CN109067779A - The method, apparatus and computer equipment of optimization firewall based on security protection - Google Patents
The method, apparatus and computer equipment of optimization firewall based on security protection Download PDFInfo
- Publication number
- CN109067779A CN109067779A CN201811083931.7A CN201811083931A CN109067779A CN 109067779 A CN109067779 A CN 109067779A CN 201811083931 A CN201811083931 A CN 201811083931A CN 109067779 A CN109067779 A CN 109067779A
- Authority
- CN
- China
- Prior art keywords
- firewall
- test data
- rule
- operation system
- test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Method, apparatus, computer equipment and the storage medium of optimization firewall proposed by the present invention based on security protection; wherein method includes: the test data obtained for testing firewall; wherein; different configuration files is had in the different test datas, the configuration file is used to characterize the invasion strategy for the operation system for invading the firewall protection;The operation system that the test data is accessed to the firewall protection obtains accessing successful first test data;Optimize the firewall according to the corresponding configuration file of first test data, this method is realized using program, without manual intervention, save human resources, and firewall is tested by using the test data with a variety of different configuration files, and the configuration file according to the test data for successfully bypassing firewall goes the configuration of adjustment firewall, and the firewall is allow to intercept the invasion of a variety of different data, to achieve the purpose that optimize firewall.
Description
Technical field
The present invention relates to the technical fields of security protection, especially relate to a kind of optimization fire prevention based on security protection
Wall method, device, computer equipment and storage medium.
Background technique
Firewall refers to the system of defense together being isolated between local network and extraneous network, it is for monitoring and filtering
Information exchange between all intranets and extranets can configure interception rule on firewall box, encounter and meet interception rule
Access data then can be intercepted, so that the data that protect internal network are not eavesdropped and destroy, and identified and shielded non-
The request of method.
It is increasingly extended and universal today in computer network, the requirement of computer security is higher, and it is wider to be related to face, not only
It is required that prevention and treatment virus, will also improve the ability of the external illegal hackers invasion of system attack, also to improve to remote data transmission
Confidentiality avoids illegally being stolen on the way in transmission.At this point, optimizing to fire wall performance is particularly important, still,
With the development of internet, come the continual growth of attack of automatic network, the diversification of intrusion rule, so that firewall is not
More access data can be intercepted completely, and are at present in the industry usually the processing speed of slave firewall, are mitigated load and improve
Error rate etc. optimizes firewall, but due to the diversity of intrusion rule and non-intellectual, firewall is allowed to be difficult to
Adapt to more intrusion rules.
Summary of the invention
The main object of the present invention is to provide a kind of optimization based on security protection that can intercept enriched data invasion
Method, apparatus, computer equipment and the storage medium of firewall.
A kind of method that the present invention proposes optimization firewall based on security protection, comprising: obtain for testing firewall
Test data, wherein in the different test datas have different configuration files, the configuration file for characterize into
Invade the invasion strategy of the operation system of the firewall protection;
The operation system that the test data is accessed to the firewall protection obtains accessing successful first test number
According to;
Optimize the firewall according to the corresponding configuration file of first test data.
Further, the step of test data obtained for testing firewall, comprising:
Obtain intrusion rule from preset database, the intrusion rule be for can bypass firewall and be arranged one
Kind rule;
The intrusion rule is configured in the configuration file for the data for being used to test firewall, so that the data are formed
The test data.
Further, in the configuration file that the intrusion rule is configured to the data for being used to test firewall, with
Before the step of making the data form the test data, comprising:
According to the type of the operation system of the firewall protection, classify to the intrusion rule;
The corresponding intrusion rule is called according to the type of the operation system of the firewall protection.
Further, the step of operation system that the test data is accessed to the firewall protection, comprising:
Multiple and different test datas is accessed to the operation system of the firewall protection simultaneously.
Further, the operation system that the test data is accessed to the firewall protection, obtains accessing successfully
The first test data the step of, comprising:
Judge whether the intrusion rule in the test data matches with the interception rule in the firewall;
If the interception rule match of the intrusion rule of the test data and the firewall, accesses failure;If described
Intrusion rule and interception rule mismatch, then access success, and obtain accessing successful first test data.
Further, the operation system that the test data is accessed to the firewall protection, obtains accessing successfully
The first test data the step of after, comprising:
In the preset database by configured to the data and the intrusion rule tested marks.
Further, described the step of optimizing the firewall according to the corresponding configuration file of first test data it
Afterwards, comprising:
It is accessed using operation system of first test data to the firewall after optimization;
If the firewall after first test data is optimised intercepts, optimize success, if first test
The firewall after data are not optimised intercepts, then according to the corresponding configuration file of first test data again to described
Firewall optimizes.
The device for the optimization firewall that the present invention also provides a kind of based on security protection, comprising:
Module is obtained, for obtaining the test data for testing firewall, wherein band in the different test datas
There is different configuration files, the configuration file is used to characterize the invasion strategy for the operation system for invading the firewall protection;
Test module obtains accessing successfully for the test data to be accessed to the operation system of the firewall protection
The first test data;
Optimization module, for optimizing the firewall according to the corresponding configuration file of first test data.
The present invention also provides a kind of computer equipment, including memory and processor, the memory is stored with computer
The step of program, the processor realizes the above method when executing the computer program.
The present invention also provides a kind of computer readable storage mediums, are stored thereon with computer program, the computer
The step of above method is realized when program is executed by processor.
