CN108696541A - The method and device of safe processing of communication network - Google Patents

The method and device of safe processing of communication network Download PDF

Info

Publication number
CN108696541A
CN108696541A CN201810806498.9A CN201810806498A CN108696541A CN 108696541 A CN108696541 A CN 108696541A CN 201810806498 A CN201810806498 A CN 201810806498A CN 108696541 A CN108696541 A CN 108696541A
Authority
CN
China
Prior art keywords
communication network
access
network
net
flow management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810806498.9A
Other languages
Chinese (zh)
Inventor
孙少华
杨林慧
朱靖
杨有霞
陈义军
肖华
张燕燕
麻佳琪
李智年
王雄
唐玉萍
张广德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Qinghai Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Qinghai Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Qinghai Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Qinghai Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Qinghai Electric Power Co Ltd, Information and Telecommunication Branch of State Grid Qinghai Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201810806498.9A priority Critical patent/CN108696541A/en
Publication of CN108696541A publication Critical patent/CN108696541A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of method and device of safe processing of communication network.Wherein, pending target data communication network includes the access network of multiple predeterminable areas and outer net internet, this method include:Firewall box is disposed on the boundary of the access net of target data communication network predeterminable area, wherein fire wall is for implementing preset prevention policies;Increase abnormal flow management in information outer net the Internet boundaries and resist exhausted service equipment, wherein abnormal flow management is used to identify the attack traffic for attacking network from network flow with exhausted service equipment is resisted.The data communication network that the present invention solves Utilities Electric Co. in the prior art lacks the technical issues of abnormal flow management is with anti-mass service system with rejection.

