CN109067779A - The method, apparatus and computer equipment of optimization firewall based on security protection - Google Patents

The method, apparatus and computer equipment of optimization firewall based on security protection Download PDF

Info

Publication number
CN109067779A
CN109067779A CN201811083931.7A CN201811083931A CN109067779A CN 109067779 A CN109067779 A CN 109067779A CN 201811083931 A CN201811083931 A CN 201811083931A CN 109067779 A CN109067779 A CN 109067779A
Authority
CN
China
Prior art keywords
firewall
test data
rule
operation system
test
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811083931.7A
Other languages
Chinese (zh)
Inventor
陈先亮
陆龙杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201811083931.7A priority Critical patent/CN109067779A/en
Publication of CN109067779A publication Critical patent/CN109067779A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Method, apparatus, computer equipment and the storage medium of optimization firewall proposed by the present invention based on security protection; wherein method includes: the test data obtained for testing firewall; wherein; different configuration files is had in the different test datas, the configuration file is used to characterize the invasion strategy for the operation system for invading the firewall protection;The operation system that the test data is accessed to the firewall protection obtains accessing successful first test data;Optimize the firewall according to the corresponding configuration file of first test data, this method is realized using program, without manual intervention, save human resources, and firewall is tested by using the test data with a variety of different configuration files, and the configuration file according to the test data for successfully bypassing firewall goes the configuration of adjustment firewall, and the firewall is allow to intercept the invasion of a variety of different data, to achieve the purpose that optimize firewall.

Description

The method, apparatus and computer equipment of optimization firewall based on security protection
Technical field
The present invention relates to the technical fields of security protection, especially relate to a kind of optimization fire prevention based on security protection Wall method, device, computer equipment and storage medium.
Background technique
Firewall refers to the system of defense together being isolated between local network and extraneous network, it is for monitoring and filtering Information exchange between all intranets and extranets can configure interception rule on firewall box, encounter and meet interception rule Access data then can be intercepted, so that the data that protect internal network are not eavesdropped and destroy, and identified and shielded non- The request of method.
It is increasingly extended and universal today in computer network, the requirement of computer security is higher, and it is wider to be related to face, not only It is required that prevention and treatment virus, will also improve the ability of the external illegal hackers invasion of system attack, also to improve to remote data transmission Confidentiality avoids illegally being stolen on the way in transmission.At this point, optimizing to fire wall performance is particularly important, still, With the development of internet, come the continual growth of attack of automatic network, the diversification of intrusion rule, so that firewall is not More access data can be intercepted completely, and are at present in the industry usually the processing speed of slave firewall, are mitigated load and improve Error rate etc. optimizes firewall, but due to the diversity of intrusion rule and non-intellectual, firewall is allowed to be difficult to Adapt to more intrusion rules.
Summary of the invention
The main object of the present invention is to provide a kind of optimization based on security protection that can intercept enriched data invasion Method, apparatus, computer equipment and the storage medium of firewall.
A kind of method that the present invention proposes optimization firewall based on security protection, comprising: obtain for testing firewall Test data, wherein in the different test datas have different configuration files, the configuration file for characterize into Invade the invasion strategy of the operation system of the firewall protection;
The operation system that the test data is accessed to the firewall protection obtains accessing successful first test number According to;
Optimize the firewall according to the corresponding configuration file of first test data.
Further, the step of test data obtained for testing firewall, comprising:
Obtain intrusion rule from preset database, the intrusion rule be for can bypass firewall and be arranged one Kind rule;
The intrusion rule is configured in the configuration file for the data for being used to test firewall, so that the data are formed The test data.
Further, in the configuration file that the intrusion rule is configured to the data for being used to test firewall, with Before the step of making the data form the test data, comprising:
According to the type of the operation system of the firewall protection, classify to the intrusion rule;
The corresponding intrusion rule is called according to the type of the operation system of the firewall protection.
Further, the step of operation system that the test data is accessed to the firewall protection, comprising:
Multiple and different test datas is accessed to the operation system of the firewall protection simultaneously.
Further, the operation system that the test data is accessed to the firewall protection, obtains accessing successfully The first test data the step of, comprising:
Judge whether the intrusion rule in the test data matches with the interception rule in the firewall;
If the interception rule match of the intrusion rule of the test data and the firewall, accesses failure;If described Intrusion rule and interception rule mismatch, then access success, and obtain accessing successful first test data.
Further, the operation system that the test data is accessed to the firewall protection, obtains accessing successfully The first test data the step of after, comprising:
In the preset database by configured to the data and the intrusion rule tested marks.