The invention has the benefit that this method is realized using program, it is not necessarily to manual intervention, saves human resources, work
It is more efficient;This method tests firewall by using the test data with a variety of different configuration files, and according to success
The configuration that adjustment firewall is removed around the configuration file of the test data of firewall, intercepts the firewall a variety of different
The invasion of data, to achieve the purpose that optimize firewall;And the intrusion rule tested is marked, so that can after breakpoint
Unlabelled intrusion rule is continued to test according to marked intrusion rule, job schedule will not be lost because of power-off.
Detailed description of the invention
Fig. 1 is the step schematic diagram of the method for the optimization firewall in one embodiment of the invention based on security protection;
Fig. 2 is the structural schematic block diagram of the device of the optimization firewall in one embodiment of the invention based on security protection;
Fig. 3 is the structural schematic block diagram that module is obtained in one embodiment of the invention;
Fig. 4 is the structural schematic block diagram that module is obtained in another embodiment of the present invention;
Fig. 5 is the structural schematic block diagram of test module in one embodiment of the invention;
Fig. 6 is the structural schematic block diagram of test module in another embodiment of the present invention;
Fig. 7 is the structural schematic block diagram of the device of the optimization firewall in another embodiment of the present invention based on security protection;
Fig. 8 is the structural schematic block diagram of the computer equipment of one embodiment of the invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Referring to Fig.1, the method for the optimization firewall based on security protection in the present embodiment, comprising:
Step S1: the test data for testing firewall is obtained, wherein with difference in the different test datas
Configuration file, the configuration file is used to characterize the invasion strategy of the operation system for invading the firewall protection;
The test data: being accessed the operation system of the firewall protection by step S2, obtains accessing successful first
Test data;
Step S3: optimize the firewall according to the corresponding configuration file of first test data.
In the present embodiment, since it is desired that firewall is tested using test data, therefore before testing firewall,
Need to obtain the test data for testing firewall, above-mentioned test data is the data with configuration file, and different surveys
It tries data and has different configuration files, which is the invasion plan for characterizing the operation system of intrusion firewall protection
It slightly, include intrusion rule in this document, which is for a kind of rule that can bypass firewall and be arranged, such as various words
Accord with field permutation and combination.Specifically, the method for above-mentioned test firewall is to protect above-mentioned test data access fire-proof wall
Operation system, wherein being able to access that the test data of the operation system is configured with the configuration text for breaking through the firewall of the operation system
Part, so the test data with configuration file is used to test firewall.
It is understood that firewall is provided with interception rule, but not all test data can be by
It intercepts, if the interception rule of intrusion rule and firewall in above-mentioned test data configuration file mismatches, test data
Firewall can be bypassed, thus the operation system of intrusion firewall protection.In step s 2, by above-mentioned test data to be measured
Firewall is tested, and e.g., is accessed using operation system of the test data to firewall protection, is tested above-mentioned test data
Whether it is able to access that the operation system of above-mentioned firewall, if test data is intercepted by firewall, illustrates firewall to the test number
According to effective, then without going optimization firewall to say if test data is not intercepted by firewall according to test data configuration file
The bright firewall is invalid to test data, the first test data of access of at this moment succeeding, according to first test data
Firewall is optimized to that the firewall of above-mentioned first test data can be intercepted by configuration file, specifically, above-mentioned optimization process
For according to the intrusion rule in configuration file, the configuration file of the corresponding firewall for going modification current tested (includes to intercept
Rule) so that the two matches, current firewall is modified as to intercept the firewall of above-mentioned test data, to reach excellent
The purpose of chemoprevention wall with flues, above method whole process are realized using program, are not necessarily to manual intervention, save human resources.
Specifically, above-mentioned steps S1 includes:
Step S10: obtaining intrusion rule from preset database, the intrusion rule be for can bypass firewall and
A kind of rule being arranged;
Step S11: the intrusion rule being configured in the configuration file for the data for being used to test firewall, so that described
Data form the test data.
In the present embodiment, in order to save test resource and number, intrusion rule can be obtained by following approach: from
Sqlmap obtains above-mentioned intrusion rule, collect that other people use from network can around firewall intrusion rule and test it
The intrusion rule not being intercepted when its firewall obtains the various invasions that can bypass other firewalls by above-mentioned approach and advises
Then, if these intrusion rules can bypass other firewalls, that is, illustrate that these intrusion rules may also bypass and be currently used in test
Firewall, that is, show that these intrusion rules can be used for testing, by above-mentioned three kinds obtain for test intrusion rule approach
It can avoid getting nugatory rule, to save test resource.Intrusion rule is got by above-mentioned approach to store
In presetting database, when it is desired to be used, obtained directly from above-mentioned preset database.Above-mentioned sqlmap is one
The open source software of web system is attacked, there is a large amount of intrusion rule for bypassing firewall, in step s 11, before test,
Above-mentioned intrusion rule is configured in the configuration file for the data for being used to test firewall, it is above-mentioned for testing the data of firewall
The data of operation system as can be normally accessed, these data can be obtained from number of ways, such as the history from access operation system
It is obtained in data, or attempts preset data then access accesses successfully obtained from by using preset data.
In one embodiment, before step S11, comprising:
Step S01: according to the type of the operation system of the firewall protection, classify to the intrusion rule;
Step S02: the corresponding intrusion rule is called according to the type of the operation system of the firewall protection.
In the present embodiment, due to the difference between different business systems, the configuration of the firewall between different business systems
File is also possible to be arranged different, i.e., it is different to intercept rule for corresponding firewall.It specifically can be according to the need of operation system
It asks the interception of the firewall applied to different business systems rule is arranged, so accessing the business system of different firewall protections
Before system, the above-mentioned intrusion rule got can be classified according to the type of its operation system, so that having same type
The test data of intrusion rule accesses corresponding operation system.It thus is avoided that test data occur accesses not corresponding operation system
And invalid test is caused, the case where waste of resource.
Specifically, before access, the type that intrusion rule corresponds to the operation system of firewall protection is classified, so
Afterwards according to the type of operation system, call the intrusion rule of corresponding the type, these intrusion rules are configured to be used to test it is anti-
In the configuration file of the data of wall with flues, the test data of the type of corresponding operation system is formed, then by above-mentioned test data pair
The operation system of the firewall protection accesses, and citing ground, going out the operation system according to the type identification of operation system is
Mysql database, then using the survey of the intrusion rule with corresponding mysql database when accessing the mysql database
Data are tried, without being to oracle, sqlserver etc. by the test data for having the intrusion rule of corresponding mysql database
System accesses.In above-mentioned access process, the operation system of the different a pair of above-mentioned firewall protections of test data one is carried out
Access, to obtain different different being intercepted not by test data that above-mentioned firewall intercepts and by above-mentioned firewall
Test data.
Preferably, the step of above-mentioned operation system that the test data is accessed to the firewall protection, comprising:
Step S20 ': multiple and different test datas simultaneously test the firewall.
In this step, in order to save the testing time, multiple above-mentioned test datas simultaneously can test firewall,
Specifically, multiple and different above-mentioned intrusion rules is first called, these intrusion rules are respectively configured and are used to test firewall
Data configuration file in form multiple and different test datas, then by these test datas to the industry of firewall protection
Business system accesses, citing ground, while opening a plurality of thread and testing firewall, and every thread is connected to business system
System, and every thread is all made of a test data and accesses to above-mentioned operation system, test datas multiple so simultaneously into
The operation system of row access fire-proof wall protection, can save access time, improve working efficiency, need if any 10,000 test datas
Access, if accessing one by one, need to access 10,000 times, can consume a longer time, if but open 100 threads,
It can be completed after so 100 times access, greatly increase working efficiency.
Further, the step of above-mentioned operation system that the test data is accessed to the firewall protection, comprising:
Step S20: judge whether the intrusion rule in the test data matches with the interception rule in the firewall;
Step S21: if the interception rule match of the intrusion rule of the test data and the firewall, access at
Function;If the intrusion rule and interception rule mismatch, success is accessed, and obtains accessing successful first test number
According to.
In the present embodiment, when test data tests the firewall, first by test data to firewall
Operation system accesses, and accesses there are two types of results, at this moment one kind proves test data for operation system can normally be accessed
Firewall can be successfully bypassed, one is access less than operation system, it was demonstrated that the test data is intercepted by firewall.Specifically
It says, the intrusion rule of above-mentioned test data is matched with the interception rule of firewall, if the two matches, at this moment test data
It can be intercepted, that is, access successfully by firewall, if the two mismatches, test data can bypass firewall, thus successful access
The operation system of the firewall protection.Such as, key character can be intercepted by intercepting setting in rule, if with correspondence in intrusion rule
Key character, then intrusion rule with intercept rule be adapted to;Rule can then be invaded with case sensitive letter by intercepting setting in rule
Then middle character either capitalization or lowercase is adapted to interception rule.
Further, the intrusion rule that can successfully bypass the test data of firewall is recorded according to access result
Come, the interception rule of firewall is then adjusted according to these intrusion rules, thus optimize firewall, specifically, above-mentioned access
As a result in, if test data can successfully bypass firewall, so that operation system normally be accessed, illustrate this test data pair
It is a loophole for firewall, so the interception rule of adjustment firewall can be gone according to the intrusion rule of this test data
Then, firewall is intercepted when encountering the data with such intrusion rule again.Citing ground, different invasions
The interception rule of rule adjustment firewall is also different, and if included key character in intrusion rule, adjustment intercepts rule, so that
Intercepting rule includes that can intercept the key character, can be by this moment if the intrusion rule again attacks firewall
It intercepts.
In one embodiment, after above-mentioned steps S2, comprising:
Step S3 ': in the preset database by configured to the data and the intrusion rule tested marks.
It, can be to the intrusion rule in presetting database after obtaining accessing successful first test data in this step
It is marked, specifically, one is test datas can successfully bypass fire prevention there are two types of the access results known to above-mentioned steps
Wall, then the test data can be denoted as the first test data, corresponding, and the corresponding intrusion rule of the first test data is labeled as A, and
It records, intercepts rule for use in adjustment;One is test datas to be intercepted by firewall, then the test data can be denoted as
Two test datas, corresponding, which can be labeled as B.Due to the diversity of intrusion rule
Non- intellectual, if thinking, firewall can intercept more data for having intrusion rule, so a large amount of intrusion rules is needed to carry out
Test obtains intrusion rule that is effective, can be used for adjusting firewall interception rule during the test, and due to intrusion rule
Substantial amounts be easy to cause retest or test leakage to try, so in the preset database if breakpoint is resurveyed again
The intrusion rule tested is marked, and the intrusion rule same so is no longer surveyed when restarting task after testing breakpoint
Examination will not lose when testing again directly since the last one intrusion rule to be measured before breakpoint because of breakpoint in this way
The job schedule of mistake.
Further, after step s 3, comprising:
Step S4: it is accessed using operation system of first test data to the firewall after optimization;
Step S5: if being intercepted after first test data optimization by the firewall, optimizes success, if described the
The firewall after one test data is not optimised intercepts, then again according to the corresponding configuration file of first test data
The firewall is optimized.
In the present embodiment, after optimizing firewall, it is to be ensured that the firewall can intercept above-mentioned first test data, then
Need to verify whether the firewall optimizes success, specific verification process are as follows: protect the first test data to the firewall after optimization
The operation system of shield accesses, if the firewall after the first test data is optimised intercepts, that is, illustrates that the firewall is optimized to
Function illustrates that optimization firewall is unsuccessful, needs again to fire prevention if the firewall after the first test data is not optimised intercepts
Wall optimizes, then is advised according to the interception that the intrusion rule in above-mentioned first test data configuration file adjusts firewall again
Then, to optimize above-mentioned firewall, then the firewall is verified again, so until above-mentioned firewall can when verifying
To intercept above-mentioned first test data, then illustrate that above-mentioned firewall optimizes successfully.
Referring to Fig. 2, the device of the optimization firewall in the present embodiment based on security protection, comprising:
Module 100 is obtained, for obtaining the test data for testing firewall, wherein the different test datas
In have different configuration files, the configuration file is used to characterize the invasion plan of the operation system for invading the firewall protection
Slightly;
Test module 200 obtains accessing into for the test data to be accessed to the operation system of the firewall protection
First test data of function;
Optimization module 300, for optimizing the firewall according to the corresponding configuration file of first test data.
In the present embodiment, since it is desired that firewall is tested using test data, therefore before testing firewall,
It needing to obtain module 100 and obtains test data for testing firewall, above-mentioned test data is the data with configuration file,
And different test datas has different configuration files, which is the business system for characterizing intrusion firewall protection
The invasion strategy of system, includes intrusion rule in this document, which is for a kind of rule that can bypass firewall and be arranged
Then, such as various character field permutation and combination.Specifically, the method for above-mentioned test firewall is to access above-mentioned test data to prevent
The operation system of wall with flues protection, wherein being able to access that the test data of the operation system is each equipped with breaks through the anti-of the operation system
The configuration file of wall with flues, so the test data with configuration file is used to test firewall.
It is understood that firewall is provided with interception rule, but not all test data can be by
It intercepts, if the interception rule of intrusion rule and firewall in above-mentioned test data configuration file mismatches, test data
Firewall can be bypassed, thus the operation system of intrusion firewall protection.Above-mentioned test data carries out firewall to be measured
Test, e.g., test module 200 accesses operation system of the test data to firewall protection, tests above-mentioned test data
Whether it is able to access that the operation system of above-mentioned firewall, if test data is intercepted by firewall, illustrates firewall to the test number
According to effective, then without going optimization firewall to say if test data is not intercepted by firewall according to test data configuration file
The bright firewall is invalid to test data, the first test data of access of at this moment succeeding, optimization module 300 according to this first
Firewall is optimized to that the firewall of above-mentioned first test data can be intercepted by the configuration file of test data, specifically, on
Stating optimization process is the configuration file of the corresponding firewall for going modification current tested according to the intrusion rule in configuration file
(including to intercept rule), so that the two matches, current firewall is modified as to intercept the firewall of above-mentioned test data,
To achieve the purpose that optimize firewall.
Specifically, referring to Fig. 3, above-mentioned acquisition module 100 includes:
Acquisition submodule 110, for obtaining intrusion rule from preset database, the intrusion rule is for can be around
A kind of rule crossing firewall and being arranged;
Submodule 120 is added, is used to test the configuration files of the data of firewall for the intrusion rule to be configured to
In, so that the data form the test data.
In the present embodiment, in order to save test resource and number, intrusion rule can be obtained by following approach: from
Sqlmap obtains above-mentioned intrusion rule, collect that other people use from network can around firewall intrusion rule and test it
The intrusion rule not being intercepted when its firewall obtains the various invasions that can bypass other firewalls by above-mentioned approach and advises
Then, if these intrusion rules can bypass other firewalls, that is, illustrate that these intrusion rules may also bypass and be currently used in test
Firewall, that is, show that these intrusion rules can be used for testing, by above-mentioned three kinds obtain for test intrusion rule approach
It can avoid getting nugatory rule, to save test resource.Intrusion rule is got by above-mentioned approach to store
In presetting database, when it is desired to be used, obtained directly from above-mentioned preset database.Above-mentioned sqlmap is one
The open source software of web system is attacked, has and bypasses a large amount of intrusion rule of firewall.Before test, submodule 120 is added will
Above-mentioned intrusion rule is configured in the configuration file of the data for testing firewall, and the above-mentioned data for testing firewall are i.e.
For the data that can normally access operation system, these data can be obtained from number of ways, such as the history number from access operation system
Preset data then access accesses successfully obtained from are attempted according to middle acquisition, or by using preset data.
In one embodiment, referring to Fig. 4, above-mentioned acquisition module 100, further includes:
Classify submodule 130, for the type according to the operation system of the firewall protection, to the intrusion rule into
Row classification;
Call submodule 140, for the type according to the operation system of the firewall protection call it is corresponding it is described enter
Invade rule.
In the present embodiment, due to the difference between different business systems, the configuration of the firewall between different business systems
File is also possible to be arranged different, i.e., it is different to intercept rule for corresponding firewall.It specifically can be according to the need of operation system
It asks the interception of the firewall applied to different business systems rule is arranged, so accessing the business system of different firewall protections
Before system, classification submodule 130 can classify the above-mentioned intrusion rule got according to the type of its operation system, make
It obtains the test data with same type intrusion rule and accesses corresponding operation system.Thus be avoided that occur test data access it is not right
The operation system answered and cause invalid test, the case where waste of resource.
Specifically, before access, intrusion rule is corresponded to the class of the operation system of firewall protection by classification submodule 130
Type is classified, and is then called submodule 140 according to the type of operation system, the intrusion rule of corresponding the type is called, by this
A little intrusion rules are configured in the configuration file of the data for testing firewall, form the test of the type of corresponding operation system
Then data access operation system of the above-mentioned test data to the firewall protection, citing ground, according to operation system
It is mysql database that type identification, which goes out the operation system, then using when accessing the mysql database with correspondence
The test data of the intrusion rule of mysql database, the test number of the intrusion rule without corresponding mysql database will be had
It accesses according to systems such as oracle, sqlserver.It is in above-mentioned access process, different test datas one is a pair of above-mentioned
The operation system of firewall protection accesses, so that the different test datas not intercepted by above-mentioned firewall is obtained, and
The different test datas intercepted by above-mentioned firewall.
In one embodiment, referring to Fig. 5, above-mentioned test module 200, comprising:
Submodule 210 is tested, for testing the firewall multiple and different test datas simultaneously.
In the present embodiment, in order to save the testing time, test submodule 210 can be right simultaneously by multiple above-mentioned test datas
Firewall is tested, and specifically, first calls multiple and different above-mentioned intrusion rules, these intrusion rules are respectively configured
Multiple and different test datas is formed in the configuration file of data for testing firewall, then by these test datas pair
The operation system of firewall protection accesses, citing ground, while opening a plurality of thread and testing firewall, every thread
It is connected to operation system, and every thread is all made of a test data and accesses to above-mentioned operation system, surveys multiple in this way
Examination data while the operation system for the firewall protection that accesses, can save access time, working efficiency be improved, if any 10,000
A test data needs to access, if accessing one by one, needs to access 10,000 times, can consume a longer time, if but opening
100 threads greatly increase working efficiency then can be completed after 100 access.
In another embodiment, referring to Fig. 6, above-mentioned test module 200, comprising:
Judging submodule 220, for judging that the intrusion rule in the test data and the interception in the firewall are advised
Then whether match;
Access submodule 230, for the test data intrusion rule and the firewall interception rule match when,
Then access success;If the intrusion rule and interception rule mismatch, success is accessed, and obtain accessing successful first
Test data.
In the present embodiment, when test data tests the firewall, first by test data to firewall
Operation system accesses, and accesses there are two types of results, at this moment one kind proves test data for operation system can normally be accessed
Firewall can be successfully bypassed, one is access less than operation system, it was demonstrated that the test data is intercepted by firewall.Specifically
It says, the intrusion rule of above-mentioned test data is matched with the interception rule of firewall, if the two matches, at this moment test data
It can be intercepted, that is, access successfully by firewall, if the two mismatches, test data can bypass firewall, thus successful access
The operation system of the firewall protection.Such as, key character can be intercepted by intercepting setting in rule, if with correspondence in intrusion rule
Key character, then intrusion rule with intercept rule be adapted to;Rule can then be invaded with case sensitive letter by intercepting setting in rule
Then middle character either capitalization or lowercase is adapted to interception rule.
Further, the intrusion rule that can successfully bypass the test data of firewall is recorded according to access result
Come, the interception rule of firewall is then adjusted according to these intrusion rules, thus optimize firewall, specifically, above-mentioned access
As a result in, if test data can successfully bypass firewall, so that operation system normally be accessed, illustrate this test data pair
It is a loophole for firewall, so the interception rule of adjustment firewall can be gone according to the intrusion rule of this test data
Then, firewall is intercepted when encountering the data with such intrusion rule again.Citing ground, different invasions
The interception rule of rule adjustment firewall is also different, and if included key character in intrusion rule, adjustment intercepts rule, so that
Intercepting rule includes that can intercept the key character, can be by this moment if the intrusion rule again attacks firewall
It intercepts.
In one embodiment, the device of the above-mentioned optimization firewall based on security protection, comprising:
Mark module, in the preset database by configured to the data and the intrusion rule mark tested
Note.
In the present embodiment, after obtaining accessing successful first test data, mark module can be in presetting database
Intrusion rule be marked, can be at one is test data specifically, by there are two types of access results known to above-mentioned steps
Function bypasses firewall, then the test data can be denoted as the first test data, corresponding, the corresponding intrusion rule of the first test data
It labeled as A, and records, intercepts rule for use in adjustment;One is test datas to be intercepted by firewall, then the test number
According to that can be denoted as the second test data, corresponding, which can be labeled as B.Since invasion is advised
Diversity and non-intellectual then, if thinking, firewall can intercept more data for having intrusion rule, so needing largely to enter
Rule is invaded to be tested, acquisition is effective during the test, can be used for adjusting the intrusion rule of firewall interception rule, and by
In the substantial amounts of intrusion rule, if breakpoint is resurveyed again, it be easy to cause retest or test leakage to try, so in preset data
In library after tested cross intrusion rule be marked, the intrusion rule same in this way when restarting task after testing breakpoint not
It is tested again, it, in this way will not be because of when testing again directly since the last one intrusion rule to be measured before breakpoint
Breakpoint and the job schedule lost.
Further, referring to Fig. 7, the device of the above-mentioned optimization firewall based on security protection, further includes:
Authentication module 500, for using first test data to the operation system of the firewall after optimization into
Row access;
Module 600 is surveyed again, if being intercepted after first test data optimization by the firewall, optimizes success, if
The firewall after first test data is not optimised intercepts, then according to the corresponding configuration text of first test data
Part again optimizes the firewall.
In the present embodiment, after optimizing firewall, it is to be ensured that the firewall can intercept above-mentioned first test data, then
Need to verify whether the firewall optimizes success, specific verification process are as follows: authentication module 500 by the first test data to optimization after
The operation system of firewall protection access, if the firewall after the first test data is optimised intercepts, that is, illustrate that this is anti-
Wall with flues optimizes successfully, if the firewall after the first test data is not optimised intercepts, that is, illustrates that optimization firewall is unsuccessful, needs
Firewall is optimized again, then firewall is adjusted according to the intrusion rule in above-mentioned first test data configuration file again
Interception rule, to optimize above-mentioned firewall, then the firewall is verified again, so until verifying when, it is above-mentioned
Firewall can intercept above-mentioned first test data, then illustrate that above-mentioned firewall optimizes successfully.
Referring to Fig. 8, a kind of computer equipment is also provided in the embodiment of the present invention, which can be server,
Its internal structure can be as shown in Figure 8.The computer equipment includes processor, the memory, network connected by system bus
Interface and database.Wherein, the processor of the Computer Design is for providing calculating and control ability.The computer equipment is deposited
Reservoir includes non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program
And database.The internal memory provides environment for the operation of operating system and computer program in non-volatile memory medium.It should
The database of computer equipment is used to store the data such as the method for optimization firewall based on security protection.The computer equipment
Network interface is used to communicate with external terminal by network connection.To realize one kind when the computer program is executed by processor
The method of optimization firewall based on security protection.
Above-mentioned processor executes the step of method of the above-mentioned optimization firewall based on security protection: obtaining anti-for testing
The test data of wall with flues, wherein different configuration files is had in the different test datas, the configuration file is used for table
Sign invades the invasion strategy of the operation system of the firewall protection;The test data is accessed to the industry of the firewall protection
Business system obtains accessing successful first test data;According to described in the corresponding configuration file optimization of first test data
Firewall.
The step of above-mentioned computer equipment, the test data obtained for testing firewall, comprising: from preset number
According to intrusion rule is obtained in library, the intrusion rule is for a kind of rule that can bypass firewall and be arranged;By the invasion
Rule is configured in the configuration file of the data for testing firewall, so that the data form the test data.
In one embodiment, above-mentioned that the intrusion rule is configured to the configuration file for being used to test the data of firewall
In, so that before the step of data form the test data, comprising: according to the operation system of the firewall protection
Type classifies to the intrusion rule;It is called according to the type of the operation system of the firewall protection corresponding described
Intrusion rule can avoid the occurrence of test data in this way and access not corresponding operation system and cause invalid test, waste money
The case where source.
In one embodiment, the step of above-mentioned operation system that the test data is accessed to the firewall protection,
Include: by multiple and different test datas while to access the operation system of the firewall protection, visit can be saved in this way
It asks the time, improves working efficiency.
In one embodiment, the operation system described above that the test data is accessed to the firewall protection, obtains
To the step of accessing successful first test data, comprising: judge the intrusion rule and the firewall in the test data
In interception rule whether match;If the interception rule match of the intrusion rule of the test data and the firewall, is visited
It asks unsuccessfully;If the intrusion rule and interception rule mismatch, success is accessed, and obtains accessing successful first test
Data.
In another embodiment, the above-mentioned operation system that the test data is accessed to the firewall protection, obtains
After the step of accessing successful first test data, comprising: in the preset database by it is configured to the data and into
The intrusion rule label of row test.
In one embodiment, described to optimize the firewall according to the corresponding configuration file of first test data
After step, comprising: accessed using operation system of first test data to the firewall after optimization;If institute
State the first test data it is optimised after the firewall intercept, then optimize success, if first test data is not optimised
The firewall afterwards intercepts, then is carried out again to the firewall according to the corresponding configuration file of first test data excellent
Change.
It will be understood by those skilled in the art that structure shown in Fig. 8, only part relevant to application scheme is tied
The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme.
One embodiment of the invention also provides a kind of computer readable storage medium, is stored thereon with computer program, calculates
Machine program realizes a kind of optimization firewall method based on security protection when being executed by processor, specifically: it obtains for surveying
Try the test data of firewall, wherein different configuration files is had in the different test datas, the configuration file is used
The invasion strategy of the operation system of the firewall protection is invaded in characterization;The test data is accessed into the firewall protection
Operation system, obtain accessing successful first test data;According to the corresponding configuration file optimization of first test data
The firewall.
The step of above-mentioned computer readable storage medium, the test data obtained for testing firewall, comprising: from
Intrusion rule is obtained in preset database, the intrusion rule is for a kind of rule that can bypass firewall and be arranged;It will
The intrusion rule is configured in the configuration file of the data for testing firewall, so that the data form the test number
According to.
In one embodiment, above-mentioned that the intrusion rule is configured to the configuration file for being used to test the data of firewall
In, so that before the step of data form the test data, comprising: according to the operation system of the firewall protection
Type classifies to the intrusion rule;It is called according to the type of the operation system of the firewall protection corresponding described
Intrusion rule can avoid the occurrence of test data in this way and access not corresponding operation system and cause invalid test, waste money
The case where source.
In one embodiment, the step of above-mentioned operation system that the test data is accessed to the firewall protection,
Include: by multiple and different test datas while to access the operation system of the firewall protection, visit can be saved in this way
It asks the time, improves working efficiency.
In one embodiment, the above-mentioned operation system that the test data is accessed to the firewall protection, must visit
The step of asking successful first test data, comprising: judge in the intrusion rule and the firewall in the test data
Intercept whether rule matches;If the interception rule match of the intrusion rule of the test data and the firewall, accesses mistake
It loses;If the intrusion rule and interception rule mismatch, success is accessed, and obtains accessing successful first test number
According to.
In another embodiment, the above-mentioned operation system that the test data is accessed to the firewall protection, obtains
After the step of accessing successful first test data, comprising: in the preset database by it is configured to the data and into
The intrusion rule label of row test.
In one embodiment, described to optimize the firewall according to the corresponding configuration file of first test data
After step, comprising: accessed using operation system of first test data to the firewall after optimization;If institute
State the first test data it is optimised after the firewall intercept, then optimize success, if first test data is not optimised
The firewall afterwards intercepts, then is carried out again to the firewall according to the corresponding configuration file of first test data excellent
Change.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can store and a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,
Any reference used in provided herein and embodiment to memory, storage, database or other media,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include
Random access memory (RAM) or external cache.By way of illustration and not limitation, mono- diversified forms of RAM can obtain,
Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double speed are according to rate SDRAM (SSRSDRAM), enhancing
Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, device, article or the method that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, device, article or method institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, device of element, article or method.
The above description is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all utilizations
Equivalent structure or equivalent flow shift made by description of the invention and accompanying drawing content is applied directly or indirectly in other correlations
Technical field, be included within the scope of the present invention.
Claims (10)
1. a kind of method of the optimization firewall based on security protection characterized by comprising
Obtain the test data for testing firewall, wherein different configuration files is had in the different test datas,
The configuration file is used to characterize the invasion strategy for the operation system for invading the firewall protection;
The operation system that the test data is accessed to the firewall protection obtains accessing successful first test data;
Optimize the firewall according to the corresponding configuration file of first test data.
2. the method for the optimization firewall according to claim 1 based on security protection, which is characterized in that the acquisition is used
In the step of testing the test data of firewall, comprising:
Intrusion rule is obtained from preset database, the intrusion rule is for a kind of rule that can bypass firewall and be arranged
Then;
The intrusion rule is configured in the configuration file for the data for being used to test firewall so that the data formed it is described
Test data.
3. the method for the optimization firewall according to claim 2 based on security protection, which is characterized in that it is described will be described
Intrusion rule is configured in the configuration file of the data for testing firewall, so that the data form the test data
Before step, comprising:
According to the type of the operation system of the firewall protection, classify to the intrusion rule;
The corresponding intrusion rule is called according to the type of the operation system of the firewall protection.
4. the method for the optimization firewall according to claim 1 based on security protection, which is characterized in that it is described will be described
Test data accesses the step of operation system of the firewall protection, comprising:
Multiple and different test datas is accessed to the operation system of the firewall protection simultaneously.
5. the method for the optimization firewall according to claim 2 based on security protection, which is characterized in that it is described will be described
Test data accesses the operation system of the firewall protection, obtains the step of accessing successful first test data, comprising:
Judge whether the intrusion rule in the test data matches with the interception rule in the firewall;
If the interception rule match of the intrusion rule of the test data and the firewall, accesses failure;If the invasion
It is regular to be mismatched with the interception rule, then success is accessed, and obtain accessing successful first test data.
6. the method for optimization firewall according to claim 2, which is characterized in that described that the test data is accessed institute
The operation system for stating firewall protection, after obtaining the step of accessing successful first test data, comprising:
In the preset database by configured to the data and the intrusion rule tested marks.
7. the method for the optimization firewall according to claim 1 based on security protection, which is characterized in that described according to institute
After stating the step of corresponding configuration file of the first test data optimizes the firewall, comprising:
It is accessed using operation system of first test data to the firewall after optimization;
If the firewall after first test data is optimised intercepts, optimize success, if first test data
The firewall after not optimised intercepts, then according to the corresponding configuration file of first test data again to the fire prevention
Wall optimizes.
8. a kind of device of the optimization firewall based on security protection characterized by comprising
Module is obtained, for obtaining the test data for testing firewall, wherein with not in the different test datas
Same configuration file, the configuration file are used to characterize the invasion strategy for the operation system for invading the firewall protection;
Test module obtains accessing successful for the test data to be accessed to the operation system of the firewall protection
One test data;
Optimization module, for optimizing the firewall according to the corresponding configuration file of first test data.
9. a kind of computer equipment, including memory and processor, the memory are stored with computer program, feature exists
In the step of processor realizes any one of claims 1 to 7 the method when executing the computer program.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step of method described in any one of claims 1 to 7 is realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811083931.7A CN109067779A (en) | 2018-09-17 | 2018-09-17 | The method, apparatus and computer equipment of optimization firewall based on security protection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811083931.7A CN109067779A (en) | 2018-09-17 | 2018-09-17 | The method, apparatus and computer equipment of optimization firewall based on security protection |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109067779A true CN109067779A (en) | 2018-12-21 |
Family
ID=64762979
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811083931.7A Pending CN109067779A (en) | 2018-09-17 | 2018-09-17 | The method, apparatus and computer equipment of optimization firewall based on security protection |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109067779A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110247933A (en) * | 2019-07-08 | 2019-09-17 | 中国工商银行股份有限公司 | The method and apparatus for realizing firewall policy |
CN112398857A (en) * | 2020-11-17 | 2021-02-23 | 腾讯科技(深圳)有限公司 | Firewall testing method and device, computer equipment and storage medium |
CN114301638A (en) * | 2021-12-13 | 2022-04-08 | 山石网科通信技术股份有限公司 | Method and device for reproducing firewall rules, storage medium and processor |
CN114338145A (en) * | 2021-12-27 | 2022-04-12 | 绿盟科技集团股份有限公司 | Safety protection method and device and electronic equipment |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101060521A (en) * | 2006-04-18 | 2007-10-24 | 华为技术有限公司 | Information packet filtering method and network firewall |
US20150143502A1 (en) * | 2013-09-25 | 2015-05-21 | Veracode, Inc. | System and method for automated configuration of application firewalls |
US20150358282A1 (en) * | 2014-06-04 | 2015-12-10 | Bank Of America Corporation | Firewall Policy Browser |
CN105187435A (en) * | 2015-09-24 | 2015-12-23 | 浪潮电子信息产业股份有限公司 | Firewall rule filtration optimization method |
US20160277357A1 (en) * | 2013-03-18 | 2016-09-22 | British Telecommunications Public Limited Company | Firewall testing |
CN107395593A (en) * | 2017-07-19 | 2017-11-24 | 深信服科技股份有限公司 | A kind of leak automation means of defence, fire wall and storage medium |
CN108429774A (en) * | 2018-06-21 | 2018-08-21 | 蔡梦臣 | A kind of firewall policy centralized optimization management method and its system |
-
2018
- 2018-09-17 CN CN201811083931.7A patent/CN109067779A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101060521A (en) * | 2006-04-18 | 2007-10-24 | 华为技术有限公司 | Information packet filtering method and network firewall |
US20160277357A1 (en) * | 2013-03-18 | 2016-09-22 | British Telecommunications Public Limited Company | Firewall testing |
US20150143502A1 (en) * | 2013-09-25 | 2015-05-21 | Veracode, Inc. | System and method for automated configuration of application firewalls |
US20150358282A1 (en) * | 2014-06-04 | 2015-12-10 | Bank Of America Corporation | Firewall Policy Browser |
CN105187435A (en) * | 2015-09-24 | 2015-12-23 | 浪潮电子信息产业股份有限公司 | Firewall rule filtration optimization method |
CN107395593A (en) * | 2017-07-19 | 2017-11-24 | 深信服科技股份有限公司 | A kind of leak automation means of defence, fire wall and storage medium |
CN108429774A (en) * | 2018-06-21 | 2018-08-21 | 蔡梦臣 | A kind of firewall policy centralized optimization management method and its system |
Non-Patent Citations (2)
Title |
---|
EHAB AL-SHAER: "Automated pseudo-live testing of firewall configuration enforcement", 《 IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS》 * |
傅慧: "动态包过滤防火墙规则优化研究", 《信息网络安全》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110247933A (en) * | 2019-07-08 | 2019-09-17 | 中国工商银行股份有限公司 | The method and apparatus for realizing firewall policy |
CN112398857A (en) * | 2020-11-17 | 2021-02-23 | 腾讯科技(深圳)有限公司 | Firewall testing method and device, computer equipment and storage medium |
CN112398857B (en) * | 2020-11-17 | 2023-07-25 | 腾讯科技(深圳)有限公司 | Firewall testing method, device, computer equipment and storage medium |
CN114301638A (en) * | 2021-12-13 | 2022-04-08 | 山石网科通信技术股份有限公司 | Method and device for reproducing firewall rules, storage medium and processor |
CN114301638B (en) * | 2021-12-13 | 2024-02-06 | 山石网科通信技术股份有限公司 | Firewall rule reproduction method and device, storage medium and processor |
CN114338145A (en) * | 2021-12-27 | 2022-04-12 | 绿盟科技集团股份有限公司 | Safety protection method and device and electronic equipment |
CN114338145B (en) * | 2021-12-27 | 2023-09-26 | 绿盟科技集团股份有限公司 | Safety protection method and device and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10038711B1 (en) | Penetration testing of a networked system | |
CN109067779A (en) | The method, apparatus and computer equipment of optimization firewall based on security protection | |
US10367846B2 (en) | Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign | |
US10257220B2 (en) | Verifying success of compromising a network node during penetration testing of a networked system | |
CN104301302B (en) | Go beyond one's commission attack detection method and device | |
US11206281B2 (en) | Validating the use of user credentials in a penetration testing campaign | |
CN107634967B (en) | CSRFtoken defense system and method for CSRF attack | |
CN104468632A (en) | Loophole attack prevention method, device and system | |
US20140157366A1 (en) | Network access control system and method | |
Maraj et al. | Testing techniques and analysis of SQL injection attacks | |
Anand et al. | Vulnerability-based security pattern categorization in search of missing patterns | |
CN109376530B (en) | Process mandatory behavior control method and system based on mark | |
CN110933054B (en) | Data network security protection method and device, computer equipment and storage medium | |
CN107682346B (en) | System and method for rapidly positioning and identifying CSRF attack | |
CN106790169B (en) | Protection method and device for scanning of scanning equipment | |
CN112383536B (en) | Firewall verification method and device, computer equipment and storage medium | |
Khamdamov et al. | Method of developing a web-application firewall | |
JP6950304B2 (en) | How to match secure elements, computer programs, devices, servers and file information | |
KR102470683B1 (en) | Security design flaw detection method based on unit test case, recording medium and device for performing the same | |
Agrawal et al. | Offensive Web Application Security Framework. | |
Williams | Protection from the Inside: Application Security Methodologies Compared | |
Akram et al. | Defense Mechanism Using Multilayered Approach and SQL Injection Methods for Web Based Attacks | |
Liu et al. | INTRUSION CONFINEMENT BY ISOLATION IN | |
Ilić et al. | One approach to the testing of security of proposed database application software | |
CN113765859A (en) | Network security filtering method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181221 |
|
RJ01 | Rejection of invention patent application after publication |