CN107995192B - Detection and blocking system for network boundary violation inlining - Google Patents
Detection and blocking system for network boundary violation inlining Download PDFInfo
- Publication number
- CN107995192B CN107995192B CN201711251827.XA CN201711251827A CN107995192B CN 107995192 B CN107995192 B CN 107995192B CN 201711251827 A CN201711251827 A CN 201711251827A CN 107995192 B CN107995192 B CN 107995192B
- Authority
- CN
- China
- Prior art keywords
- management
- subsystem
- module
- network
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a detection and blocking system for network boundary violation inlining, which comprises: the background scanning service system, the database system and the foreground user management system, the database system transfers and stores data between the background scanning service system and the foreground user management system, the background scanning service system comprises a network resource management subsystem, a network boundary scanning subsystem, an asset identification and management subsystem, an equipment monitoring subsystem and an emergency response management subsystem, the database system comprises a data communication subsystem, a system authorization management subsystem and a database subsystem, the foreground user management system comprises a foreground user interface subsystem, the system adopts a B/S architecture as a whole, and the system avoids the problems of incomplete and non-objective results caused by human factors by analyzing the flow in the network, the wireless probe scans the wireless signal to complete the detection and positioning of illegal access, and the problem that the illegal access is hidden and evaded in deception and supervision is solved.
Description
Technical Field
The invention relates to a detection and blocking system for network boundary violation inlining, belonging to the field of network security.
Background
With the expansion of network scale, the network boundary is continuously changed and adjusted, the complete protection of the boundary becomes more difficult, the fort is most easily broken through from the inside, any point in the network can tear the boundary open, and the data interaction with the outside is realized without any supervision. At present, the main network byod (bright green Own device) refers to a device carried by itself, and the devices include devices such as a personal computer, a smart phone, a tablet and the like, a carry-on WIFI device and a wireless/wired routing device, and the like, so that the main hazards caused by the devices are as follows: 1. the original network boundary is multiplied and damaged; 2. the system is easy to be invaded by viruses or trojans and the like, and the internal network is easily damaged, so that the safety risk is extremely high; for a network with a HUB or a network with similar HUB access, the access concealment and deceptiveness make it difficult for a manager to discover the behavior of a private access device, and if the network manager cannot effectively supervise the behavior of breaking through the network boundary privately, the network manager inevitably causes core data leakage, virus and Trojan inundation, and even the breakdown of a service system and the whole network.
The network maintenance of the prior art has the following disadvantages: 1. at present, the management and control deployment work of the terminal also depends on manual installation, and firstly, the integrity of the acquired asset list cannot be ensured; secondly, the rigor of the manual work in the implementation process cannot be guaranteed; thirdly, self-restraint of a user cannot be ensured, the deployment rate reaches 100% which is a task difficult to complete, and a terminal can escape from supervision in various ways, which is a technical problem that a terminal desktop management system cannot be avoided; 2. routing equipment such as a wireless AP (access point) can easily break through the limitation of the binding of the port of the switch through MAC (media access control) cloning and NAT (network address translation); wireless AP passes through NAT and combines DMZ setting, can easily break through 802.1X's access control, make the access have disguise and deceiveness, and improve the access control strict degree based on 802.1X, it is all a difficult problem to make deployment and maintenance, because of the paralytic case of 802.1X leads to the network is many, even it is forced the user to relax and abandon the control based on 802.1X to the access even, wireless AP passes through behind above-mentioned two kinds of modes, current terminal management, access control system's judgment mechanism can think only a reasonable internal terminal, can't judge above-mentioned two kinds of condition, lead to wireless AP to appear the location difficult, the difficult condition of supervision.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the detection and blocking system for the network boundary violation inlining is researched, and the problems that the existing network boundary violation control system terminal escapes supervision, the limitation of switch port binding is easily broken through MAC cloning and NAT, and the control system is strictly controlled due to the concealment and the deception of the violation access, so that the self deployment and maintenance are difficult are solved.
The technical scheme of the invention is as follows: a network boundary violation inlining detection and blocking system, comprising: the system comprises a background scanning service system, a database system and a foreground user management system, wherein the database system is used for data transmission and storage between the background scanning service system and the foreground user management system, the background scanning service system comprises a network resource management subsystem, a network boundary scanning subsystem, an asset identification and management subsystem, an equipment monitoring subsystem and an emergency response management subsystem, the database system comprises a data communication subsystem, a system authorization management subsystem and a database subsystem, the foreground user management system comprises a foreground user interface subsystem, and the system generally adopts a B/S framework.
Furthermore, the network resource management subsystem comprises a resource reference management module, an illegal behavior detection module and an audit management module of the IP address, an IP address and MAC address detection module and a binding management module, and is used for detecting, recording and binding and managing illegal IP access, illegal MAC access, IP address misuse and IP address change behaviors.
Furthermore, the network boundary scanning subsystem comprises a BYOD device scanning detection module, a carry-on WIFI access detection module, a wireless AP detection module and a network sharing detection module, flow scanning detection is carried out on the mobile phone, routing equipment accessed by NAT, and network sharing behaviors between the carry-on WIFI and double network cards, wireless scanning detection is to scan wireless signals through a wireless probe to obtain wireless signal characteristics such as SSID (service set identifier) and wireless channel information, flow quintuple information is extracted through deep analysis of flow in the network and is compared with specific characteristic information in network flow of a mainstream AP and the carry-on WIFI, and judgment of whether the wireless AP and the carry-on WIFI exist in the network is completed.
Furthermore, the asset identification and management subsystem comprises a port scanning module, an operating system identification module, an asset management module and an asset reporting module, wherein the port scanning module scans TCP and common UDP ports of a target object, the operating system identification module confirms the type of an operating system by combining port information comprehensive feedback results according to scanning results, the asset management module provides retrieval conditions for centralized query and classified management of network asset information, and the asset reporting module provides an asset report according to query results. The method is characterized in that assets inside a network are automatically identified and classified, at least terminal PCs, application servers, network devices, network printers, video monitoring devices and safety operation and maintenance devices (firewalls, intrusion detection, anti-virus gateways, online behavior audit and the like) can be automatically distinguished, and remote scanning identification is carried out on brands of mainstream video monitoring devices (Haokawa, Dahua, Yu, Koda, Bosey and the like), printing devices (Hewlett-packard, Canon, Fuji Shi-Shi, Epson, brother, Jing porcelain, Mare, Nippon, Limeng and the like) and safety operation and maintenance devices (Qimingxin, Neyun, Tianxin, Lu-Nen, Dipu, flying tower, mountain stone, deep belief uniform, Neuk, Neyun, Sonic wall, Checkint, Tianxingan and the like), wherein the identification of types of operating systems at least comprises the following steps: windows XP, Window 7, Windows 8, Window 10, Windows Server 2003, Windows Server 2008, Windows Server 2012, Linux, and the like.
Furthermore, the equipment monitoring subsystem comprises a detection identification module, a port positioning module, a topology discovery module and a topology display and editing module, and is used for identifying and monitoring the running state, the physical link and the performance of the network equipment, abnormal port downlink positioning, automatic network topology discovery and topology display.
Furthermore, the emergency response management subsystem comprises an endpoint event response management module, a safety equipment event response management module and a third-party linkage processing module, and is used for carrying out centralized emergency response management on the safety events.
Furthermore, the data communication subsystem comprises an information collection communication module, a strategy management communication module, a standard protocol communication module and an external linkage communication module, provides two communication modes based on UDP and TCP, collects and transmits information uploaded by a client to a server, the server is responsible for acquiring a specified management strategy and then transmits the strategy back to the client, and provides the standard protocol communication module based on SNMP, ICMP and Syslog, so that a third party is allowed to interact and link with the system by calling an externally-disclosed communication interface. The third party refers to an external party system which can be compatible, such as an asset management system, a security audit system and the like.
Further, the system authorization management subsystem controls and manages the authorization of the system, and determines the open functional module according to the authorization system.
Further, the database subsystem divides the database module into a strategy sub-base, a data collection sub-base, a parameter sub-base, an information knowledge sub-base and a data auxiliary processing sub-base, and stores and preprocesses the data in a centralized manner.
Furthermore, the foreground user interface subsystem comprises a user management module, a strategy editing module, a statistical analysis module of log and alarm information and a report module, and adopts the weighted hierarchical management for users, the unified configuration and management for the system management strategy, the statistical analysis data is generated into a corresponding report, and the data is updated to the database subsystem.
The invention has the beneficial effects that: a network boundary violation inline detection and blocking system is designed, compared with the prior art, the advantages are mainly that:
1. the system analyzes the flow in the network through the network boundary scanning subsystem, and the flow is generated by abnormal access among mobile phones, routing equipment accessed by NAT, carry-on WIFI and double network cards, so that the problems of incomplete and non-objective results possibly caused by human factors are solved, and the efficiency and the accuracy are effectively improved by an automatic module detection and management mode;
2. the asset identification and management subsystem of the system can automatically identify and classify assets inside a network, can remotely scan and identify mainstream video monitoring equipment and safety operation and maintenance equipment, the network boundary scanning subsystem scans wireless signals through a wireless probe to acquire wireless signal characteristics, the wireless signal characteristics are compared with specific characteristic information in mainstream AP and carry-on WIFI network flow, the discovery and positioning functions of the wireless AP and the carry-on WIFI are realized by combining a switch port positioning technology, and the problems that the wireless AP and the like are difficult to position, difficult to monitor and strictly cause self paralysis due to the setting of a monitoring system are solved.
Drawings
FIG. 1 is a schematic diagram of the logic between systems of the present invention;
FIG. 2 is a schematic diagram of the present invention.
Detailed Description
The invention will be further described with reference to the accompanying figures 1-2 and the specific embodiments, in which the rounded rectangles in figure 1 represent all the modules of the invention:
a network boundary violation inlining detection and blocking system, comprising: the system comprises a background scanning service system, a database system and a foreground user management system, wherein the database system is used for data transmission and storage between the background scanning service system and the foreground user management system, the background scanning service system comprises a network resource management subsystem, a network boundary scanning subsystem, an asset identification and management subsystem, an equipment monitoring subsystem and an emergency response management subsystem, the database system comprises a data communication subsystem, a system authorization management subsystem and a database subsystem, the foreground user management system comprises a foreground user interface subsystem, and the system generally adopts a B/S framework.
Furthermore, the network resource management subsystem comprises a resource reference management module, an illegal behavior detection module and an audit management module of the IP address, an IP address and MAC address detection module and a binding management module, and is used for detecting, recording and binding and managing illegal IP access, illegal MAC access, IP address misuse and IP address change behaviors.
Furthermore, the network boundary scanning subsystem comprises a BYOD device scanning detection module, a carry-on WIFI access detection module, a wireless AP detection module and a network sharing detection module, flow scanning detection is carried out on a mobile phone, routing equipment accessed by NAT, and network sharing behaviors between the carry-on WIFI and double network cards, wireless scanning detection is to scan wireless signals through a wireless probe to obtain wireless signal characteristics such as SSID (service set identifier) and wireless channel information, flow quintuple information is extracted through deep analysis of flow in a network, and the wireless scanning detection is compared with specific characteristic information in network flow of a main flow AP and the carry-on WIFI by combining a network resource management subsystem and an asset identification and management subsystem to judge whether the wireless AP and the carry-on WIFI exist in the network.
Furthermore, the asset identification and management subsystem comprises a port scanning module, an operating system identification module, an asset management module and an asset reporting module, wherein the port scanning module scans TCP and common UDP ports of a target object, the operating system identification module confirms the type of an operating system by combining port information comprehensive feedback results according to scanning results, the asset management module provides retrieval conditions for centralized query and classified management of network asset information, and the asset reporting module provides an asset report according to query results. The method is characterized in that assets inside a network are automatically identified and classified, at least terminal PCs, application servers, network devices, network printers, video monitoring devices and safety operation and maintenance devices (firewalls, intrusion detection, anti-virus gateways, online behavior audit and the like) can be automatically distinguished, and remote scanning identification is carried out on brands of mainstream video monitoring devices (Haokawa, Dahua, Yu, Koda, Bosey and the like), printing devices (Hewlett-packard, Canon, Fuji Shi-Shi, Epson, brother, Jing porcelain, Mare, Nippon, Limeng and the like) and safety operation and maintenance devices (Qimingxin, Neyun, Tianxin, Lu-Nen, Dipu, flying tower, mountain stone, deep belief uniform, Neuk, Neyun, Sonic wall, Checkint, Tianxingan and the like), wherein the identification of types of operating systems at least comprises the following steps: windows XP, Window 7, Windows 8, Window 10, Windows Server 2003, Windows Server 2008, Windows Server 2012, Linux, and the like.
Furthermore, the equipment monitoring subsystem comprises a detection identification module, a port positioning module, a topology discovery module and a topology display and editing module, and is used for identifying and monitoring the running state, the physical link and the performance of the network equipment, abnormal port downlink positioning, automatic network topology discovery and topology display.
Furthermore, the emergency response management subsystem comprises an endpoint event response management module, a safety equipment event response management module and a third-party linkage processing module, and is used for carrying out centralized emergency response management on the safety events.
Furthermore, the data communication subsystem comprises an information collection communication module, a strategy management communication module, a standard protocol communication module and an external linkage communication module, provides two communication modes based on UDP and TCP, collects and transmits information uploaded by a client to a server, the server is responsible for acquiring a specified management strategy and then transmits the strategy back to the client, and provides the standard protocol communication module based on SNMP, ICMP and Syslog, so that a third party is allowed to interact and link with the system by calling an externally-disclosed communication interface. The third party refers to an external party system which can be compatible, such as an asset management system, a security audit system and the like.
Further, the system authorization management subsystem controls and manages the authorization of the system, and determines the open functional module according to the authorization system.
Further, the database subsystem divides the database module into a strategy sub-base, a data collection sub-base, a parameter sub-base, an information knowledge sub-base and a data auxiliary processing sub-base, and stores and preprocesses the data in a centralized manner.
Furthermore, the foreground user interface subsystem comprises a user management module, a strategy editing module, a statistical analysis module of log and alarm information and a report module, and adopts the weighted hierarchical management for users, the unified configuration and management for the system management strategy, the statistical analysis data is generated into a corresponding report, and the data is updated to the database subsystem.
After the user is installed successfully, the user enters a system login page through IE11 or other browsers, the type of the login user is selected, and the user identities provided by the foreground user management system are divided into two types of users: management type users and audit type users, wherein the management type users comprise: the system is mainly responsible for daily maintenance and management of the system; the management users are divided into super management users, management users and ordinary users,
example 1: super user identity login system
The system provides three major functions for the super user: parameter setting, equipment linkage control management and user management.
Setting parameters: the method mainly completes the main operation and management parameter configuration of the system, mainly including equipment performance management parameters, scanning address range, setting of main scanning parameters, database maintenance plan, network equipment management and the like;
and (3) equipment linkage control management: the system mainly completes response control management on terminal events, provides an emergency response mechanism aiming at illegal behaviors, thereby rapidly and accurately eliminating the threat of the illegal behaviors to network security, improving the processing efficiency of the illegal events, and the emergency response control mode is mainly divided into three types: 1. based on switch port blocking control; 2. blocking control based on ARP spoofing; 3. and sending a mail notification.
User management: mainly completes the maintenance and management of the management user and the modification of the super user's own password;
example 2: managing user identity login systems
The management user is the user with the most use of the system, and after the super management user sets the system operation parameters, the subsequent system management and maintenance work is mainly taken charge of by the management user. The management authority and the authorized address range of the management user are both designated by the super management user, and the management user maintains and manages the system in the authorized range of the management user.
The main functions of managing users include: inquiry statistics and reports, network management, equipment linkage control management and user management.
And inquiring statistics and reports: and providing related information inquiry and statistical functions for users, including alarm information, IP real-name management, equipment port information management, IP use tracking audit and network access tracking audit. The alarm information comprises alarm level, IP address field, host name, generation time period and MAC address, which are inquired independently and jointly, and the alarm information with the highest level in the last four hours is inquired under the default condition without selecting the inquiry condition. Four alarm levels are respectively a prompt level, a warning level, a serious warning level and a high-risk level. Clicking the host IP in the list to directly position to the port of the switch; the IP real-name management provides staff names through the system, so that independent and combined query of right receiving conditions, running states (whether online or not), host names, MAC addresses, membership relations, IP address sections, operation systems and common BYOD equipment network card screening can be obtained, query conditions are not selected, all user information is queried under the default condition, and query result reports are also provided; the device port information management comprises port description, port speed, operation state, management state and other port basic information, a user can set query conditions, single condition or multi-condition combined query is carried out, and a report can be directly generated by clicking the report. IP usage tracking audit: providing detailed audit aiming at IP use, providing correlation query of IP-MAC-time period, namely automatically correlating the MAC address corresponding to the IP address in the time period according to the time period and the IP address, setting query conditions by a user, carrying out single condition or multi-condition joint query, and directly generating a report through the report. The network access tracking audit provides all-round inquiry and management for network access, namely, the ports of switches accessed by a certain IP or MAC in a certain period can be inquired, a user can set inquiry conditions, single condition or multi-condition combined inquiry is carried out, and a report can be directly generated through the report.
The network management comprises terminal management, equipment management and topology management, wherein the main functions of the terminal management are to manage the hosts which are scanned and detected by the system, including the basic information of the hosts, the port positioning information of the uplink switch and the like. The user clicks the 'terminal management' of the left functional area to enter a host management page, the area positioned on the left side of the page is a functional display image for node classification according to the host type, the functional display image comprises four categories of computer terminals (namely common PC), printers, servers and other equipment, the host under each category is presented in a mode of actual network VLAN network segment division, a middle host can be selected, and the selected terminal can be authorized by clicking the authorization on the upper right corner; the main functions of the device management are to manage the network devices scanned and detected by the system, including network device communication link monitoring, network port working state monitoring and port security state monitoring, network device port positioning and operation management, etc., the system displays all the network devices managed by the system in the form of graphics, and classifies the network devices according to the three-layer switching/routing device, the two-layer switch, the firewall and the server. The basic information of the equipment can be checked, and the basic information comprises information such as an IP address, an equipment name, a port, CPU (Central processing Unit) and memory occupation; topology management: the method can automatically draw a network topological graph, automatically draw a schematic diagram of a network equipment backboard, provide network positioning of an IP or MAC address, automatically distinguish HUB access and NAT equipment access, provide operation management (such as closing/starting) of a port of the network equipment, support safety management (such as binding/releasing of the MAC and the port and setting of binding number), support flow statistics and checking of the port, support access audit and IP address use audit, select the port in various topological display modes, operate and manage the port, and perform topology adjustment on manual setting of port cascading equipment.
And (3) equipment linkage control management: the method mainly comprises the following steps of emergency response control management, including four functions of alarm event emergency response control strategy management, Syslog log emergency response strategy management and positioning management of an external emergency response processing center and a problem terminal;
user management, namely user management and password modification, wherein the user management refers to creation, authorization and deletion management.
Example 3: auditing user identity login system
The audit user is responsible for auditing and supervising the system, the class of users is only one as the super management user, and the system provides two functions for the audit user: auditing and password modification. The auditing function provided by the system for the auditing user mainly comprises: auditing user operation logs, system operation log auditing and equipment operation log auditing.
Auditing the user operation log: unified audit management is carried out on user login, logout, inquiry, policy management, parameter configuration, user management and other behaviors, corresponding retrieval inquiry conditions are provided, the individual and combined inquiry of a user name, an operation type and an operation time period is carried out, the inquiry conditions are not specified, a system inquires all operation logs by default, and report generation and printing are supported;
and (3) auditing a system running log: the system is responsible for auditing the operation log of the system background, and the problems occurring in the operation of the system can be found out through the log audit. Clicking 'system operation log' under audit to enter a system operation log management page, wherein the system operation log only provides query conditions according to time periods, and all queries are performed under default conditions, so that report generation and printing are supported;
equipment operation log audit: the system will individually audit the operation of the network devices to prevent the system from human damage. The equipment operation log management page can be accessed by clicking the 'equipment operation log' under audit, the system provides the equipment IP address for the equipment operation log, and queries such as operation users, equipment port numbers, operation types, operation time and the like, and the system queries all the equipment operation logs by default under the condition of not selecting query conditions, and supports report generation and printing.
Claims (5)
1. A network boundary violation inlining detection and blocking system, comprising: background scanning service system, database system and foreground user management system, its characterized in that: the database system carries out data transmission and storage between a background scanning service system and a foreground user management system, the background scanning service system comprises a network resource management subsystem, a network boundary scanning subsystem, an asset identification and management subsystem, an equipment monitoring subsystem and an emergency response management subsystem, the database system comprises a database subsystem, a data communication subsystem and a system authorization management subsystem, the foreground user management system comprises a foreground user interface subsystem, and the connection relationship is as follows: the system comprises a foreground user interface subsystem, a data communication subsystem, a system authorization management subsystem, a network boundary scanning subsystem, an equipment monitoring subsystem, a network resource management subsystem, an asset identification and management subsystem, an emergency response management subsystem and a database system, wherein the foreground user interface subsystem is respectively connected with the database subsystem, the data communication subsystem and the system authorization management subsystem in a program mode;
the network resource management subsystem comprises a resource reference management module, an illegal behavior detection module and an audit management module of an IP address, an IP address and MAC address detection module and a binding management module, and is used for detecting, recording and binding and managing illegal IP access, illegal MAC access, IP address misuse and IP address change behaviors;
the network boundary scanning subsystem comprises a self-carried equipment scanning detection module, a carry-on WIFI access detection module, a wireless AP detection module and a network sharing detection module, and is used for carrying out flow scanning detection on network sharing behaviors among a mobile phone, routing equipment accessed by NAT, the carry-on WIFI and double network cards, wherein the wireless scanning detection is to scan wireless signals through a wireless probe to obtain wireless signal characteristics, and then compare the wireless signal characteristics with specific characteristic information in mainstream AP and carry-on WIFI network flow to finish the judgment on whether the wireless AP and the carry-on WIFI exist in the network;
the asset identification and management subsystem comprises a port scanning module, an operating system identification module, an asset management module and an asset reporting module, wherein the port scanning module scans TCP and common UDP ports of a target object, the operating system identification module combines port information comprehensive feedback results according to scanning results to confirm the type of an operating system, the asset management module provides retrieval conditions for centralized query and classified management of network asset information, and the asset reporting module provides an asset report according to query results;
the equipment monitoring subsystem comprises a detection identification module, a port positioning module, a topology discovery module and a topology display and editing module, and is used for identifying and monitoring the running state, the physical link and the performance of network equipment, abnormal port downlink positioning, automatic discovery and topology display of network topology;
the emergency response management subsystem comprises an endpoint event response management module, a safety equipment event response management module and a third-party linkage processing module and is used for carrying out centralized emergency response management on safety events.
2. The system according to claim 1, wherein the system comprises: the data communication subsystem comprises an information collection communication module, a strategy management communication module, a standard protocol communication module and an external linkage communication module, provides two communication modes based on UDP and TCP, collects and transmits information uploaded by a client to a server, the server is responsible for acquiring a specified management strategy and then transmitting the strategy back to the client, provides the standard protocol communication module based on SNMP, ICMP and Syslog, and allows a third party to interact and link with the system by calling an externally-disclosed communication interface.
3. The system according to claim 1, wherein the system comprises: the system authorization management subsystem controls and manages the authorization of the system and determines an open functional module according to the authorization system.
4. The system according to claim 1, wherein the system comprises: the database subsystem divides the database module into a strategy sub-base, a data collection sub-base, a parameter sub-base, an information knowledge sub-base and a data auxiliary processing sub-base, and stores and preprocesses data in a centralized manner.
5. The system according to claim 1, wherein the system comprises: the foreground user interface subsystem comprises a user management module, a strategy editing module, a statistical analysis module of log and alarm information and a report module, adopts the fractional management of users, the unified configuration and management of system management strategies, generates corresponding reports from statistical analysis data and updates the data to the database subsystem.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711251827.XA CN107995192B (en) | 2017-12-01 | 2017-12-01 | Detection and blocking system for network boundary violation inlining |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711251827.XA CN107995192B (en) | 2017-12-01 | 2017-12-01 | Detection and blocking system for network boundary violation inlining |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107995192A CN107995192A (en) | 2018-05-04 |
| CN107995192B true CN107995192B (en) | 2020-12-04 |
Family
ID=62035202
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711251827.XA Active CN107995192B (en) | 2017-12-01 | 2017-12-01 | Detection and blocking system for network boundary violation inlining |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107995192B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110213212B (en) * | 2018-05-24 | 2021-07-16 | 腾讯科技(深圳)有限公司 | Equipment classification method and device |
| CN109561103B (en) * | 2018-12-26 | 2021-09-21 | 北京城强科技有限公司 | Intranet boundary control method for concentrator |
| CN109756502A (en) * | 2019-01-14 | 2019-05-14 | 郭军 | Terminal prot unifies control platform |
| CN110943884B (en) * | 2019-11-22 | 2024-05-17 | 深圳前海微众银行股份有限公司 | Data processing method and device |
| CN111314178B (en) * | 2020-02-25 | 2021-06-25 | 国网湖南省电力有限公司 | Method, system and medium for detecting illegal external connection of power monitoring system equipment |
| CN111479271B (en) * | 2020-04-03 | 2023-07-25 | 北京锐云通信息技术有限公司 | Wireless security detection and protection method and system based on asset attribute marking grouping |
| CN113992337B (en) * | 2020-07-09 | 2024-01-26 | 台众计算机股份有限公司 | Information security management system of multi-information security software |
| CN114584352B (en) * | 2022-02-21 | 2023-07-07 | 北京北信源软件股份有限公司 | Method, device and system for detecting network violation external connection of multi-network interconnection |
| CN116383020B (en) * | 2023-01-18 | 2023-10-24 | 广州市神推网络科技有限公司 | Internet data analysis management system and method based on blockchain |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN203659011U (en) * | 2013-12-29 | 2014-06-18 | 国家电网公司 | Pre-alarming device for illegal external connection of USB interface |
| CN106549851A (en) * | 2015-09-18 | 2017-03-29 | 中国移动通信集团公司 | A kind of violation information sends the decision method and device of group |
-
2017
- 2017-12-01 CN CN201711251827.XA patent/CN107995192B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN203659011U (en) * | 2013-12-29 | 2014-06-18 | 国家电网公司 | Pre-alarming device for illegal external connection of USB interface |
| CN106549851A (en) * | 2015-09-18 | 2017-03-29 | 中国移动通信集团公司 | A kind of violation information sends the decision method and device of group |
Non-Patent Citations (2)
| Title |
|---|
| 《内网非法外联安全监控系统的研究与设计》;赵永胜;《中国优秀硕士学位论文全文数据库 信息科技辑》;20110315;第2011卷(第03期);正文第33页至第61页 * |
| 《网络边界违规内联检测、定位与阻断系统在电力内网中的应用研究》;张盛安;《电子技术与软件工程》;20171026;正文第224-225页,图1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107995192A (en) | 2018-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107995192B (en) | Detection and blocking system for network boundary violation inlining | |
| EP2715975B1 (en) | Network asset information management | |
| CN110493195B (en) | Network access control method and system | |
| US7596807B2 (en) | Method and system for reducing scope of self-propagating attack code in network | |
| US8972571B2 (en) | System and method for correlating network identities and addresses | |
| US20030188189A1 (en) | Multi-level and multi-platform intrusion detection and response system | |
| US20050216956A1 (en) | Method and system for authentication event security policy generation | |
| US20040181664A1 (en) | Secure self-organizing and self-provisioning anomalous event detection systems | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| EP3422665B1 (en) | Sensor-based wireless network vulnerability detection | |
| KR102244036B1 (en) | Method for Classifying Network Asset Using Network Flow data and Method for Detecting Threat to the Network Asset Classified by the Same Method | |
| CA2486519C (en) | System and method for making managing wireless network activity | |
| CN113098906A (en) | Application method of micro honeypots in modern families | |
| CN115134166A (en) | Attack tracing method based on honey holes | |
| CN112565202A (en) | Internet of things access gateway for video network system | |
| CN105792216B (en) | Wireless fishing based on certification accesses point detecting method | |
| CN116781380A (en) | Campus network security risk terminal interception traceability system | |
| CN116939589A (en) | Student internet monitoring system based on campus wireless network | |
| KR20130033161A (en) | Intrusion detection system for cloud computing service | |
| KR100906389B1 (en) | System, Server and Method for Analyzing Integrated Authentication-Logs based on ?????? | |
| KR20200054495A (en) | Method for security operation service and apparatus therefor | |
| Di et al. | Active Defense Model of Network Attack on Cloud Platform Based on K-means Algorithm | |
| CN118200016A (en) | Asset monitoring method based on equipment fingerprint | |
| CN117040919A (en) | Video network security management system | |
| CN118317315A (en) | Fingerprint information identification technology for network access control system equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |