network attack protection method
CN104702456A (en) * 2013-12-04 2015-06-10 大连东浦机电有限公司 Method for monitoring local area network transmission data risk based on keyword extraction strategy
CN105389521A (en) * 2015-12-18 2016-03-09 北京金山安全管理系统技术有限公司 Method for safely protecting file in computer system

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109542678A (en) * 2018-11-07 2019-03-29 郑州云海信息技术有限公司 A kind of server key message timed backup method and device
CN109542678B (en) * 2018-11-07 2021-12-17 郑州云海信息技术有限公司 Method and device for regularly backing up key information of server
CN110061998A (en) * 2019-04-25 2019-07-26 新华三信息安全技术有限公司 A kind of attack defense method and device
CN110061998B (en) * 2019-04-25 2022-03-22 新华三信息安全技术有限公司 Attack defense method and device
CN111147497A (en) * 2019-12-28 2020-05-12 杭州安恒信息技术股份有限公司 Intrusion detection method, device and equipment based on knowledge inequality
CN111147497B (en) * 2019-12-28 2022-03-25 杭州安恒信息技术股份有限公司 Intrusion detection method, device and equipment based on knowledge inequality
CN111614671A (en) * 2020-05-20 2020-09-01 西安佐尔电子技术有限公司 Network security implementation system and method based on big data platform
CN113596044A (en) * 2021-08-03 2021-11-02 北京恒安嘉新安全技术有限公司 Network protection method and device, electronic equipment and storage medium
CN113596044B (en) * 2021-08-03 2023-04-25 北京恒安嘉新安全技术有限公司 Network protection method and device, electronic equipment and storage medium
CN115913665A (en) * 2022-11-01 2023-04-04 国家管网集团北方管道有限责任公司 Network security early warning method and device based on serial port firewall

Similar Documents

Publication Publication Date Title
CN107846418A (en) Fire wall Initiative Defence System and means of defence
Lin et al. Toward a safer and more secure cyberspace
CN107743118B (en) Hierarchical network security protection method and device
JP2018508054A (en) Statistical analysis method for risk assessment of file-based content
EP1496427A3 (en) Data processing method with restricted data arrangement, storage area management method, and data processing system
CN107563192A (en) A kind of means of defence for extorting software, device, electronic equipment and storage medium
CN107770125A (en) A kind of network security emergency response method and emergency response platform
CN108881230A (en) A kind of safe transmission method and device of government affairs big data
Shin et al. Focusing on the weakest link: A similarity analysis on phishing campaigns based on the att&ck matrix
CN106203092A (en) Method and device for intercepting shutdown of malicious program and electronic equipment
Rana et al. Taxonomy of digital forensics: Investigation tools and challenges
Gnatyuk et al. Studies on Cloud-based Cyber Incidents Detection and Identification in Critical Infrastructure.
KR101834808B1 (en) Apparatus and method for protecting file from encryption
CN105930740B (en) Source retroactive method, monitoring method, restoring method and system when software file is changed
WO2003021908A2 (en) Server with file verification
Hajoary et al. Role of government in tackling cyber security threat
CN106130968A (en) A kind of identity identifying method and system
CN106790169B (en) Protection method and device for scanning of scanning equipment
Ryan et al. Proportional hazards in information security
DE102015107071B3 (en) Device and method for controlling a communication network
CN111444270B (en) Method and system for controlling harmful information based on block chain
Steinmetz Hacking and hacktivism
CN206270962U (en) A kind of computer security control system
CN112651023A (en) Method for detecting and preventing malicious Lego software attacks
Okonofua et al. Cybersecurity: An analysis of the protection mechanisms in a cloud-centered environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180327

RJ01 Rejection of invention patent application after publication