Description

The method and device of safe processing of communication network
Technical field
The present invention relates to the communications fields, in particular to a kind of method and device of safe processing of communication network.
Background technology
The full mesh topology of State Grid Qinghai Electric Power Company's data communication network is illustrated in fig. 1 shown below, and Qinghai electric power saving is netted by state at present The firewall box of company data communication network is only deployed in information systems boundary and the ground such as marketing, ERP, integrated data center City corporate lan boundary, therefore network termination, part independent information in the interior metropolitan area extension constituent parts information off the net of provincial company access net The affiliated company of county of system realm and prefectures and cities, business office, substation information Intranet terminal device are unable to get effective peace Full protection.
And in terms of the outer net safety protective of company information, information outer net the Internet boundaries are completed active and standby dual link redundancy mould Formula, and load balancing, fire wall, network log-in management, IPS, flow control, mail audit etc. are deployed respectively in main/slave link Underlying security safeguard.It is as shown in Figure 2 that information outer net exports topological diagram.
As seen from the figure, though existing information outer net deploys a certain number of underlying security safeguards, but still lack exception Traffic management ensures all kinds of outside access traffic securities and DDOS attack protective capacities with anti-mass service system with rejection.
Lack abnormal flow management and anti-mass service system with rejection for the data communication network of Utilities Electric Co. in the prior art The problem of, currently no effective solution has been proposed.
Invention content
An embodiment of the present invention provides a kind of method and device of safe processing of communication network, at least to solve the prior art The data communication network of middle Utilities Electric Co. lacks the technical issues of abnormal flow management is with anti-mass service system with rejection.
One side according to the ... of the embodiment of the present invention provides a kind of security processing of communication network, pending Target data communication network includes the access network and outer net internet of multiple predeterminable areas, the security processing of communication network Including:Firewall box is disposed on the boundary of the access net of target data communication network predeterminable area, wherein fire wall is for real Apply preset prevention policies;Increase abnormal flow management in information outer net the Internet boundaries and resist exhausted service equipment, wherein is different Normal flow management is used to identify the attack traffic for attacking network from network flow with exhausted service equipment is resisted.
Further, prevention policies, including:Allow to access net Outside Access;Determine whether to permit according to Operational Visit demand Perhaps it internally accesses.
Further, fire wall is 10,000,000,000 fire walls.
Further, increase abnormal flow management in information outer net the Internet boundaries and resist exhausted service equipment, including:It will Operator's link cutover abnormal flow management in target data communication network and the exhausted service equipment of resistance.
Further, increasing abnormal flow management with exhausted service equipment is resisted in information outer net the Internet boundaries further includes: Load-balancing device will be increased in operator's link in target data communication network.
Further, abnormal flow management is standard configuration dual redundant power supply with exhausted service equipment is resisted, and handling capacity is more than or waits In 4Gbpss.
One side according to the ... of the embodiment of the present invention provides a kind of secure processing device of communication network, pending Target data communication network includes the access network and outer net internet of multiple predeterminable areas, the secure processing device of communication network Including:Firewall box is disposed on setup module, the boundary for the access net in target data communication network predeterminable area, In, fire wall is for implementing preset prevention policies;Increase module, for increasing abnormal flow in information outer net the Internet boundaries Management and the exhausted service equipment of resistance, wherein abnormal flow management is used to identify from network flow with exhausted service equipment is resisted Attack traffic for attacking network.
Further, prevention policies, including:Allow to access net Outside Access;Determine whether to permit according to Operational Visit demand Perhaps it internally accesses.
One side according to the ... of the embodiment of the present invention provides a kind of storage medium, and storage medium includes the program of storage, Wherein, equipment perform claim requires the peace of any one of 1 to 7 communication network where controlling storage medium when program is run Full processing method.
One side according to the ... of the embodiment of the present invention provides a kind of processor, and processor is for running program, wherein Perform claim requires the security processing of any one of 1 to 7 communication network when program is run.
Boundary is netted in multiple accesses in the embodiment of the present invention and firewall box is disposed with active-standby mode, and configure comprehensively and effectively Prevention policies and active and standby two-shipper mechanism, it is ensured that it accesses various information Intranet system, terminal within the scope of net and obtains effective and safe Protection, and increase abnormal flow management and anti-mass service system with rejection in information outer net the Internet boundaries, from complicated network flow In precisely identify various known and unknown Denial of Service attack flows, and being capable of real time filtering and cleaning, it is ensured that network takes The normal access of business.
Description of the drawings
Attached drawing described herein is used to provide further understanding of the present invention, and is constituted part of this application, this hair Bright illustrative embodiments and their description are not constituted improper limitations of the present invention for explaining the present invention.In the accompanying drawings:
Fig. 1 is a kind of full mesh topology figure of Qinghai electric power data communication network according to prior art;
Fig. 2 is the topological diagram that a kind of information outer net exports according to prior art;
Fig. 3 is the flow chart of the security processing of communication network according to the ... of the embodiment of the present invention;
Fig. 4 is a kind of topological diagram of information outer net outlet according to the ... of the embodiment of the present invention;
Fig. 5 is the whole business network Organization Chart after a kind of deployment fire wall according to the ... of the embodiment of the present invention;And
Fig. 6 is the schematic diagram according to a kind of secure processing device of communication network of the embodiment of the present application.
Specific implementation mode
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The every other embodiment that member is obtained without making creative work should all belong to the model that the present invention protects It encloses.
It should be noted that term " first " in description and claims of this specification and above-mentioned attached drawing, " Two " etc. be for distinguishing similar object, without being used to describe specific sequence or precedence.It should be appreciated that using in this way Data can be interchanged in the appropriate case, so as to the embodiment of the present invention described herein can in addition to illustrating herein or Sequence other than those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover It includes to be not necessarily limited to for example, containing the process of series of steps or unit, method, system, product or equipment to cover non-exclusive Those of clearly list step or unit, but may include not listing clearly or for these processes, method, product Or the other steps or unit that equipment is intrinsic.
Embodiment 1
According to embodiments of the present invention, a kind of embodiment of the security processing of communication network is provided, needs to illustrate It is that step shown in the flowchart of the accompanying drawings can execute in the computer system of such as a group of computer-executable instructions, Also, although logical order is shown in flow charts, and it in some cases, can be to be executed different from sequence herein Shown or described step.
Fig. 3 is the flow chart of the security processing of communication network according to the ... of the embodiment of the present invention, pending number of targets Include the access network and outer net internet of multiple predeterminable areas according to communication network, as shown in figure 3, this method includes following step Suddenly:
Step S302 disposes firewall box on the boundary of the access net of target data communication network predeterminable area, wherein Fire wall is for implementing preset prevention policies.
Specifically, above-mentioned target data communication network can be Qinghai Electric Power Corporation's data communication network, predeterminable area Access net can access selvage circle and prefecture-level company in company data communication network provincial company to access net.
In a kind of optional embodiment, net and Xining, Hai Dong, yellow, Hainan, Hai Bei, sea can be accessed in provincial company The traffic border that 8 west, Golog, cajaput districts and cities' accesses are netted carries out fire wall deployment in the form of active and standby, and structure is single to access net The general safety protection of position.
Above-mentioned steps metropolitan area out of the needs of company information inherently safe, data communication network provincial company access net is off the net Hang network termination in constituent parts information, part independent information system realm and company of access net affiliated county of prefectures and cities, business office, change Power station information Intranet terminal device is unable to get effective security protection.The network security situation being becoming tight day is faced, to upper The effective security protection of blind spot progress for not carrying out security protection is stated as important need.Therefore it in order to reach the target, needs Selvage circle, prefecture-level company's access selvage circle deployment firewall box are accessed in company data communication network provincial company, it is ensured that reach complete The effective security protection requirement in face.
Step S304 increases abnormal flow management in information outer net the Internet boundaries and resists exhausted service equipment, wherein is different Normal flow management is used to identify the attack traffic for attacking network from network flow with exhausted service equipment is resisted.
Above-mentioned steps are respectively disposed abnormal flow management in information outer net Internet exportation main/slave link and are set with service absolutely is resisted It is standby, promote the Internet boundaries safety protection level.
From the foregoing, it will be observed that the above embodiments of the present application net boundary in multiple accesses disposes firewall box with active-standby mode, and match Set comprehensively and effectively prevention policies and active and standby two-shipper mechanism, it is ensured that it accesses various information Intranet system, terminal within the scope of net and obtains Increase abnormal flow management and anti-mass service system with rejection to the protection of effective and safe, and in information outer net the Internet boundaries, from numerous Precisely identify various known and unknown Denial of Service attack flows in miscellaneous network flow, and being capable of real time filtering and clear It washes, it is ensured that the normal access of network service.
As a kind of optional embodiment, prevention policies, including:Allow to access net Outside Access;According to Operational Visit need It asks and determines whether internally to access.
Allow to access net Outside Access allows access net to access internet data, internal access strategy then basis for indicating Operational Visit demand determines that Operational Visit demand as internally accesses the business belonging to requested data.Such as:It can set Setting allows accessed data and does not allow accessed data, if internally access requested data be allow it is accessed Data then allow the request internally to access.
As a kind of optional embodiment, fire wall is 10,000,000,000 fire walls.
Specifically, 10,000,000,000 fire walls of selection, for ensureing overall network performance.
As a kind of optional embodiment, increases abnormal flow management in information outer net the Internet boundaries and resist service absolutely Equipment, including:By in target data communication network operator's link cutover abnormal flow management with resist exhausted service equipment.
As a kind of optional embodiment, increases abnormal flow management in information outer net the Internet boundaries and resist service absolutely Equipment further includes:Load-balancing device will be increased in operator's link in target data communication network.
In a kind of optional embodiment, still by taking above-mentioned Qinghai Electric Power Corporation's data communication network as an example, in this implementation In example, two abnormal flow management and anti-mass service system with rejection are disposed at information outer net the Internet boundaries general export, will be led respectively Cutover then accesses load-balancing device to the equipment one by one for all operator's links on standby link.It is configured by equipment strategy Realize flow cleaning and the DDOS defence in each outer net internet channel.It builds up shown in rear outer net outlet topological diagram 4.
As a kind of optional embodiment, abnormal flow management is standard configuration dual redundant power supply with exhausted service equipment is resisted, and is gulped down The amount of spitting is greater than or equal to 4Gbpss.
In the following, illustrating said program so that one kind is detailed.In this example, still logical with Qinghai Electric Power Corporation's data For communication network, construction object be:
(1) net and 8 Xining, Hai Dong, yellow, Hainan, Hai Bei, Hai Xi, Golog, cajaput districts and cities' accesses are accessed in provincial company The traffic border of net carries out fire wall deployment in the form of active and standby, builds the general safety protection as unit of accessing net.
(2) in the deployment abnormal flow management of information outer net the Internet boundaries and anti-mass service system with rejection, interconnection selvage is promoted Boundary's safety protection level.
1, construction content
(1) it is directed to provincial company access net and 8 Xining, Hai Dong, yellow, Hainan, Hai Bei, Hai Xi, Golog, cajaput districts and cities connects It networks, accesses selvage circle at it respectively and firewall box is disposed with active-standby mode, and configure comprehensively and effectively prevention policies and master Standby two-shipper mechanism, it is ensured that it accesses various information Intranet system, terminal within the scope of net and obtains the protection of effective and safe.
(2) increase abnormal flow management and anti-mass service system with rejection in information outer net the Internet boundaries, from complicated network Precisely identify various known and unknown Denial of Service attack flows in flow, and being capable of real time filtering and cleaning, it is ensured that net The normal access of network service.
2, scope of project
The range that is related to of this example fire wall deployment includes provincial company and 8 electric companies of districts and cities, totally 9 websites.It is abnormal Traffic management is deployed in anti-mass service system with rejection at provincial company information outer net uniform outlet.
3, technical solution
3.1 fire wall deployment schemes
(1) this project is in the backbone network business VPN and access network service VPN of data communication network construction logic, backbone network industry VPN and each access network service VPN be engaged in the access net core node structure network interconnection, and is realized by fire wall in Interconnected Border Security protection.Whole business network framework after fire wall deployment is as shown in figure 5, it is newly-increased fire wall to mark red position.
It accesses net fire wall and uses three layers of deployment mode, and control the access path of business by routing policy.
Firewall policy Arranging principles are:Allow to access net Outside Access;According to Operational Visit demand, precise deployment is internal Access strategy.
(2) the access net fire prevention of concentration security protection product of the fire wall in this project as access net, wherein provincial company Wall carries out security protection, prefecture-level company's access net fire prevention to provincial company data center, provincial company LAN, provincial company subordinate unit Wall carries out security protection to all websites such as company home office of districts and cities and affiliated company of county, substation and power supply station, considers simultaneously It is the importance of two gigabit circuits and fire wall to require backbone network wide area circuit to state's net, therefore, in order to ensure that overall network Can, select 10,000,000,000 high-end fire walls as each access net perimeter firewall.
3.2 abnormal flow management and anti-mass service system with rejection deployment scheme
This project disposes two abnormal flow management at information outer net the Internet boundaries general export System, by all operator's links on main/slave link, cutover then accesses load-balancing device to the equipment one by one respectively.By setting Flow cleaning and the DDOS defence in each outer net internet channel are realized in standby strategy configuration.Build up rear outer net outlet topological diagram 4 It is shown.
The equipment that above-mentioned example actual demand needs is as shown in Table 1.
Table one
Embodiment 2
According to embodiments of the present invention, a kind of embodiment of the secure processing device of communication network, pending mesh are provided Mark data communication network includes the access network and outer net internet of multiple predeterminable areas, and Fig. 6 is according to the embodiment of the present application A kind of schematic diagram of the secure processing device of communication network, in conjunction with shown in Fig. 6,
Setup module 60, the boundary deployment fire wall for the access net in target data communication network predeterminable area are set It is standby, wherein the fire wall is for implementing preset prevention policies.
Increase module 62, for increasing abnormal flow management in information outer net the Internet boundaries and resisting exhausted service equipment, Wherein, the abnormal flow management is used to identified from network flow for attacking the network with exhausted service equipment is resisted Attack traffic.
As a kind of optional embodiment, prevention policies, including:Allow the access net Outside Access;It is visited according to business The demand of asking determines whether internally to access.
Embodiment 3
According to embodiments of the present invention, a kind of storage medium is provided, storage medium includes the program of storage, wherein in journey Equipment where controlling storage medium when sort run executes the security processing of communication network described in embodiment 1.
Embodiment 4
According to embodiments of the present invention, a kind of processor is provided, which is characterized in that processor is for running program, wherein Program executes the security processing of communication network described in embodiment 1 when running.
The embodiments of the present invention are for illustration only, can not represent the quality of embodiment.
In the above embodiment of the present invention, all emphasizes particularly on different fields to the description of each embodiment, do not have in some embodiment The part of detailed description may refer to the associated description of other embodiment.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, for example, the unit division, Ke Yiwei A kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component can combine or Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual Between coupling, direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, unit or module It connects, can be electrical or other forms.
The unit illustrated as separating component may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple On unit.Some or all of unit therein can be selected according to the actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can be stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or network equipment etc.) execute each embodiment the method for the present invention whole or Part steps.And storage medium above-mentioned includes:USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD etc. are various can to store program code Medium.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (10)

1. a kind of security processing of communication network, which is characterized in that pending target data communication network includes multiple The access network and outer net internet of predeterminable area, wherein the security processing of the communication network includes:
Firewall box is disposed on the boundary of the access net of target data communication network predeterminable area, wherein the fire wall is used In the preset prevention policies of implementation;
Increase abnormal flow management in information outer net the Internet boundaries and resist exhausted service equipment, wherein the exception stream buret Reason is used to identify the attack traffic for attacking the network from network flow with exhausted service equipment is resisted.
2. according to the method described in claim 1, it is characterized in that, the prevention policies, including:
Allow the access net Outside Access;
It determines whether internally to access according to Operational Visit demand.
3. according to the method described in claim 1, it is characterized in that, the fire wall is 10,000,000,000 fire walls.
4. according to the method described in claim 1, it is characterized in that, increasing abnormal flow management in information outer net the Internet boundaries With resist exhausted service equipment, including:
By abnormal flow management described in operator's link cutover in the target data communication network and the exhausted service equipment of resistance.
5. according to the method described in claim 1, it is characterized in that, increasing abnormal flow management in information outer net the Internet boundaries Further include with exhausted service equipment is resisted:
Load-balancing device will be increased in operator's link in the target data communication network.
6. according to the method described in claim 5, it is characterized in that, the abnormal flow management is marked with exhausted service equipment is resisted With dual redundant power supply, handling capacity is greater than or equal to 4Gbpss.
7. a kind of secure processing device of communication network, which is characterized in that pending target data communication network includes multiple The access network and outer net internet of predeterminable area, wherein the secure processing device of the communication network includes:
Firewall box is disposed on setup module, the boundary for the access net in target data communication network predeterminable area, wherein The fire wall is for implementing preset prevention policies;
Increase module, for increasing abnormal flow management in information outer net the Internet boundaries and resisting exhausted service equipment, wherein institute It states abnormal flow management and is used to identify the attack stream for attacking the network from network flow with exhausted service equipment is resisted Amount.
8. device according to claim 7, which is characterized in that the prevention policies, including:Allow the access net external It accesses;It determines whether internally to access according to Operational Visit demand.
9. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program When control the storage medium where equipment perform claim require the safe handling of the communication network described in any one of 1 to 6 Method.
10. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run Profit requires the security processing of the communication network described in any one of 1 to 6.
CN201810806498.9A 2018-07-20 2018-07-20 The method and device of safe processing of communication network Pending CN108696541A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810806498.9A CN108696541A (en) 2018-07-20 2018-07-20 The method and device of safe processing of communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810806498.9A CN108696541A (en) 2018-07-20 2018-07-20 The method and device of safe processing of communication network

Publications (1)

Publication Number Publication Date
CN108696541A true CN108696541A (en) 2018-10-23

Family

ID=63850768

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810806498.9A Pending CN108696541A (en) 2018-07-20 2018-07-20 The method and device of safe processing of communication network

Country Status (1)

Country Link
CN (1) CN108696541A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113422783A (en) * 2021-07-09 2021-09-21 深圳市高德信通信股份有限公司 Network attack protection method
WO2022205907A1 (en) * 2021-03-29 2022-10-06 中国电信股份有限公司 Method, apparatus and system for mitigating denial-of-service attack

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101414927A (en) * 2008-11-20 2009-04-22 浙江大学 Alarm and response system for inner-mesh network aggression detection
CN103139184A (en) * 2011-12-02 2013-06-05 中国电信股份有限公司 Intelligent network firewall device and network attack protection method
CN105991647A (en) * 2016-01-21 2016-10-05 李明 Data transmission method
CN106027463A (en) * 2016-01-21 2016-10-12 李明 Data transmission method
CN106027466A (en) * 2016-01-21 2016-10-12 李明 Identity card cloud authentication system and card reading system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101414927A (en) * 2008-11-20 2009-04-22 浙江大学 Alarm and response system for inner-mesh network aggression detection
CN103139184A (en) * 2011-12-02 2013-06-05 中国电信股份有限公司 Intelligent network firewall device and network attack protection method
CN105991647A (en) * 2016-01-21 2016-10-05 李明 Data transmission method
CN106027463A (en) * 2016-01-21 2016-10-12 李明 Data transmission method
CN106027466A (en) * 2016-01-21 2016-10-12 李明 Identity card cloud authentication system and card reading system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
潘霄 等: "《电力信息安全工程技术实战指南》", 30 September 2016 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022205907A1 (en) * 2021-03-29 2022-10-06 中国电信股份有限公司 Method, apparatus and system for mitigating denial-of-service attack
CN113422783A (en) * 2021-07-09 2021-09-21 深圳市高德信通信股份有限公司 Network attack protection method

Similar Documents

Publication Publication Date Title
CN103930873B (en) The configuration of the interface based on dynamic strategy for virtualized environment
Markiewicz et al. Energy consumption optimization for software defined networks considering dynamic traffic
CN103607432B (en) A kind of method and system of network creation and the network control center
CN112272145B (en) Message processing method, device, equipment and machine readable storage medium
CN105991738B (en) Method and system across security domain resource-sharing in a kind of cloud resource pond
SG178692A1 (en) Systems and methods for a multi-tenant system providing virtual data centers in a cloud configuration
CN103152282A (en) Single logical network interface for advanced load balancing and fail-over functionality
CN107346259A (en) A kind of implementation method of Dynamical Deployment security capabilities
CN108696541A (en) The method and device of safe processing of communication network
CN110798459B (en) Multi-safety-node linkage defense method based on safety function virtualization
CN105577675A (en) Multi-tenant resource management method and device
CN106549780A (en) A kind of network collocating method, apparatus and system
CN106301843A (en) A kind of cloud platform safeguards system and method
CN107204909A (en) Build system, the method and apparatus of power dispatch data network
CN107241745B (en) Construct the methods, devices and systems of network
CN107659582B (en) Deep defense system for effectively treating APT attack
CN104050038A (en) Virtual machine migration method based on policy perception
CN101917414B (en) BGP (Border Gateway Protocol) classification gateway device and method for realizing gateway function by using same
CN107465589A (en) The method for building up and device of electric power data communication network
CN105491061A (en) Access control system and method
CN107645458A (en) Three-tier message drainage method and controller
CN202406144U (en) Software as a Service (SaaS) integrated management system
CN114422196B (en) Network target range safety management and control system and method
CN107528724A (en) A kind of optimized treatment method and device of node cluster
CN207518625U (en) A kind of depth defense system for successfully managing APT attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181023