CN107948139B - Transformer substation monitoring network debugging method based on security policy management and control - Google Patents

Transformer substation monitoring network debugging method based on security policy management and control Download PDF

Info

Publication number
CN107948139B
CN107948139B CN201711096080.5A CN201711096080A CN107948139B CN 107948139 B CN107948139 B CN 107948139B CN 201711096080 A CN201711096080 A CN 201711096080A CN 107948139 B CN107948139 B CN 107948139B
Authority
CN
China
Prior art keywords
debugging
message
debugging message
protocol
mac address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711096080.5A
Other languages
Chinese (zh)
Other versions
CN107948139A (en
Inventor
叶婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Jiean Information Technology Co ltd
Original Assignee
Nanjing Jiean Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Jiean Information Technology Co ltd filed Critical Nanjing Jiean Information Technology Co ltd
Priority to CN201711096080.5A priority Critical patent/CN107948139B/en
Publication of CN107948139A publication Critical patent/CN107948139A/en
Application granted granted Critical
Publication of CN107948139B publication Critical patent/CN107948139B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a transformer substation monitoring network debugging method based on security policy management and control, which comprises the following steps: step 1, filtering according to the MAC address of an input debugging message to obtain a non-native debugging message; step 2, filtering according to the type of the debugging message to obtain an IP debugging message; step 3, filtering according to the protocol type in the IP debugging message header to obtain a TCP/UDP debugging message; step 4, if the safe debugging state exists, carrying out validity detection on the debugging message; if the debugging message passes the preset time, forwarding the debugging message; if not, entering step 5; step 5, carrying out validity detection on the debugging message according to the security debugging strategy: if the current state passes, increasing a first safety debugging state, and entering the step 6; otherwise, discarding the debugging message; and 6, carrying out dynamic debugging protocol detection on the debugging message. Compared with the existing debugging method for directly accessing the transformer substation network, the method improves the debugging safety.

Description

Transformer substation monitoring network debugging method based on security policy management and control
Technical Field
The invention relates to the field of transformer substation monitoring, in particular to a transformer substation monitoring network debugging method based on security policy management and control.
Background
A debugging method of a transformer substation monitoring network is that a notebook computer of each manufacturer directly accesses an in-station switch for configuration and debugging of devices for a long time. With the frequent occurrence of various power grid safety accidents in China and internationally, the monitoring network safety of the transformer substation is highly valued by the national power grid. Because the substation monitoring network is a local area network, it is very important to manage and control the externally accessed devices. If viruses or illegal programs exist on externally accessed equipment, the transformer substation monitoring network is directly accessed, and results which are difficult to predict are caused.
Disclosure of Invention
Aiming at the problems, the invention provides a transformer substation monitoring network debugging method based on security policy control, which solves the security problem in the existing transformer substation monitoring network debugging, effectively avoids the threat of the traditional debugging method directly accessing the transformer substation monitoring network to the network security, and further improves the isolation and the security of the transformer substation monitoring network.
In order to achieve the technical purpose and achieve the technical effect, the invention is realized by the following technical scheme:
a transformer substation monitoring network debugging method based on security policy management and control comprises the following steps:
step 1, if the source MAC address or the destination MAC address of the input debugging message is the MAC address of the local network interface, discarding the debugging message; otherwise, obtaining a non-native debugging message, and entering the step 2;
step 2, if the type of the debugging message is IP, entering step 3; otherwise, discarding the debugging message;
step 3, if the protocol type in the IP header of the debugging message is TCP/UDP, entering step 4; otherwise, discarding the debugging message;
step 4, if the safe debugging state exists, carrying out validity detection on the debugging message; if the debugging message passes the preset time, forwarding the debugging message; if not, entering step 5;
step 5, carrying out validity detection on the debugging message according to the security debugging strategy: if not, discarding the debugging message; if the current state passes, increasing a first safety debugging state, and entering the step 6;
and 6, carrying out dynamic debugging protocol detection on the debugging message, if the dynamic debugging protocol is found, increasing a second safe debugging state according to the corresponding debugging protocol, and forwarding the debugging message.
Preferably, in step 1, the debugging message with the debugging message source MAC address or the debugging message destination MAC address as the local network port MAC address is discarded to avoid processing messages communicated with the local computer, so as to debug the local computer while debugging the network.
Preferably, in step 4, the safe debugging state refers to that the protocol type, the source IP, the destination IP, the source port, and the destination port in the IP debugging packet are stored as a safe debugging state, and the forwarding speed of the debugging packet is accelerated by preferentially matching the debugging packet with the safe debugging state.
Preferably, in step 5, the validity detection includes detecting a source MAC, a source IP, a source port, a destination MAC, a destination IP, a destination port, a connection direction, and a keyword of the debug message according to the security debug policy, and the detection method checks whether the elements are consistent with specific contents in the message by matching the elements with the specific contents in the message.
Preferably, in step 6, the dynamic debug protocol detection refers to a debug protocol only for FTP, the debug message of which contains port number information of subsequent states, and a corresponding secure debug state needs to be added according to the information in the debug message, otherwise the subsequent debug message may be discarded as an illegal connection.
The invention has the beneficial effects that: the invention can effectively avoid the threat to the network security of the traditional debugging method for directly accessing the transformer substation monitoring network, and further improves the isolation and the security of the transformer substation monitoring network.
Drawings
The following further explains embodiments of the present invention with reference to the drawings.
Fig. 1 is a flowchart of a transformer substation monitoring network debugging method based on security policy management and control according to the present invention.
Detailed Description
With reference to fig. 1, the present invention provides a transformer substation monitoring network debugging method based on security policy management and control, including the following steps:
step 1, filtering according to the MAC address of an input debugging message to obtain a non-native debugging message; the debugging message with the debugging message source MAC address or the debugging message with the debugging message destination MAC address as the local network port MAC address is discarded, so that the message communicated with the local machine is avoided being processed, and the local machine is debugged while the network is debugged.
Step 2, if the type of the debugging message is IP, entering step 3; otherwise, discarding the debugging message;
step 3, if the protocol type in the IP header of the debugging message is TCP/UDP, entering step 4; otherwise, discarding the debugging message;
step 4, if the safe debugging state exists, carrying out validity detection on the debugging message; if the debugging message passes the preset time, forwarding the debugging message; if not, entering step 5; the safe debugging state refers to that the protocol type, the source IP, the destination IP, the source port and the destination port in the IP debugging message are stored into a safe debugging state, and the forwarding speed of the debugging message is accelerated by preferentially matching the debugging message with the safe debugging state.
Step 5, carrying out validity detection on the debugging message according to the security debugging strategy: if not, discarding the debugging message; if the current state passes, increasing a first safety debugging state, and entering the step 6; the validity detection comprises detecting a source MAC, a source IP, a source port, a destination MAC, a destination IP, a destination port, a connection direction and a keyword of the debugging message according to a security debugging strategy, and the detection method mainly checks whether the elements are consistent with the specific content in the message by matching the elements with the specific content in the message.
And 6, carrying out dynamic debugging protocol detection on the debugging message, if the dynamic debugging protocol is found, increasing a second safe debugging state according to the corresponding debugging protocol, and forwarding the debugging message. The dynamic debugging protocol detection refers to a debugging protocol only aiming at the FTP, port number information of a subsequent state is contained in a debugging message of the debugging protocol, a corresponding safe debugging state needs to be added according to the information in the debugging message, and otherwise, the subsequent debugging message can be discarded as illegal connection.
The invention can solve the safety problem in the debugging of the monitoring network of the existing transformer substation, effectively avoids the threat to the network safety of the traditional debugging method for directly accessing the monitoring network of the transformer substation, and further improves the isolation and the safety of the monitoring network of the transformer substation.
In the previous description, numerous specific details were set forth in order to provide a thorough understanding of the present invention. The foregoing description is only a preferred embodiment of the invention, which can be embodied in many different forms than described herein, and therefore the invention is not limited to the specific embodiments disclosed above. And that those skilled in the art may, using the methods and techniques disclosed above, make numerous possible variations and modifications to the disclosed embodiments, or modify equivalents thereof, without departing from the scope of the claimed embodiments. Any simple modification, equivalent change and modification of the above embodiments according to the technical essence of the present invention are within the scope of the technical solution of the present invention.

Claims (4)

1. A transformer substation monitoring network debugging method based on security policy management and control is characterized in that: the method comprises the following steps:
step 1, if the source MAC address or the destination MAC address of the input debugging message is the MAC address of the local network interface, discarding the debugging message; otherwise, obtaining a non-native debugging message, and entering the step 2;
step 2, if the type of the debugging message is IP, entering step 3; otherwise, discarding the debugging message;
step 3, if the protocol type in the IP header of the debugging message is TCP/UDP, entering step 4; otherwise, discarding the debugging message;
step 4, if the safe debugging state exists, carrying out validity detection on the debugging message; if the debugging message passes the preset time, forwarding the debugging message; if not, entering step 5;
step 5, carrying out validity detection on the debugging message according to the security debugging strategy: if not, discarding the debugging message; if the current state passes, increasing a first safety debugging state, and entering the step 6;
step 6, carrying out dynamic debugging protocol detection on the debugging message, if a dynamic debugging protocol is found, increasing a second safe debugging state according to the corresponding debugging protocol, and forwarding the debugging message;
the debugging message is obtained by capturing a packet to a debugging network port in the debugging process;
the non-native debugging message is a debugging message of a debugging message source MAC address or a debugging message of a destination MAC address non-native network port MAC address;
the safety debugging state is that the protocol type, the source IP, the destination IP, the source port and the destination port in the IP debugging message are stored as a safety debugging state, and the forwarding speed of the debugging message is accelerated by preferentially matching the debugging message with the safety debugging state;
the dynamic debugging protocol detection aims at port number information containing subsequent states in a debugging message, and a corresponding safe debugging state needs to be added according to the information in the debugging message, otherwise, the subsequent debugging message can be discarded as illegal connection;
the security debugging strategy is used for limiting parameters of protocol types, MAC addresses, IP address ports, connecting directions and keywords in debugging messages in the debugging process.
2. The transformer substation monitoring network debugging method based on security policy management and control according to claim 1, characterized in that: the dynamic debug protocol detection is a debug protocol detection for FTP.
3. The transformer substation monitoring network debugging method based on security policy management and control according to claim 1, characterized in that: in step 1, the debugging message with the debugging message source MAC address or the debugging message with the debugging message destination MAC address as the local network port MAC address is discarded, so that the message communicated with the local machine is avoided being processed, and the local machine is debugged while the network is debugged.
4. The transformer substation monitoring network debugging method based on security policy management and control according to claim 1, characterized in that: in step 5, the validity detection includes detecting the protocol type, source MAC, source IP, source port, destination MAC, destination IP, destination port, connection direction, and key word of the debug message according to the security debug policy, and the detection method checks whether the above elements are consistent with the specific content in the message by matching the above elements.
CN201711096080.5A 2017-11-09 2017-11-09 Transformer substation monitoring network debugging method based on security policy management and control Active CN107948139B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711096080.5A CN107948139B (en) 2017-11-09 2017-11-09 Transformer substation monitoring network debugging method based on security policy management and control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711096080.5A CN107948139B (en) 2017-11-09 2017-11-09 Transformer substation monitoring network debugging method based on security policy management and control

Publications (2)

Publication Number Publication Date
CN107948139A CN107948139A (en) 2018-04-20
CN107948139B true CN107948139B (en) 2021-04-20

Family

ID=61934567

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711096080.5A Active CN107948139B (en) 2017-11-09 2017-11-09 Transformer substation monitoring network debugging method based on security policy management and control

Country Status (1)

Country Link
CN (1) CN107948139B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110224991B (en) * 2019-05-13 2021-04-06 视联动力信息技术股份有限公司 Video networking terminal communication method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103746920A (en) * 2014-01-24 2014-04-23 成都卫士通信息产业股份有限公司 Method for realizing data transmission based on gatekeeper
WO2014114232A1 (en) * 2013-01-22 2014-07-31 横河电机株式会社 Isolation protection system and method thereof for performing bidirectional data packet filtration inspection
CN107196931A (en) * 2017-05-17 2017-09-22 南京南瑞继保电气有限公司 A kind of deep message detection method based on network isolating device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014114232A1 (en) * 2013-01-22 2014-07-31 横河电机株式会社 Isolation protection system and method thereof for performing bidirectional data packet filtration inspection
CN103746920A (en) * 2014-01-24 2014-04-23 成都卫士通信息产业股份有限公司 Method for realizing data transmission based on gatekeeper
CN107196931A (en) * 2017-05-17 2017-09-22 南京南瑞继保电气有限公司 A kind of deep message detection method based on network isolating device

Also Published As

Publication number Publication date
CN107948139A (en) 2018-04-20

Similar Documents

Publication Publication Date Title
US10929538B2 (en) Network security protection method and apparatus
US10021033B2 (en) Context driven policy based packet capture
Yang et al. Intrusion detection system for IEC 60870-5-104 based SCADA networks
Masoud et al. On preventing ARP poisoning attack utilizing Software Defined Network (SDN) paradigm
JP2017041886A (en) Method for reducing cyber attack in industrial control system
CN110401624A (en) The detection method and system of source net G system mutual message exception
CN105282169A (en) DDoS attack warning method and system based on SDN controller threshold
JP7171904B2 (en) packet processing
US9998492B2 (en) Processing method for network address translation technology, NAT device and BNG device
CN104539600A (en) Industrial control firewall implementing method for supporting filtering IEC 104 protocol
WO2019085923A1 (en) Data processing method and device, and computer
CN112822204A (en) NAT detection method, device, equipment and medium
CN107948139B (en) Transformer substation monitoring network debugging method based on security policy management and control
WO2016008212A1 (en) Terminal as well as method for detecting security of terminal data interaction, and storage medium
CN105516200B (en) Cloud system method and device of safe processing
CN107948195B (en) Method and device for protecting Modbus attack
CN101547127B (en) Identification method of inside and outside network messages
Tylman Native support for Modbus RTU protocol in Snort intrusion detection system
Holik Meeting smart city latency demands with SDN
CN107995182B (en) Excavation system of loophole in transformer substation
CN108337222B (en) Port opening method and device for distinguishing access terminal identity and readable storage medium
CN112612670B (en) Session information statistical method, device, exchange equipment and storage medium
CN112640392B (en) Trojan horse detection method, device and equipment
Zhang et al. Automatic detection of SIP-aware attacks on VoLTE device
Wang et al. A New Intrusion Detection System Based on Protocol Acknowledgement

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant