CN108965317B - Network data protection system - Google Patents

Network data protection system Download PDF

Info

Publication number
CN108965317B
CN108965317B CN201810873801.7A CN201810873801A CN108965317B CN 108965317 B CN108965317 B CN 108965317B CN 201810873801 A CN201810873801 A CN 201810873801A CN 108965317 B CN108965317 B CN 108965317B
Authority
CN
China
Prior art keywords
module
management
alarm
network
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810873801.7A
Other languages
Chinese (zh)
Other versions
CN108965317A (en
Inventor
璧典寒
赵亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Zhengcai Data Technology Co ltd
Original Assignee
Jiangsu Zhengcai Data Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Zhengcai Data Technology Co ltd filed Critical Jiangsu Zhengcai Data Technology Co ltd
Priority to CN201810873801.7A priority Critical patent/CN108965317B/en
Publication of CN108965317A publication Critical patent/CN108965317A/en
Application granted granted Critical
Publication of CN108965317B publication Critical patent/CN108965317B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/10Tax strategies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Biomedical Technology (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • Power Engineering (AREA)
  • General Business, Economics & Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of network security, in particular to a network data protection system, which comprises hardware and software, wherein the hardware comprises a plurality of clients, the software comprises an information system entry security management system and a service system, and the information system entry security management system receives files from the service system; the hardware is connected with an identity authentication device or the software is provided with an identity authentication module, and the identity authentication device or the identity authentication module controls the starting of an information system entrance security management system and a service system; the information system entrance security management system comprises a data security area and a cloud disk, wherein the data security area is used for storing files downloaded from the service system, and the cloud disk is used for switching the files stored in the data security area. The business system comprises an online management module, a query module, an alarm module, an equipment management module, a safety control module and a task pushing module. The invention has the effect of preventing the downloaded core data from being leaked and tampered, and is well documented.

Description

Network data protection system
Technical Field
The invention relates to the technical field of network security, in particular to a network data protection system.
Background
With the comprehensive and deep development of tax information construction of a local tax bureau and the online operation of important systems such as a gold tax three-phase system and the like, a large amount of data is stored in various tax business information systems, and the data plays an important role in tax management and service. Under the background that 'internet + tax' and 'big data tax administration' wave come, data increasingly becomes the core of tax work and technical management.
The existing Chinese patent with publication number CN107248975A discloses an APT monitoring and defense system based on big data analysis, which comprises a data acquisition layer, an information preprocessing layer, a comprehensive analysis and data storage layer and an expression layer; the data acquisition layer is connected with the information preprocessing layer, the information preprocessing layer is connected with the comprehensive analysis and data storage layer, and the comprehensive analysis and data storage layer is connected with the presentation layer; the data acquisition layer acquires local data of the terminal and network data. The invention can be used for information network security defense of finance, industry and commerce, tax, party administration and the like, has multiple functions of information flow detection and alarm, operation process supervision and audit, data recovery and recovery support and the like, ensures legal communication of a normal business application system, and protects driving for information security infrastructure and important network information systems.
However, the downloaded data information is stored in the computer at the operation end, but the data information downloaded by the computer at the operation end is easy to leak or be tampered, so how to prevent the downloaded core data from being leaked and tampered, which becomes a technical problem to be solved continuously.
Disclosure of Invention
The invention aims to provide a network data protection system which has the effect of preventing downloaded core data from being leaked and tampered.
The technical purpose of the invention is realized by the following technical scheme:
a network data protection system comprises hardware and software, wherein the hardware comprises a plurality of clients, the software comprises an information system entry security management system and a service system, and the information system entry security management system receives files from the service system; the information system entrance safety management system and the service system are arranged on each client; the hardware is connected with an identity authentication device or the software is provided with an identity authentication module, and the identity authentication device or the identity authentication module controls the starting of an information system entrance security management system and a service system; the information system entrance security management system comprises a data security area and a cloud disk, wherein the data security area is used for storing files downloaded from a service system, and the cloud disk is used for switching the files stored in the data security area.
By adopting the technical scheme, the information system entry security management system verifies the identity of the user through the biometric identification technology fingerprint, and authorizes the user to enter the service system after identifying the identity of the user. Data downloaded from the business system may be stored in a data security environment. A user who does not pass authentication cannot read, copy, propagate, and delete protected files in a data security environment. After the protected file is separated from the data security environment, the protected file is opened, and only encrypted messy codes can be seen. Thereby playing a role in preventing the downloaded core data from being leaked and tampered.
Further, the identity authentication device is a fingerprint acquisition instrument or a UKEY.
By adopting the technical scheme, when the user accesses the software system, the user identity information is verified, and the background can check the user operation behavior after the verification passes the access service system. An identity authentication system is established by using a fingerprint authentication technology and a digital certificate technology, so that the safety of files is ensured, and the files are prevented from being leaked and maliciously tampered by people.
Further, the identity authentication module is a short message password authentication module.
By adopting the technical scheme, when a user accesses the software system, the identity of the user is verified through a mode of adding a password to the mobile phone, and the user can obtain the post role and the system operable authority after the user passes the mode, so that the safety of the data file is ensured, and the data file is prevented from being leaked and maliciously tampered by people.
Furthermore, the business system comprises an online management module, an inquiry module, an alarm module, an equipment management module, a safety control module and a task pushing module;
the online management module is used for counting the online personnel condition;
the query module is used for auditing the terminal user behavior;
the equipment management module is used for managing equipment installation;
the safety control module is used for software network control;
the alarm module is used for alarming the change of illegal operation and use environment;
the task pushing module is used for distributing and managing client files and software.
By adopting the technical scheme, a brand-new service system is adopted, the service system collects audit records of various behaviors of the user, intelligently analyzes and refines collected user behavior data, establishes a systematic intelligent analysis data model for the user, and realizes intelligent supervision and early warning of the audit behaviors of the user.
Furthermore, the online management module is composed of an online statistical database, and the online axis database is provided with tree-shaped hierarchies which respectively comprise a first-level department online list and a second-level personnel online list.
By adopting the technical scheme, the user can perform online real-time query according to departments, personnel and the like, and the service condition of the service system in a certain period of time is shown. Therefore, after knowing the online condition, the user can interact in time and collaboratively fill, check or modify the data file. Meanwhile, the administrator can also send the file to the online client through the task pushing module.
Furthermore, the query module comprises a log metadata module, a statistical form module and a data security module;
the log metadata module is used for recording the use state;
the statistical report module is used for counting storage use conditions;
the data security module is used for counting the output times of the data.
By adopting the technical scheme, the business system records and stores all information and then provides query, counts the times of query data, performs comprehensive audit and analysis, prevents illegal operation as much as possible and realizes that each node can trace.
Further, the log metadata module comprises a controlled application access log list, a controlled file use log list, a controlled terminal login log list, a safe disk use log list and a USB use log list.
By adopting the technical scheme, the service system log metadata module can record the computer use log and the internet behavior log of the client in detail, which is helpful for helping a manager to know the daily use condition of the client in time, and further, the illegal operation can be well documented through the examination of the log record.
Furthermore, the data security module comprises statistics of times of operating the security disk, statistics of times of operating the cloud disk, statistics of times of outputting files, login times of the controlled terminal, statistics of client installation, statistics of fingerprint instrument installation and statistics of UKEY installation.
By adopting the technical scheme, the data security module audits internal operation and behaviors possibly related to data output in the use of an external terminal, audited data are displayed in a time axis and classification mode, illegal operation is prevented as much as possible through examination of the data security module, and further, the data security module is well documented and verifiable.
Further, the alarm module comprises an illegal website access alarm, an illegal program use alarm, an illegal IP access alarm, a file outgoing alarm, a system security alarm, an IP address change alarm, a hardware asset change alarm and a software asset change alarm.
By adopting the technical scheme, the traditional monitoring range and the alarm range are expanded, the alarm is given to each behavior which is possibly caused by data leakage, tampering or illegal operation, and the safety of the system is improved.
Further, the task pushing module comprises a file distribution pushing module and a software distribution pushing module.
By adopting the technical scheme, the service system software provides the functions of file distribution and software distribution for a large network, the file or software program file to be distributed is uploaded, the computer to be distributed is selected, the distribution task is clicked and saved, and the file distribution task is automatically executed after the client is started on line. Therefore, the familiar users are selected by the administrator, and the receivers can log in the online users through the service system authentication, so that double guarantee is achieved, and the file distribution safety is improved.
In conclusion, the invention has the following beneficial effects:
1. through two identity verification devices and/or one identity verification module, multiple binding authentication is realized, the communication of people, equipment, posts and authorities is achieved, and the system operation and management are integrated;
2. the data security area and the cloud disk are arranged to complete the improvement of the file downloading function, so that the files of a user can be safely circulated and are not easy to leak and tamper;
3. by the log unit module, the service condition in the system and the external terminal are audited and analyzed, the problem that the traditional network only pays attention to internal operation or local terminals is solved, illegal operation is prevented as much as possible, and the record and the check are further realized;
4. the auditing data are displayed in a time shaft mode through a brand new business system, and on the basis of collecting and stacking various user behavior auditing records, collected user behavior data are intelligently analyzed and refined, so that a systematic intelligent analysis data model is established for a user, and intelligent supervision and early warning of user auditing behaviors are realized.
Drawings
FIG. 1 is a schematic diagram of an embodiment for embodying a hardware structure;
FIG. 2 is a schematic diagram of a framework for embodying a software system in an embodiment;
fig. 3 is a schematic diagram of a framework for embodying a business system in an embodiment.
In the figure, 1, client; 2. an identity verification device; 3. a business system; 31. an identity verification module; 32. an online management module; 33. a query module; 331. a log metadata module; 332. a statistical reporting module; 333. a data security module; 34. a device management module; 35. a safety control module; 36. an alarm module; 37. a task pushing module; 371. a file distribution pushing module; 372. a software distribution pushing module; 4. an information system entry security management system; 41. a data security zone; 42. a cloud disk; 43. an encryption module; 44. a recording module; 45. and a watermarking module.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
Example (b):
as shown in fig. 1, the present embodiment provides a network data protection system, which includes hardware and software, where the hardware includes a plurality of clients 1. The client 1 is accessed with a biological identification device and/or a password device, verifies the identity and the position of personnel and authorizes the operation authority of a user. In addition, an identity authentication module 31 is also provided in the software system, and when no external authentication device is accessed, the identity of the user to be logged in is authenticated. Thus, one or more verification modes are selected from the three modes, so that the communication among people, terminal equipment, posts and use authorities is achieved.
As shown in fig. 2, software is installed on each client 1, and the software includes an information system portal security management system 4 and a service system 3. The information system portal security management system 4 receives files from the business system 3.
As shown in fig. 2, the information system entry security management system 4 includes a data security area 41 and a cloud disk 42, where the data security area 41 stores files downloaded from the service system 3, and the cloud disk 42 transfers files stored in the data security area 41. When the system is used, a user logs in the private cloud disk 42 while entering a data security environment, selects data files needing to be transferred and backed up in the data security environment, and uploads the data files to the private cloud disk 42; and the files needing to be transferred can be selected and sent to the appointed on-line data file receiver. In this way, the data downloaded from the business system 3 will be preserved in the data security environment. And meanwhile, the user who does not pass the identity authentication cannot read, copy, propagate and delete the protected files in the data security environment. In addition, the information system entry security management system is also provided with an encryption module 43, and after the protected file is separated from the data security environment, the protected file is opened, and only encrypted messy codes can be seen. The information system entry security management system is provided with a recording module 44 for recording the flow transfer information. The information system entrance security management system also has a watermark module 45, which can add watermark when the file is opened, edited and printed, the watermark content includes information of user name, IP, time, etc., to ensure the user rights and interests.
As shown in fig. 3, the business system 3 includes an online management module 32, a query module 33, an alarm module 36, a device management module 34, a security control module 35, and a task push module 37.
As shown in FIG. 3, the presence management module 32 is used to count the presence of people online. The online management module 32 is composed of an online statistical database, and the online axis database is provided with tree-shaped hierarchies which respectively comprise a first-level department online list and a second-level personnel online list. The department online list is mainly set through administrative management parameters, belongs to parameter configuration before the system starts formal operation, and aims to facilitate subsequent real-name management. The management system is mainly responsible for setting the corresponding management level name and the corresponding work place name of the system according to the administrative level division and the work place name in the actual management process. After the part is set, the user can select the administrative unit and the work place to which the user belongs from the existing setting parameters when registering the user information through the client 1, thereby laying a foundation for the later responsibility of the personnel to the relevant departments. The user can perform real-time inquiry of online personnel according to departments, personnel and the like, and the service condition of the service system 3 in a certain period of time is shown. The users may work in concert to fill in, check, or modify the data file. Meanwhile, the administrator can also send the file to the online client 1 through the task pushing module 37.
As shown in fig. 3, the query module 33 is used to audit end user behavior. The query module 33 includes a log metadata module 331, a statistics module 332, and a data security module 333. The log metadata module 331 is configured to record a usage status, including an internet log, a program log, a screen log, a file operation log, and the like, for example, the internet log selects a certain client, selects an address log in log management, displays the internet log of the current day, and may select a time to query a history log. The statistics report module 332 is used for counting storage usage, such as storage space of a security zone, and is an additional module, which is preferable. The data security module 333 is configured to count the number of data output times, including the number of times of operating the security disk, the number of times of operating the cloud disk 42, the number of times of outputting a file, the number of times of logging in the controlled terminal, the installation count of the client 1, the installation count of the fingerprint device, and the installation count of the UKEY. To facilitate the use of the query module 33, the service system 3 is provided with its own database in which these logs are stored. The database comprises a storage module, a backup module and a reservation module. The storage module is used for storing the basic list and is consistent with the common database. The backup module can set the data of the storage module to be backed up and received once every day, week or month, and is also provided with a text directory setting and a storage directory of backup files. The retention module sets the effective retention time limit of the database backup log file for the retention time limit of the data file log of the backup module, and the data file exceeding the time limit is deleted. Meanwhile, the log uploading retention time limit, the host information retention time limit, the network card and equipment port flow information retention time limit, the alarm information retention time limit and the like of the authorization equipment can be set. For example, the log retention time limit uploaded by the authorization device is set, the effective time limit of log retention uploaded by the authorization device in the database is set, and the offline host exceeding the time limit is deleted. The stable and safe use environment is provided for the query unit through the maintenance of the database.
And a device management module 34 for managing device installation. The method can help the user to quickly and accurately control and manage the network. The user can add network devices within the authorized range of the system, including setting the IP of the network device and the name of the community for SNMP management, through the device management module 34. The device management module 34 may perform operations such as screening devices, adding devices, deleting devices, and the like. Meanwhile, the device management module 34 may also set unknown device manufacturer management and device redundancy IP management. The manufacturer of the unknown device manages, for example, the devices that have been found by the system, but the manufacturer cannot be identified, and the setting can be manually performed by "manufacturer management of the unknown device". After the setting is finished, the user can click and add the equipment to display in a list related to the equipment. For example, in case of multiple IP addresses existing in the network device, the system provides query to set the redundant IP addresses of the network device, where the redundant IP addresses automatically found by the system are listed for the user to query, and for the redundant IP addresses not automatically found by the system, the user can add the redundant IP addresses of the device and the IP addresses of the device management by himself/herself for management.
The security control module 35 is used for software network control, and the security control module 35 manages the network devices detected by scanning, including network device communication link monitoring, network port working state monitoring and port security state monitoring, and network device port positioning and operation management, and the like, and is matched with the device management module 34, and reports an abnormal condition to the alarm module 36.
The alarm module 36 is used for alarming the change of illegal operation and use environment. The alarm module 36 includes an illegal website access alarm, an illegal program use alarm, an illegal IP access alarm, a file outgoing alarm, a system security alarm, an IP address change alarm, a hardware asset change alarm, and a software asset change alarm. For example, the alarm for illegal website access is given, the administrator sets the website that the client 1 computer forbids to access, and when the computer user accesses the website, the relevant alarm display is given in the alarm center of the management end and the internet alarm. The administrator can check the illegal website access alarm of the client 1 computer at any time. For example, the illegal program uses an alarm, the administrator sets a program which is forbidden to be accessed by the computer of the client 1, and when a computer user uses the program, a relevant alarm is displayed in the alarm center of the management end and the program alarm. The administrator can check the illegal program use alarm of the client 1 computer at any time. The safety of the network use environment is ensured, and the data can be checked.
As shown in fig. 3, the task push module 37 includes a file distribution push module 371 and a software distribution push module 372. The file distribution pushing module 371 provides a function of a file distribution task for a large network, uploads a file to be distributed, selects a computer to be distributed, clicks to store the distribution task, and automatically executes the file distribution task after the client 1 is started. The software distribution pushing module 372 selects a computer to be transmitted for the software program file to be uploaded, and saves the distribution task. The client 1 will automatically execute the software installation task after being powered on. Updates to the business system 3 are also pushed through this module.
The present embodiment is only for explaining the present invention, and it is not limited to the present invention, and those skilled in the art can make modifications of the present embodiment without inventive contribution as needed after reading the present specification, but all of them are protected by patent law within the scope of the claims of the present invention.

Claims (6)

1. A network data protection system comprises hardware and software, wherein the hardware comprises a plurality of clients (1), and the network data protection system is characterized in that: the software comprises an information system entrance security management system (4) and a service system (3), wherein the information system entrance security management system (4) receives files from the service system (3); an information system entrance safety management system (4) and a service system (3) are installed on each client (1); the hardware is connected with an authentication device (2) or the software is provided with an authentication module (31), and the authentication device (2) or the authentication module (31) controls the starting of an information system entrance security management system and a service system (3); the information system entrance security management system (4) comprises a data security area (41) and a cloud disk (42), wherein the data security area (41) is used for storing files downloaded from the service system (3), a user who does not pass through the identity authentication module (31) cannot read, copy, propagate and delete the protected files in the data security environment, and the cloud disk (42) is used for transferring the files stored in the data security area (41);
the information system entrance security management system (4) is also additionally provided with an encryption module (43), and after the protected file is separated from the data security environment, the protected file is opened to only see encrypted messy codes; the information system entrance security management system (4) is provided with a recording module (44) for recording the flow transfer information; the information system entrance security management system (4) is also provided with a watermark module (45) which can add watermarks when the file is opened, edited and printed, wherein the watermark content comprises information such as user name, IP (Internet protocol), time and the like;
the service system (3) comprises an online management module (32), a query module (33), an alarm module (36), an equipment management module (34), a safety control module (35) and a task pushing module (37);
the online management module (32) is used for counting the online personnel condition; the online management module (32) is composed of an online statistical database, the online statistical database is provided with tree-shaped hierarchies which respectively comprise a first-level department online list and a second-level personnel online list, and a user can inquire online personnel in real time according to departments, personnel and the like and display the service condition of the service system (3) in a certain period of time; the users can carry out cooperative work and fill, check or modify the data file cooperatively; meanwhile, an administrator can also send files to the online client (1) through the task pushing module (37);
the query module (33) is used for auditing the terminal user behavior;
the device management module (34) is used for management of device installation; the user can add network equipment in the system authorization range through the equipment management module (34), wherein the network equipment comprises the IP for setting the network equipment and the group name for SNMP management; the device management module (34) may also set unknown device vendor management and device redundancy IP management: managing unknown equipment manufacturers, wherein when equipment discovered by the system cannot be identified, manual setting can be carried out through 'management of unknown equipment manufacturers', and equipment can be added by clicking after the setting is finished, so that the equipment is displayed in a list related to the equipment; the equipment redundancy IP management is characterized in that a system provides query for setting a network equipment redundancy IP address aiming at the condition that a plurality of IP addresses exist in network equipment, the redundancy IP addresses automatically found by the system are listed at the position for users to query, and for the redundancy IP addresses which are not automatically found by the system, the users can automatically add the equipment redundancy IP address and the equipment management IP address for management;
the safety control module (35) is used for software network control; the safety control module (35) is used for controlling a software network, manages the network equipment detected by scanning, comprises network equipment communication link monitoring, network port working state monitoring, port safety state monitoring, network equipment port positioning, operation management and the like, is matched with the equipment management module (34), and reports abnormal conditions to the alarm module (36);
the alarm module (36) is used for alarming the change of illegal operation and use environment; the alarm module (36) comprises an illegal website access alarm, an illegal program use alarm, an illegal IP access alarm, a file outgoing alarm, a system safety alarm, an IP address change alarm, a hardware asset change alarm and a software asset change alarm;
the task pushing module (37) is used for upgrading management of the client (1), and the task pushing module (37) comprises a file distribution pushing module (371) and a software distribution pushing module (372); the file distribution pushing module (371) provides a function of a file distribution task for a large network, uploads a file to be distributed, selects a computer to be distributed, clicks to store the distribution task, and automatically executes the file distribution task after the client 1 is started; the software distribution pushing module (372) selects a computer to be sent for the software program file to be uploaded, and stores a distribution task; the client (1) can automatically execute the software distribution task after being started.
2. The network data protection system of claim 1, wherein: the identity authentication device (2) is a fingerprint acquisition instrument or a UKEY.
3. The network data protection system of claim 1, wherein: the identity authentication module (31) is a short message password authentication module.
4. The network data protection system of claim 1, wherein: the query module (33) comprises a log metadata module (331), a statistical statement module (332) and a data security module (333);
the log metadata module (331) is used for recording the use state;
the statistical report module (332) is used for counting the storage use condition;
the data security module (333) is used for counting the number of data output.
5. The network data protection system of claim 4, wherein: the log metadata module (331) comprises a controlled application access log list, a controlled file use log list, a controlled terminal login log list, a safe disk use log list and a USB use log list.
6. The network data protection system of claim 5, wherein: the data security module (333) comprises the statistics of the times of operating the security disk, the statistics of the times of operating the cloud disk (42), the statistics of the times of outputting files, the login times of the controlled terminal, the installation statistics of the client (1), the installation statistics of a fingerprint instrument and the installation statistics of UKEY.
CN201810873801.7A 2018-08-02 2018-08-02 Network data protection system Active CN108965317B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810873801.7A CN108965317B (en) 2018-08-02 2018-08-02 Network data protection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810873801.7A CN108965317B (en) 2018-08-02 2018-08-02 Network data protection system

Publications (2)

Publication Number Publication Date
CN108965317A CN108965317A (en) 2018-12-07
CN108965317B true CN108965317B (en) 2021-09-24

Family

ID=64467210

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810873801.7A Active CN108965317B (en) 2018-08-02 2018-08-02 Network data protection system

Country Status (1)

Country Link
CN (1) CN108965317B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112149065B (en) * 2020-09-16 2023-12-05 北京中电华大电子设计有限责任公司 Software defense fault injection method
CN113194080A (en) * 2021-04-25 2021-07-30 江苏欣业大数据科技有限公司 Network security system based on cloud computing and artificial intelligence
CN117131492A (en) * 2023-04-13 2023-11-28 杨杭杭 Computer safety protection management system with feedback reminding function

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064717A (en) * 2006-04-26 2007-10-31 北京华科广通信息技术有限公司 Safety protection system of information system or equipment and its working method
CN103218575A (en) * 2013-04-17 2013-07-24 武汉元昊科技有限公司 Host file security monitoring method
WO2013174813A1 (en) * 2012-05-23 2013-11-28 Gemalto S.A. A method for protecting data on a mass storage device and a device for the same
CN104580083A (en) * 2013-10-17 2015-04-29 苏州慧盾信息安全科技有限公司 System and method for providing safety protection for financial system
CN106850593A (en) * 2017-01-14 2017-06-13 河南工程学院 A kind of computer network security guard system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064717A (en) * 2006-04-26 2007-10-31 北京华科广通信息技术有限公司 Safety protection system of information system or equipment and its working method
WO2013174813A1 (en) * 2012-05-23 2013-11-28 Gemalto S.A. A method for protecting data on a mass storage device and a device for the same
CN103218575A (en) * 2013-04-17 2013-07-24 武汉元昊科技有限公司 Host file security monitoring method
CN104580083A (en) * 2013-10-17 2015-04-29 苏州慧盾信息安全科技有限公司 System and method for providing safety protection for financial system
CN106850593A (en) * 2017-01-14 2017-06-13 河南工程学院 A kind of computer network security guard system

Also Published As

Publication number Publication date
CN108965317A (en) 2018-12-07

Similar Documents

Publication Publication Date Title
CN108449345B (en) Network asset continuous safety monitoring method, system, equipment and storage medium
CN105681276B (en) A kind of sensitive information leakage actively monitoring and confirmation of responsibility method and apparatus
CN112765245A (en) Electronic government affair big data processing platform
CN101635730B (en) Method and system for safe management of internal network information of small and medium-sized enterprises
CN107770191B (en) Enterprise financial management system with safety protection
EP2866411A1 (en) Method and system for detecting unauthorized access to and use of network resources with targeted analytics
CN110443048A (en) Data center looks into number system
CN108965317B (en) Network data protection system
CN104217288A (en) Security management device and system for community comprehensive grid
CN103413083A (en) Security defending system for single host
CN107786551B (en) Method for accessing intranet server and device for controlling access to intranet server
KR20140035146A (en) Apparatus and method for information security
CN113269531A (en) Cloud-end architecture-based multi-tenant internet access behavior audit control method and related equipment
CN113792308A (en) Government affair sensitive data oriented security behavior risk analysis method
CN112837194A (en) Intelligent system
CN116166839B (en) Core drilling process supervision system, method, medium and computer
JP6636605B1 (en) History monitoring method, monitoring processing device, and monitoring processing program
CN101453388B (en) Inspection method for Internet service operation field terminal safety
Mogull Understanding and selecting a database activity monitoring solution
CN114282194A (en) IT risk monitoring method and device and storage medium
CN112685768A (en) Data leakage prevention method and device based on software asset audit
KR101453487B1 (en) A contents distribution log agent for the protection of authoring content provided as an online service, and management method thereof
CN112688808A (en) Operation and maintenance management method and system of internet data center and electronic equipment
Syambas et al. Two-Step Injection Method for Collecting Digital Evidence in Digital Forensics.
CN102298675A (en) Method and system for sending alarm signal by mobile storage device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant