CN108038037B - Monitoring method and monitoring device for computer host safety and server - Google Patents
Monitoring method and monitoring device for computer host safety and server Download PDFInfo
- Publication number
- CN108038037B CN108038037B CN201711096897.2A CN201711096897A CN108038037B CN 108038037 B CN108038037 B CN 108038037B CN 201711096897 A CN201711096897 A CN 201711096897A CN 108038037 B CN108038037 B CN 108038037B
- Authority
- CN
- China
- Prior art keywords
- interface
- host
- controller
- computer
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 212
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000012806 monitoring device Methods 0.000 title claims abstract description 11
- 238000004891 communication Methods 0.000 claims abstract description 65
- 238000001514 detection method Methods 0.000 claims description 13
- 239000013307 optical fiber Substances 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 27
- 230000003287 optical effect Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000000926 separation method Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3006—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3051—Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0811—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
- Alarm Systems (AREA)
Abstract
The invention discloses a monitoring method, a monitoring device and a server for the safety of a computer host, wherein the computer host comprises a monitoring circuit, the monitoring circuit comprises a controller and a first interface, the controller is coupled with the first interface, and the method comprises the following steps: the computer host establishes communication connection with the server through a first interface; the computer host periodically sends monitoring data packets to the server through the first interface by using the controller, and the monitoring data packets are used for the server to judge whether the computer host is in a safe state or not. By the mode, the safety monitoring system can conveniently, accurately and comprehensively monitor the safety of the computer host.
Description
Technical Field
The present invention relates to the field of computer security technologies, and in particular, to a method, an apparatus, and a server for monitoring security of a computer host.
Background
At present, in an information-based society, individuals, enterprises, state organs and the like store more and more important data in a computer, or manage system files and the like by using the computer; if the data is stolen or the computer is operated illegally, the user will be lost. In order to improve the computer security, a conventional method is to place the computer in a limited area, but the computer still has a risk of being removed from the limited area, so that a method for monitoring whether the computer is in place needs to be added. The existing method for monitoring the in-place of the computer host is realized in an RFID scanning mode, specifically, a high-frequency RFID label is adhered to a shell of the computer host, then an RFID scanner is installed in an area needing to be limited for real-time scanning, if the RFID label can be scanned, the computer host is determined to be still in the limited area, and if the signal of the RFID label cannot be scanned, the computer host is determined to be away from the limited area.
In the long-term research and development process, the inventor of the application finds that the method for monitoring the in-place state of the computer host by using the RFID mode has some problems, such as too high monitoring and deployment cost due to the fact that a scanner needs to be deployed in each limited area; the signal of the RFID label can be weakened or disturbed, the RFID label can fall off, the monitoring result can be influenced, and the like.
Disclosure of Invention
The invention mainly solves the technical problem of providing a monitoring method, a monitoring device and a server for the safety of a computer host, which can conveniently, accurately and comprehensively monitor the safety of the computer host.
In order to solve the technical problems, the invention adopts a technical scheme that: a method for monitoring the security of a computer host is provided, wherein the computer host comprises a monitoring circuit, the monitoring circuit comprises a controller and a first interface, the controller is coupled to the first interface, the method comprises: the computer host establishes communication connection with the server through a first interface; the computer host periodically sends monitoring data packets to the server through the first interface by using the controller, and the monitoring data packets are used for the server to judge whether the computer host is in a safe state or not.
In order to solve the technical problem, the invention adopts another technical scheme that: a method for monitoring the security of a computer host is provided, which comprises: the server establishes communication connection with the computer host; the server judges whether monitoring data packets periodically sent by the computer host are received within preset time; and if the server does not receive the monitoring data packet within the preset time, judging that the computer host is in an unsafe state.
In order to solve the technical problem, the invention adopts another technical scheme that: the monitoring device comprises a monitoring circuit, wherein the monitoring circuit comprises a controller and a first interface, the controller is coupled with the first interface, the first interface is coupled with a server through a network, the controller is used for periodically sending a monitoring data packet to the server through the first interface, and the monitoring data packet is used for the server to judge whether the computer host is in a safe state or not.
In order to solve the technical problem, the invention adopts another technical scheme that: providing a server, the server comprising: the processor is coupled with the communication circuit and used for executing the computer safety monitoring method.
The invention has the beneficial effects that: the invention provides a monitoring method, a monitoring device and a server for computer host safety, which are different from the prior art. The method monitors the safety of the computer host by utilizing the communication connection state between the computer host and the server, namely if the communication connection between the computer host and the server is disconnected, the computer host is judged to be in an unsafe state. The method is simple and convenient, only the communication network deployment is needed for the computer host, and the general computers are already deployed with the communication network. Therefore, additional monitoring equipment is not needed, and the monitoring cost is greatly saved.
Drawings
FIG. 1 is a schematic flow chart diagram illustrating an embodiment of a method for monitoring security of a computer host according to the present invention;
FIG. 2 is a schematic diagram of an embodiment of a computer host security monitoring circuit according to the present invention;
FIG. 3 is a schematic diagram of a monitoring packet flow of an embodiment of the monitoring circuit of the present application;
FIG. 4 is a schematic diagram of an embodiment of a computer host security monitoring circuit according to the present invention;
FIG. 5 is a schematic diagram of a monitoring packet flow of an embodiment of the monitoring circuit of the present application;
FIG. 6 is a schematic diagram of an embodiment of a computer host security monitoring circuit according to the present invention;
FIG. 7 is a schematic diagram of a monitoring packet flow according to an embodiment of the monitoring circuit of the present application;
FIG. 8 is a schematic diagram of an embodiment of a computer host security monitoring circuit according to the present invention;
FIG. 9 is a schematic diagram of a monitoring packet flow of an embodiment of the monitoring circuit of the present application;
FIG. 10 is a schematic diagram of an embodiment of a computer host security monitoring circuit according to the present invention;
FIG. 11 is a schematic diagram of an embodiment of a computer host security monitoring circuit according to the present invention;
FIG. 12 is a schematic diagram of a computer host security monitoring circuit according to an embodiment of the present invention;
FIG. 13 is a schematic diagram of a computer host security monitoring circuit according to an embodiment of the present invention;
FIG. 14 is a flowchart illustrating an embodiment of a method for monitoring security of a computer host according to the present invention;
fig. 15 is a schematic configuration diagram of an embodiment of a server according to the present application.
Detailed Description
In order to make the purpose, technical solution and effect of the present application clearer and clearer, the present application is further described in detail below with reference to the accompanying drawings and examples.
The application provides a monitoring method, a monitoring device and a server for the safety of a computer host, which can be used for monitoring whether the computer host is physically off-line or not, monitoring whether the computer host is legally started or not, whether a case of the computer host is opened or not and the like, and further ensuring the safety of the computer host.
Referring to fig. 1, fig. 1 is a schematic flow chart illustrating an embodiment of a method for monitoring security of a computer host according to the present application. The method comprises the following steps:
s101: the computer host establishes communication connection with the server through the first interface.
S102: the computer host periodically sends monitoring data packets to the server through the first interface by using the controller, and the monitoring data packets are used for the server to judge whether the computer host is in a safe state or not.
In this embodiment, the security of the computer host is monitored by using the communication connection status between the computer host and the server, i.e. if the communication connection between the computer host and the server is disconnected, the computer host is determined to be in an unsafe state. And if the communication connection between the server and the host computer is disconnected, the server cannot normally receive monitoring data packets periodically sent by the host computer. Therefore, the server is only required to judge whether the monitoring data packets periodically sent by the computer host are received in the preset time, and if the monitoring data packets are not received in the preset time, the computer host is judged to be in an unsafe state. The monitoring data packet may be a heartbeat data packet actively and periodically sent to the server by the computer host, or a response data packet sent by the server periodically and polling downwards, and the computer host responds to the query request of the server. The predetermined time refers to a specified time period after the transmission time of each heartbeat packet/inquiry request is transmitted. The method is simple and convenient, only the communication network deployment is needed for the computer host, and the general computers are already deployed with the communication network. Therefore, additional monitoring equipment is not needed, and the monitoring cost is greatly saved.
In one embodiment, the monitoring method is used for monitoring whether the computer host is physically offline (i.e. unplugging the network cable), and if the computer host is physically offline, the network communication is necessarily disconnected, the security state of the computer host cannot be monitored online, and unsafe factors such as being moved away from a limited area, being illegally started after being shut down, being opened after being shut down and the like exist. Specifically, a computer host is placed in a limited area, communication connection between the computer host and a server is established through a network cable, and monitoring data packets are periodically sent to the server; if the computer host is in place, the communication connection is normal, the server can normally receive the monitoring data packet, and if the computer host is physically offline (the network cable is pulled out), the communication connection is disconnected, and the server cannot normally receive the monitoring data packet. Therefore, when the server does not receive the monitoring data packet within the preset time, the physical offline of the computer host is judged to be in an unsafe state.
Referring to fig. 2, fig. 2 is a schematic structural diagram of an embodiment of a security monitoring circuit of a computer host according to the present application. The monitoring circuit comprises a controller 100 and a first interface 101, wherein the controller 100 is coupled to the first interface 101, and the first interface 101 is coupled to a server through a network; the controller 100 is configured to periodically send monitoring packets to the server via the first interface 101. Wherein the first interface 101 may be an ethernet interface, a fiber interface, or a 485 serial interface, etc. The monitoring circuit is installed in the computer host, so that the computer host can independently or cooperatively work with the host communication circuit through the monitoring circuit to periodically send monitoring data packets to the server. The host communication circuit is a communication circuit formed by the computer host by utilizing an original network card.
Referring to fig. 3, fig. 3 is a schematic diagram illustrating a flow of monitoring packets according to an embodiment of the monitoring circuit of the present application. In one embodiment, the method includes monitoring whether a computer host is in a boot state; if the host computer is in a shutdown state, the host computer periodically sends monitoring data packets to the server through the monitoring circuit, that is, the monitoring data packets are generated by the controller 100 and then periodically sent to the server directly through the first interface 101. The controller 100 may be a Microcontroller Unit (MCU), a control chip, or the like. In this embodiment, the monitoring circuit further includes a power module, and the power module can supply power to the monitoring circuit to enable the monitoring circuit to work normally. The power module can be a rechargeable battery, when the computer host is started, the computer host can directly supply power to the monitoring circuit or charge the power module, and when the computer host is shut down, the power module supplies power to the monitoring circuit. In the embodiment, the monitoring circuit is arranged, so that the computer host can communicate with the server when being powered off, and whether the computer host is in a safe state or not is monitored in a network communication mode. Meanwhile, the monitoring circuit is arranged in the computer host, so that the accuracy of a monitoring result can be improved, and misjudgment caused by the separation of an external monitor and the computer host can be avoided.
In one embodiment, the method includes monitoring whether a computer host is in a boot state; if the computer host is in the power-on state, the computer host periodically sends the monitoring data packet to the server through the monitoring circuit, that is, the monitoring data packet is generated by the controller 100 and then periodically sent to the server directly through the first interface 101, which has the same principle as that of the computer when the computer is powered off.
In one embodiment, the method includes monitoring whether a computer host is in a boot state; if the computer host is in a starting state, the computer host periodically sends monitoring data packets to the server through the cooperative work of the monitoring circuit and the host communication circuit.
Referring to fig. 4 and 5, fig. 4 is a schematic structural diagram of an embodiment of a host computer security monitoring circuit according to the present application, and fig. 5 is a schematic flow diagram of a monitoring data packet according to the embodiment of the monitoring circuit according to the present application. In an embodiment, the monitoring circuit further includes a second interface 102, a third interface 103, and a path switch (not shown), the second interface 102 is different from the third interface 103 in type, the controller 100 is coupled to the path switch and the third interface 103, and the second interface 102 and the third interface 103 are respectively coupled to the host communication circuit. When the host computer is in a power-on state, the controller 100 controls the path switch to communicate the first interface 101 and the second interface 102, and the monitoring data packet is generated by the controller 100 and then sent to the host computer communication circuit through the third interface 103, and then sent to the server periodically through the second interface 102 and the first interface 101 by the host computer communication circuit. By the method, the connection mode can be conveniently switched, and the stable communication is ensured. In an embodiment, the monitoring circuit may include a plurality of third interfaces, that is, the monitoring circuit may include a PCIE bus-type third interface and a USB-type third interface; certainly, a serial interface and the like can be further arranged, and which interface is selected to participate in the work according to actual needs. In other embodiments, the third interface 103 may be coupled to the host CPU, and the monitoring data packet is generated by the controller 100 and then sent to the host CPU through the third interface 103, and then sent to the host communication circuit by the host CPU.
Referring to fig. 6 and 7, fig. 6 is a schematic structural diagram of an embodiment of a host security monitoring circuit of the present application, and fig. 7 is a schematic flow diagram of a monitoring data packet of the embodiment of the monitoring circuit of the present application. In an embodiment, the monitoring circuit further comprises a switch chip 108, and the switch chip 108 is coupled to the controller 100 and the first interface 101, respectively. When the computer host is in the power-on/power-off state, the monitoring data packet is generated by the controller 100 and then sent to the switch chip 108, and then the switch chip 108 periodically sends the monitoring data packet to the server through the first interface 101. In this embodiment, the controller 100 may establish a communication connection with the server through the switch chip 108, and the host communication circuit in the computer host may also establish a communication connection with the server through the switch chip 108 to implement normal communication; specifically, the monitoring circuit includes a second interface 102, the switch chip 108 is coupled to the second interface 102, the second interface 102 is configured to be coupled to a host communication circuit, and the host communication circuit may be connected to the switch chip 108 through the second interface 102 to implement a communication connection with the server through the switch chip 108.
Referring to fig. 8 and 9, fig. 8 is a schematic structural diagram of an embodiment of a host computer security monitoring circuit according to the present application, and fig. 9 is a schematic flow diagram of a monitoring data packet according to the embodiment of the monitoring circuit according to the present application. In an embodiment, the monitoring circuit further includes a switch chip 108, a second interface 102 and a third interface 103, the controller 100 is coupled to the third interface 103, the switch chip 108 is coupled to the controller 100, the first interface 101 and the second interface 102, respectively, and the second interface 102 is coupled to the host communication circuit. When the computer host is in a power-on state, the monitoring data packet is generated by the controller 100, and the monitoring data packet is generated by the controller 100, then is sent to the host communication circuit through the third interface 103, then is sent to the switch chip 108 through the second interface 102 by the host communication circuit, and then is periodically sent to the server through the first interface 101 by the switch chip 108.
By adopting the scheme, the computer host can keep good communication with the server no matter in a power-off state or a power-on state by selecting different connection modes, and the communication mode with the server can be freely switched and selected according to the use environment of the computer host.
In practical applications, in addition to the situation that the computer is in an unsafe state when the host computer is physically offline, the computer is also in an unsafe state when the USB flash disk/optical disk PE is used for starting the computer. The monitoring method provided by the application can be used for monitoring the physical offline of the computer host and also can be used for monitoring whether the computer host is started in illegal ways such as a U disk/an optical disk and the like.
Referring to fig. 10, fig. 10 is a schematic structural diagram of an embodiment of a computer host security monitoring circuit according to the present application, in which the monitoring circuit further includes a third interface 103, the third interface 103 is used for coupling with a computer host motherboard, and the controller 100 is used for monitoring whether the computer host is legally started by using the third interface 103, so as to determine whether the computer host is in a secure state. The monitoring circuit can be used for monitoring whether the computer host is legally started.
Specifically, a special driver or service is authorized to be installed in the computer host, when the computer host is started from a partition authorized by the hard disk, the driver or service can generate legal information for starting the computer host, and when the computer host is started by using an optical disk or a U disk, the legal information for starting the computer host cannot be generated because the driver does not exist, so that whether the computer host is legally started can be judged by monitoring whether the legal information for starting the computer host exists or not.
In one embodiment, the monitoring circuit is installed in the computer host, and corresponding configuration parameters, such as monitoring period, are set. The host computer can send the legal information of the computer startup to the controller 100 through the third interface 103, and the controller 100 determines whether the legal information of the host computer startup is received, and if the legal information of the host computer startup is not received, determines that the host computer is illegally started, and further determines that the host computer is in an unsafe state. The controller 100 may be a Microcontroller Unit (MCU), a control chip, or the like. In this embodiment, the monitoring circuit further includes a power module (not shown), and the power module can supply power to the monitoring circuit to enable the monitoring circuit to work normally. The power module can be a rechargeable battery, and when the computer host is started, the computer host can charge the power module.
In an embodiment, the third interface 103 is coupled to a motherboard of a computer host, the third interface 103 may be a PCI bus, a PCIE bus, a USB interface, or a serial interface, and in an embodiment, the monitoring circuit may have a plurality of third interfaces, that is, the monitoring circuit may have a PCIE bus type third interface and a USB interface type third interface; certainly, a serial interface and the like can be further arranged, and which interface is selected to participate in the work according to actual needs. The host computer can send the legal host computer starting information to the controller 100 through the third interface 103; the controller 100 can determine whether the host computer is in a power-on state through the third interface 103.
The controller 100 determines whether the host computer is in a power-on state, and if the host computer is in the power-on state, determines whether the host computer is activated by receiving a valid message.
If the legal information of the computer host startup is received, the computer host is judged to be legal startup, namely normal startup.
If the legal information of the computer host startup is not received, the computer host is judged to be illegally started, and alarm information is generated and/or the startup is prevented.
Referring to fig. 11, fig. 11 is a schematic structural diagram of an embodiment of a computer host security monitoring circuit according to the present application. In one embodiment, the monitoring circuit further includes a fourth interface 104, the controller 100 is coupled to the fourth interface 104, and after determining that the host computer is booted illegally, the controller 100 determines whether an instruction for allowing the illegal booting is received through the fourth interface 104; if the command allowing illegal starting is not received, the computer host is judged to be in an unsafe state, and alarm information is generated and/or the starting is prevented.
Specifically, the fourth interface 104 is an IC card interface, a serial interface, a USB interface, or the like; when the authorized IC card is used, the host operating system can be started in an unsafe mode such as an optical disk or a U disk, and the computer host is safe, so that after the illegal starting of the computer host is monitored, whether the computer host is authorized to be started can be monitored, and the influence on normal use caused by misjudgment can be prevented. When the authorization instruction is not monitored, the computer host is judged to be in an unsafe state, and alarm information is generated and/or the starting is prevented.
In one embodiment, when the computer host is determined to be in the unsafe state, the controller 100 generates and sends a second alarm message to the server through the first interface 101 to remind the user that the computer host is in the unsafe state. The second alarm information comprises the steps of sending an alarm sound, recording the illegal starting time of the computer host, the illegal starting mode and the like.
Referring to fig. 12, fig. 12 is a schematic structural diagram of an embodiment of a host computer security monitoring circuit according to the present application. In one embodiment, the monitoring circuit further includes a fifth interface 105, the controller 100 is coupled to the fifth interface 105, and the fifth interface 105 is used for coupling to a host power/reset control circuit. When the host computer is determined to be in an unsafe state, the controller 100 controls the host computer to be forcibly powered off or reset by using the fifth interface 105. And meanwhile, generating a monitoring log, and locally storing or sending the monitoring log to a server. The monitoring log records the time of illegal start of the computer host, the illegal start mode and the like.
Above scheme, through setting up monitoring circuit, whether the monitoring computer host that can make things convenient for the accuracy is legal to start. The method adopts a white list method, and no matter how the BIOS is designed, the system can be monitored as long as the system is not started from an authorized operating system. The monitoring accuracy and comprehensiveness are improved, and the computer safety can be better ensured.
In practical applications, except whether the host computer is physically off-line or not, and the host computer is illegally started, the case of the host computer is opened, so that the computer is in an unsafe state. The monitoring circuit provided by the application can be used for monitoring whether the case of the computer host is opened or not besides monitoring whether the computer host is physically off-line or not and whether the computer host is legally started or not.
Referring to fig. 13, fig. 13 is a schematic structural diagram of an embodiment of a host computer security monitoring circuit according to the present application. In one embodiment, the monitoring circuit includes a sixth interface 106, the controller 100 is coupled to the sixth interface 106, the sixth interface 106 is coupled to a detection switch of the computer host case, the detection switch is used for detecting whether the computer host case is opened, and the controller 100 is further used for monitoring whether the computer host case is opened by using the sixth interface 106, so as to determine whether the computer host is in a safe state.
Specifically, a detection switch is arranged on the case cover of the computer host, and when the case cover of the computer host is closed, the detection switch can be abutted to enable the detection switch to be in an on or off state, and when the case cover is opened, the detection switch can be changed into another state. By coupling the detection switch to the sixth interface 106, the potential of the monitoring circuit is pulled high or low due to the on/off of the detection switch, and the monitoring circuit can be used to monitor whether the host case is opened.
In one embodiment, when it is detected that the computer host case is opened, the controller 100 generates and sends a third alarm message to the server through the first interface 101 to alert the user that the computer host is in an unsafe state. The third alarm information includes sending out alarm sound and recording the time and mode of opening the computer host case. By the mode, the alarm can be given in time and the user can be informed when the computer host case is opened, so that the computer safety can be better ensured.
In conclusion, the monitoring circuit for the safety of the computer host provided by the application can be used for monitoring whether the computer host is legally started or not, and can also be used for monitoring whether the computer host is physically off-line or not, whether a case of the computer host is opened or not and the like, so that the safety of the computer host can be monitored in multiple aspects.
The monitoring circuit provided by the application can be made into an independent monitor and fixedly connected with a computer host, and can also be integrated with other circuits in the computer host. For example, the monitoring circuit and the host communication circuit are integrated together, that is, the integrated monitoring circuit has the function of the original host communication circuit, so that normal network communication can be realized, the function of monitoring computer safety can also be realized, and the host communication circuit does not need to be arranged in the integrated computer host. The monitor can be an adapter which is arranged in the computer host, for example, the monitor can be made into a monitoring card which can be inserted into the computer host, and by the mode, the accuracy of the monitoring result can be improved, namely, the misjudgment caused by the separation of the monitoring card and the computer host can be avoided. In another embodiment, the monitor can also be externally connected with the computer host, and the mode can facilitate the connection of the monitor and the computer host; however, the monitor may be disconnected from the host computer to cause erroneous determination, so that the monitor may be connected to the host computer by a forced means, or a detection method may be added to improve the monitoring accuracy.
Referring to fig. 14, fig. 14 is a schematic flowchart illustrating an embodiment of a method for monitoring security of a computer host according to the present application. The present application further provides a method for monitoring computer host security, in one embodiment, the method includes the following steps:
s1401: the server establishes communication connection with the computer host.
S1402: the server judges whether monitoring data packets periodically sent by the computer host are received within preset time.
S1403: and if the server does not receive the monitoring data packet within the preset time, judging that the computer host is in an unsafe state.
The monitoring method is a processing flow of the server side in the monitoring method, and the specific implementation, principle and beneficial effects are the same as those of the above implementation, and please refer to the above description specifically, which is not described herein again.
In one embodiment, after determining that the computer host is in an unsafe state, the server generates first alarm information to remind the user that the computer host is in the unsafe state. The first alarm information comprises the steps of sending an alarm sound, recording the time of disconnecting the communication connection of the computer host, the disconnection duration of the communication connection and the like.
The present application further provides a computer host safety monitoring device, wherein the monitoring device includes a monitoring circuit, and is installed in a computer host, and can be used for monitoring computer safety, and the specific implementation, principle and beneficial effects thereof are the same as those of the above implementation, and please refer to the above description specifically, which is not repeated herein.
Referring to fig. 15, fig. 15 is a schematic structural diagram of an embodiment of a server in the present application. In an embodiment, the server includes a processor 1501 and a communication circuit 1502, the processor 1501 is coupled to the communication circuit 1502, and the processor 1502 is configured to execute the computer host security monitoring method described above.
The above description is only an embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes performed by the content of the present specification and the attached drawings, or applied to other related technical fields directly or indirectly, are included in the scope of the present invention.
Claims (21)
1. A monitoring device for the safety of a computer host is characterized in that the monitoring device is installed on the computer host and comprises a monitoring circuit, the monitoring circuit is an independent monitor fixedly connected with the computer host or is integrated with a circuit of the computer host, the monitoring circuit comprises a controller, a first interface and a power module, the controller is coupled with the first interface, the first interface is used for connecting a network cable to suggest communication connection with a server through the network, the power module is at least used for supplying power to the monitoring circuit when the computer host is shut down, the controller is used for generating a monitoring data packet and periodically sending the monitoring data packet to the server through the first interface so that the server judges whether the monitoring data packet is received within preset time or not, if the monitoring data packet is not received within the preset time, the host computer is judged to be in an unsafe state, and the step of the host computer being in the unsafe state comprises the following steps: the computer host is physically offline, and the physical offline comprises the unplugging of the network cable.
2. The apparatus of claim 1, wherein the host computer comprises a host communication circuit, and the controller is configured to periodically send the monitoring data packets to the server via the first interface independently or in cooperation with the host communication circuit.
3. The apparatus according to claim 2, wherein the monitoring circuit further comprises a switch chip, the switch chip is coupled to the controller and the first interface, respectively, and the controller is configured to periodically send the monitoring data packet to the server through the switch chip and the first interface.
4. The apparatus of claim 2, wherein the monitoring circuit further comprises a switch chip, a second interface and a third interface, the switch chip is configured to couple to the controller, the first interface and the second interface, the second interface is configured to couple to the host communication circuit, the third interface is configured to couple to the controller and the host communication circuit, and the controller is configured to periodically send the monitoring data packet to the server through the third interface, the host communication circuit, the second interface, the switch chip and the first interface.
5. The apparatus of claim 2, wherein the monitoring circuit further comprises a second interface, a third interface and a path switch, the second interface is of a different type from the third interface, the controller is coupled to the path switch and the third interface, the second interface and the third interface are respectively coupled to the host communication circuit, and the controller is configured to control the path switch to communicate the first interface with the second interface when the computer host is powered on; so that the controller periodically sends the monitoring data packet to the server through the third interface, the host communication circuit, the second interface and the first interface.
6. The apparatus according to claim 4 or 5, wherein the first interface and/or the second interface is an Ethernet interface, an optical fiber interface or a 485 serial interface; the third interface is a PCI bus, a PCIE bus, a USB interface or a serial interface.
7. The device as claimed in any one of claims 1 to 5, wherein the monitoring circuit is integrated with the host communication circuit.
8. The apparatus as claimed in claim 1, wherein the monitoring circuit further comprises a third interface, the controller is coupled to the third interface, the third interface is coupled to the motherboard of the host computer, the controller is further configured to monitor whether the legal host computer booting information is received via the third interface, and if the legal host computer booting information is not received, the host computer is determined to be booted illegally, thereby determining that the host computer is in an unsafe state.
9. The apparatus as claimed in claim 1, wherein the monitoring circuit further comprises a fourth interface, the controller is coupled to the fourth interface, and the controller is further configured to determine whether an instruction for allowing an illegal booting is received through the fourth interface after determining that the host computer is booted illegally; and if the command allowing illegal starting is not received, judging that the computer host is in an unsafe state.
10. The apparatus according to claim 9, wherein the fourth interface is an IC card interface, a serial interface or a USB interface.
11. The apparatus according to claim 8, wherein the controller is further configured to generate and send a second alarm message to the server through the first interface when the host computer is determined to be in an unsafe state; or the like, or, alternatively,
the monitoring circuit further comprises a fifth interface, the controller is coupled with the fifth interface, and the fifth interface is used for being coupled with the computer host power supply/reset control circuit; the controller is used for controlling the computer host to be forcibly shut down or reset by utilizing the fifth interface when the computer host is judged to be in an unsafe state.
12. The apparatus of claim 1, wherein the monitoring circuit further comprises a sixth interface, the controller is coupled to the sixth interface, the sixth interface is configured to be coupled to a detection switch of the host computer case, the detection switch is configured to detect whether the host computer case is opened, the controller is further configured to monitor whether the host computer case is opened by using the sixth interface, and generate and send a third alarm message to the server through the first interface when it is detected that the host computer case is opened.
13. A monitoring method for the safety of a computer host, wherein the computer host comprises a monitoring circuit, the monitoring circuit is a separate monitor fixedly connected with the computer host, or the monitoring circuit is integrated with a circuit of the computer host, the monitoring circuit comprises a controller, a first interface and a power module, the controller is coupled with the first interface, the controller is used for generating a monitoring data packet, the first interface is used for connecting a network cable, and the power module is at least used for supplying power to the monitoring circuit when the computer host is shut down, the method comprises the following steps:
the computer host establishes communication connection with the server through the first interface and the network cable;
monitoring whether the computer host is in a starting state or not;
if the computer host is in a shutdown state, the controller periodically sends the monitoring data packet to the server through the first interface;
if the computer host is in a starting state, the controller independently or cooperatively works with a host communication circuit in the computer host through the first interface to periodically send the monitoring data packet to the server;
so that the server judges whether the monitoring data packet is received within the preset time, if the monitoring data packet is not received within the preset time, the host computer is judged to be in an unsafe state, and the host computer is in the unsafe state, wherein the step of judging that the host computer is in the unsafe state comprises the following steps: the computer host is physically offline, and the physical offline comprises the unplugging of the network cable.
14. The method as claimed in claim 13, wherein the monitoring circuit further comprises a second interface, a third interface and a path switch, the second interface is of a different type from the third interface, the controller is coupled to the path switch and the third interface, and the second interface and the third interface are respectively coupled to the host communication circuit; the method comprises the following steps:
when the computer host is in a power-on state, the controller controls the access switcher to communicate the first interface with the second interface, so that the controller periodically sends the monitoring data packet to the server through the third interface, the host communication circuit, the second interface and the first interface.
15. The method as claimed in claim 13, wherein the monitoring circuit further comprises a switch chip, the switch chip is coupled to the controller and the first interface, respectively, and the method comprises:
and the controller periodically sends the monitoring data packet to the server through the switch chip and the first interface.
16. The method of claim 13, wherein the monitoring circuit further comprises a switch chip, a second interface and a third interface, the switch chip is configured to couple the controller, the first interface and the second interface, the second interface is configured to couple the host communication circuit, and the third interface is configured to couple the controller and the host communication circuit; the method comprises the following steps:
when the computer host is in a starting-up state, the controller periodically sends the monitoring data packet to the server through the third interface, the host communication circuit, the second interface, the switch chip and the first interface.
17. The method as claimed in any one of claims 13 to 16, wherein the monitoring data packet is a heartbeat data packet sent by the controller to the server or a response data packet sent by the controller in response to a query request from the server.
18. The method as claimed in claim 13, wherein the monitoring circuit further comprises a third interface, the controller is coupled to the third interface, and the third interface is coupled to the motherboard of the host computer, the method further comprising:
the controller judges whether legal information for starting the computer host is received or not;
if the controller does not receive the legal information of the computer host startup, the computer host is judged to be illegally started, and the computer host is further judged to be in an unsafe state.
19. The method as claimed in claim 18, wherein the monitoring circuit further comprises a fourth interface, the controller is coupled to the fourth interface, and the method further comprises:
after the computer host is judged to be illegally started, the controller judges whether an instruction for allowing illegal starting is received or not through the fourth interface;
and if the controller does not receive the command allowing illegal starting, judging that the computer host is in an unsafe state.
20. The method of claim 19, wherein the method comprises:
when the computer host is judged to be in an unsafe state, the controller sends second alarm information to the server through the first interface; or
The monitoring circuit further comprises a fifth interface, the controller is coupled with the fifth interface, and the fifth interface is used for being coupled with the computer host power supply/reset control circuit; and when the computer host is judged to be illegally started, the controller controls the computer host to be forcibly shut down or reset by using the fifth interface.
21. The method as claimed in claim 13, wherein the monitoring circuit further comprises a sixth interface, the controller is coupled to the sixth interface, the sixth interface is configured to be coupled to a detection switch of the computer host case, the detection switch is configured to detect whether the computer host case is opened, and the method further comprises:
the controller monitors whether the computer host case is opened or not by using the sixth interface;
and if the situation that the computer host case is opened is monitored, the controller sends third alarm information to the server through the first interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711096897.2A CN108038037B (en) | 2017-11-08 | 2017-11-08 | Monitoring method and monitoring device for computer host safety and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711096897.2A CN108038037B (en) | 2017-11-08 | 2017-11-08 | Monitoring method and monitoring device for computer host safety and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108038037A CN108038037A (en) | 2018-05-15 |
| CN108038037B true CN108038037B (en) | 2021-12-10 |
Family
ID=62092781
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711096897.2A Expired - Fee Related CN108038037B (en) | 2017-11-08 | 2017-11-08 | Monitoring method and monitoring device for computer host safety and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108038037B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1690977A (en) * | 2004-04-29 | 2005-11-02 | 联想(北京)有限公司 | Device and method for monitoring and indicating health state of a computer |
| CN106982148A (en) * | 2016-01-19 | 2017-07-25 | 中国移动通信集团浙江有限公司 | A kind of server is delayed the monitoring method of machine, apparatus and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040139194A1 (en) * | 2003-01-10 | 2004-07-15 | Narayani Naganathan | System and method of measuring and monitoring network services availablility |
| CN106470182A (en) * | 2015-08-14 | 2017-03-01 | 威海兴达信息科技有限公司 | A kind of webserver on-line monitoring system |
-
2017
- 2017-11-08 CN CN201711096897.2A patent/CN108038037B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1690977A (en) * | 2004-04-29 | 2005-11-02 | 联想(北京)有限公司 | Device and method for monitoring and indicating health state of a computer |
| CN106982148A (en) * | 2016-01-19 | 2017-07-25 | 中国移动通信集团浙江有限公司 | A kind of server is delayed the monitoring method of machine, apparatus and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108038037A (en) | 2018-05-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7080285B2 (en) | Computer, system management support apparatus and management method | |
| US10515040B2 (en) | Data bus host and controller switch | |
| CN103748569B (en) | The system and method without driving operation of USB device | |
| US9645954B2 (en) | Embedded microcontroller and buses | |
| US8266457B2 (en) | Data processing device and method for switching states thereof | |
| EP2472402B1 (en) | Remote management systems and methods for mapping operating system and management controller located in a server | |
| CN110472421B (en) | Mainboard and firmware safety detection method and terminal equipment | |
| TW201222226A (en) | Remote motherboard controller and method for controlling a remote motherboard | |
| EP3035187B1 (en) | Hard disk and management method | |
| US20150082063A1 (en) | Baseboard management controller state transitions | |
| US10365840B2 (en) | System and method for providing a secure airborne network-attached storage node | |
| US8578182B2 (en) | Power lock-up setting method performed by baseboard management controller and electronic apparatus using the same | |
| CN102880527B (en) | Data recovery method of baseboard management controller | |
| CN101373433A (en) | Method for updating BIOS and computer and system using the same | |
| US20180210783A1 (en) | Information processing apparatus, control method of the same, and storage medium | |
| US6609207B1 (en) | Data processing system and method for securing a docking station and its portable PC | |
| US7523332B2 (en) | Interface module with on-board power-consumption monitoring | |
| JP2005519392A (en) | Monitoring and replacement method for peripheral data storage unit | |
| CN107111568A (en) | System and method for driver installation file to be presented when enabling USB equipment | |
| US7124235B2 (en) | USB apparatus with switchable host/hub functions and control method thereof | |
| CN112783721B (en) | Method, device and system for monitoring I2C bus and storage medium | |
| CN108038037B (en) | Monitoring method and monitoring device for computer host safety and server | |
| CN113785322A (en) | Terminal lending system | |
| CN114443148B (en) | Method for centrally managing server starting disk and server | |
| US10795423B2 (en) | Electronic apparatus with power saving mode, control method thereof, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20211210 |