Further, described the step of optimizing the firewall according to the corresponding configuration file of first test data it Afterwards, comprising:
It is accessed using operation system of first test data to the firewall after optimization;
If the firewall after first test data is optimised intercepts, optimize success, if first test The firewall after data are not optimised intercepts, then according to the corresponding configuration file of first test data again to described Firewall optimizes.
The device for the optimization firewall that the present invention also provides a kind of based on security protection, comprising:
Module is obtained, for obtaining the test data for testing firewall, wherein band in the different test datas There is different configuration files, the configuration file is used to characterize the invasion strategy for the operation system for invading the firewall protection;
Test module obtains accessing successfully for the test data to be accessed to the operation system of the firewall protection The first test data;
Optimization module, for optimizing the firewall according to the corresponding configuration file of first test data.
The present invention also provides a kind of computer equipment, including memory and processor, the memory is stored with computer The step of program, the processor realizes the above method when executing the computer program.
The present invention also provides a kind of computer readable storage mediums, are stored thereon with computer program, the computer The step of above method is realized when program is executed by processor.
The invention has the benefit that this method is realized using program, it is not necessarily to manual intervention, saves human resources, work It is more efficient;This method tests firewall by using the test data with a variety of different configuration files, and according to success The configuration that adjustment firewall is removed around the configuration file of the test data of firewall, intercepts the firewall a variety of different The invasion of data, to achieve the purpose that optimize firewall;And the intrusion rule tested is marked, so that can after breakpoint Unlabelled intrusion rule is continued to test according to marked intrusion rule, job schedule will not be lost because of power-off.
Detailed description of the invention
Fig. 1 is the step schematic diagram of the method for the optimization firewall in one embodiment of the invention based on security protection;
Fig. 2 is the structural schematic block diagram of the device of the optimization firewall in one embodiment of the invention based on security protection;
Fig. 3 is the structural schematic block diagram that module is obtained in one embodiment of the invention;
Fig. 4 is the structural schematic block diagram that module is obtained in another embodiment of the present invention;
Fig. 5 is the structural schematic block diagram of test module in one embodiment of the invention;
Fig. 6 is the structural schematic block diagram of test module in another embodiment of the present invention;
Fig. 7 is the structural schematic block diagram of the device of the optimization firewall in another embodiment of the present invention based on security protection;
Fig. 8 is the structural schematic block diagram of the computer equipment of one embodiment of the invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Referring to Fig.1, the method for the optimization firewall based on security protection in the present embodiment, comprising:
Step S1: the test data for testing firewall is obtained, wherein with difference in the different test datas Configuration file, the configuration file is used to characterize the invasion strategy of the operation system for invading the firewall protection;
The test data: being accessed the operation system of the firewall protection by step S2, obtains accessing successful first Test data;
Step S3: optimize the firewall according to the corresponding configuration file of first test data.
In the present embodiment, since it is desired that firewall is tested using test data, therefore before testing firewall, Need to obtain the test data for testing firewall, above-mentioned test data is the data with configuration file, and different surveys It tries data and has different configuration files, which is the invasion plan for characterizing the operation system of intrusion firewall protection It slightly, include intrusion rule in this document, which is for a kind of rule that can bypass firewall and be arranged, such as various words Accord with field permutation and combination.Specifically, the method for above-mentioned test firewall is to protect above-mentioned test data access fire-proof wall Operation system, wherein being able to access that the test data of the operation system is configured with the configuration text for breaking through the firewall of the operation system Part, so the test data with configuration file is used to test firewall.
It is understood that firewall is provided with interception rule, but not all test data can be by It intercepts, if the interception rule of intrusion rule and firewall in above-mentioned test data configuration file mismatches, test data Firewall can be bypassed, thus the operation system of intrusion firewall protection.In step s 2, by above-mentioned test data to be measured Firewall is tested, and e.g., is accessed using operation system of the test data to firewall protection, is tested above-mentioned test data Whether it is able to access that the operation system of above-mentioned firewall, if test data is intercepted by firewall, illustrates firewall to the test number According to effective, then without going optimization firewall to say if test data is not intercepted by firewall according to test data configuration file The bright firewall is invalid to test data, the first test data of access of at this moment succeeding, according to first test data Firewall is optimized to that the firewall of above-mentioned first test data can be intercepted by configuration file, specifically, above-mentioned optimization process For according to the intrusion rule in configuration file, the configuration file of the corresponding firewall for going modification current tested (includes to intercept Rule) so that the two matches, current firewall is modified as to intercept the firewall of above-mentioned test data, to reach excellent The purpose of chemoprevention wall with flues, above method whole process are realized using program, are not necessarily to manual intervention, save human resources.
Specifically, above-mentioned steps S1 includes:
Step S10: obtaining intrusion rule from preset database, the intrusion rule be for can bypass firewall and A kind of rule being arranged;
Step S11: the intrusion rule being configured in the configuration file for the data for being used to test firewall, so that described Data form the test data.
In the present embodiment, in order to save test resource and number, intrusion rule can be obtained by following approach: from Sqlmap obtains above-mentioned intrusion rule, collect that other people use from network can around firewall intrusion rule and test it The intrusion rule not being intercepted when its firewall obtains the various invasions that can bypass other firewalls by above-mentioned approach and advises Then, if these intrusion rules can bypass other firewalls, that is, illustrate that these intrusion rules may also bypass and be currently used in test Firewall, that is, show that these intrusion rules can be used for testing, by above-mentioned three kinds obtain for test intrusion rule approach It can avoid getting nugatory rule, to save test resource.Intrusion rule is got by above-mentioned approach to store In presetting database, when it is desired to be used, obtained directly from above-mentioned preset database.Above-mentioned sqlmap is one The open source software of web system is attacked, there is a large amount of intrusion rule for bypassing firewall, in step s 11, before test, Above-mentioned intrusion rule is configured in the configuration file for the data for being used to test firewall, it is above-mentioned for testing the data of firewall The data of operation system as can be normally accessed, these data can be obtained from number of ways, such as the history from access operation system It is obtained in data, or attempts preset data then access accesses successfully obtained from by using preset data.
In one embodiment, before step S11, comprising:
Step S01: according to the type of the operation system of the firewall protection, classify to the intrusion rule;
Step S02: the corresponding intrusion rule is called according to the type of the operation system of the firewall protection.
In the present embodiment, due to the difference between different business systems, the configuration of the firewall between different business systems File is also possible to be arranged different, i.e., it is different to intercept rule for corresponding firewall.It specifically can be according to the need of operation system It asks the interception of the firewall applied to different business systems rule is arranged, so accessing the business system of different firewall protections Before system, the above-mentioned intrusion rule got can be classified according to the type of its operation system, so that having same type The test data of intrusion rule accesses corresponding operation system.It thus is avoided that test data occur accesses not corresponding operation system And invalid test is caused, the case where waste of resource.
Specifically, before access, the type that intrusion rule corresponds to the operation system of firewall protection is classified, so Afterwards according to the type of operation system, call the intrusion rule of corresponding the type, these intrusion rules are configured to be used to test it is anti- In the configuration file of the data of wall with flues, the test data of the type of corresponding operation system is formed, then by above-mentioned test data pair The operation system of the firewall protection accesses, and citing ground, going out the operation system according to the type identification of operation system is Mysql database, then using the survey of the intrusion rule with corresponding mysql database when accessing the mysql database Data are tried, without being to oracle, sqlserver etc. by the test data for having the intrusion rule of corresponding mysql database System accesses.In above-mentioned access process, the operation system of the different a pair of above-mentioned firewall protections of test data one is carried out Access, to obtain different different being intercepted not by test data that above-mentioned firewall intercepts and by above-mentioned firewall Test data.
Preferably, the step of above-mentioned operation system that the test data is accessed to the firewall protection, comprising:
Step S20 ': multiple and different test datas simultaneously test the firewall.
In this step, in order to save the testing time, multiple above-mentioned test datas simultaneously can test firewall, Specifically, multiple and different above-mentioned intrusion rules is first called, these intrusion rules are respectively configured and are used to test firewall Data configuration file in form multiple and different test datas, then by these test datas to the industry of firewall protection Business system accesses, citing ground, while opening a plurality of thread and testing firewall, and every thread is connected to business system System, and every thread is all made of a test data and accesses to above-mentioned operation system, test datas multiple so simultaneously into The operation system of row access fire-proof wall protection, can save access time, improve working efficiency, need if any 10,000 test datas Access, if accessing one by one, need to access 10,000 times, can consume a longer time, if but open 100 threads, It can be completed after so 100 times access, greatly increase working efficiency.
Further, the step of above-mentioned operation system that the test data is accessed to the firewall protection, comprising:
Step S20: judge whether the intrusion rule in the test data matches with the interception rule in the firewall;
Step S21: if the interception rule match of the intrusion rule of the test data and the firewall, access at Function;If the intrusion rule and interception rule mismatch, success is accessed, and obtains accessing successful first test number According to.
In the present embodiment, when test data tests the firewall, first by test data to firewall Operation system accesses, and accesses there are two types of results, at this moment one kind proves test data for operation system can normally be accessed Firewall can be successfully bypassed, one is access less than operation system, it was demonstrated that the test data is intercepted by firewall.Specifically It says, the intrusion rule of above-mentioned test data is matched with the interception rule of firewall, if the two matches, at this moment test data It can be intercepted, that is, access successfully by firewall, if the two mismatches, test data can bypass firewall, thus successful access The operation system of the firewall protection.Such as, key character can be intercepted by intercepting setting in rule, if with correspondence in intrusion rule Key character, then intrusion rule with intercept rule be adapted to;Rule can then be invaded with case sensitive letter by intercepting setting in rule Then middle character either capitalization or lowercase is adapted to interception rule.
Further, the intrusion rule that can successfully bypass the test data of firewall is recorded according to access result Come, the interception rule of firewall is then adjusted according to these intrusion rules, thus optimize firewall, specifically, above-mentioned access As a result in, if test data can successfully bypass firewall, so that operation system normally be accessed, illustrate this test data pair It is a loophole for firewall, so the interception rule of adjustment firewall can be gone according to the intrusion rule of this test data Then, firewall is intercepted when encountering the data with such intrusion rule again.Citing ground, different invasions The interception rule of rule adjustment firewall is also different, and if included key character in intrusion rule, adjustment intercepts rule, so that Intercepting rule includes that can intercept the key character, can be by this moment if the intrusion rule again attacks firewall It intercepts.
In one embodiment, after above-mentioned steps S2, comprising:
Step S3 ': in the preset database by configured to the data and the intrusion rule tested marks.
It, can be to the intrusion rule in presetting database after obtaining accessing successful first test data in this step It is marked, specifically, one is test datas can successfully bypass fire prevention there are two types of the access results known to above-mentioned steps Wall, then the test data can be denoted as the first test data, corresponding, and the corresponding intrusion rule of the first test data is labeled as A, and It records, intercepts rule for use in adjustment;One is test datas to be intercepted by firewall, then the test data can be denoted as Two test datas, corresponding, which can be labeled as B.Due to the diversity of intrusion rule Non- intellectual, if thinking, firewall can intercept more data for having intrusion rule, so a large amount of intrusion rules is needed to carry out Test obtains intrusion rule that is effective, can be used for adjusting firewall interception rule during the test, and due to intrusion rule Substantial amounts be easy to cause retest or test leakage to try, so in the preset database if breakpoint is resurveyed again The intrusion rule tested is marked, and the intrusion rule same so is no longer surveyed when restarting task after testing breakpoint Examination will not lose when testing again directly since the last one intrusion rule to be measured before breakpoint because of breakpoint in this way The job schedule of mistake.
Further, after step s 3, comprising:
Step S4: it is accessed using operation system of first test data to the firewall after optimization;
Step S5: if being intercepted after first test data optimization by the firewall, optimizes success, if described the The firewall after one test data is not optimised intercepts, then again according to the corresponding configuration file of first test data The firewall is optimized.
In the present embodiment, after optimizing firewall, it is to be ensured that the firewall can intercept above-mentioned first test data, then Need to verify whether the firewall optimizes success, specific verification process are as follows: protect the first test data to the firewall after optimization The operation system of shield accesses, if the firewall after the first test data is optimised intercepts, that is, illustrates that the firewall is optimized to Function illustrates that optimization firewall is unsuccessful, needs again to fire prevention if the firewall after the first test data is not optimised intercepts Wall optimizes, then is advised according to the interception that the intrusion rule in above-mentioned first test data configuration file adjusts firewall again Then, to optimize above-mentioned firewall, then the firewall is verified again, so until above-mentioned firewall can when verifying To intercept above-mentioned first test data, then illustrate that above-mentioned firewall optimizes successfully.
Referring to Fig. 2, the device of the optimization firewall in the present embodiment based on security protection, comprising:
Module 100 is obtained, for obtaining the test data for testing firewall, wherein the different test datas In have different configuration files, the configuration file is used to characterize the invasion plan of the operation system for invading the firewall protection Slightly;
Test module 200 obtains accessing into for the test data to be accessed to the operation system of the firewall protection First test data of function;
Optimization module 300, for optimizing the firewall according to the corresponding configuration file of first test data.
In the present embodiment, since it is desired that firewall is tested using test data, therefore before testing firewall, It needing to obtain module 100 and obtains test data for testing firewall, above-mentioned test data is the data with configuration file, And different test datas has different configuration files, which is the business system for characterizing intrusion firewall protection The invasion strategy of system, includes intrusion rule in this document, which is for a kind of rule that can bypass firewall and be arranged Then, such as various character field permutation and combination.Specifically, the method for above-mentioned test firewall is to access above-mentioned test data to prevent The operation system of wall with flues protection, wherein being able to access that the test data of the operation system is each equipped with breaks through the anti-of the operation system The configuration file of wall with flues, so the test data with configuration file is used to test firewall.
It is understood that firewall is provided with interception rule, but not all test data can be by It intercepts, if the interception rule of intrusion rule and firewall in above-mentioned test data configuration file mismatches, test data Firewall can be bypassed, thus the operation system of intrusion firewall protection.Above-mentioned test data carries out firewall to be measured Test, e.g., test module 200 accesses operation system of the test data to firewall protection, tests above-mentioned test data Whether it is able to access that the operation system of above-mentioned firewall, if test data is intercepted by firewall, illustrates firewall to the test number According to effective, then without going optimization firewall to say if test data is not intercepted by firewall according to test data configuration file The bright firewall is invalid to test data, the first test data of access of at this moment succeeding, optimization module 300 according to this first Firewall is optimized to that the firewall of above-mentioned first test data can be intercepted by the configuration file of test data, specifically, on Stating optimization process is the configuration file of the corresponding firewall for going modification current tested according to the intrusion rule in configuration file (including to intercept rule), so that the two matches, current firewall is modified as to intercept the firewall of above-mentioned test data, To achieve the purpose that optimize firewall.
Specifically, referring to Fig. 3, above-mentioned acquisition module 100 includes:
Acquisition submodule 110, for obtaining intrusion rule from preset database, the intrusion rule is for can be around A kind of rule crossing firewall and being arranged;
Submodule 120 is added, is used to test the configuration files of the data of firewall for the intrusion rule to be configured to In, so that the data form the test data.
In the present embodiment, in order to save test resource and number, intrusion rule can be obtained by following approach: from Sqlmap obtains above-mentioned intrusion rule, collect that other people use from network can around firewall intrusion rule and test it The intrusion rule not being intercepted when its firewall obtains the various invasions that can bypass other firewalls by above-mentioned approach and advises Then, if these intrusion rules can bypass other firewalls, that is, illustrate that these intrusion rules may also bypass and be currently used in test Firewall, that is, show that these intrusion rules can be used for testing, by above-mentioned three kinds obtain for test intrusion rule approach It can avoid getting nugatory rule, to save test resource.Intrusion rule is got by above-mentioned approach to store In presetting database, when it is desired to be used, obtained directly from above-mentioned preset database.Above-mentioned sqlmap is one The open source software of web system is attacked, has and bypasses a large amount of intrusion rule of firewall.Before test, submodule 120 is added will Above-mentioned intrusion rule is configured in the configuration file of the data for testing firewall, and the above-mentioned data for testing firewall are i.e. For the data that can normally access operation system, these data can be obtained from number of ways, such as the history number from access operation system Preset data then access accesses successfully obtained from are attempted according to middle acquisition, or by using preset data.
In one embodiment, referring to Fig. 4, above-mentioned acquisition module 100, further includes:
Classify submodule 130, for the type according to the operation system of the firewall protection, to the intrusion rule into Row classification;
Call submodule 140, for the type according to the operation system of the firewall protection call it is corresponding it is described enter Invade rule.
In the present embodiment, due to the difference between different business systems, the configuration of the firewall between different business systems File is also possible to be arranged different, i.e., it is different to intercept rule for corresponding firewall.It specifically can be according to the need of operation system It asks the interception of the firewall applied to different business systems rule is arranged, so accessing the business system of different firewall protections Before system, classification submodule 130 can classify the above-mentioned intrusion rule got according to the type of its operation system, make It obtains the test data with same type intrusion rule and accesses corresponding operation system.Thus be avoided that occur test data access it is not right The operation system answered and cause invalid test, the case where waste of resource.
Specifically, before access, intrusion rule is corresponded to the class of the operation system of firewall protection by classification submodule 130 Type is classified, and is then called submodule 140 according to the type of operation system, the intrusion rule of corresponding the type is called, by this A little intrusion rules are configured in the configuration file of the data for testing firewall, form the test of the type of corresponding operation system Then data access operation system of the above-mentioned test data to the firewall protection, citing ground, according to operation system It is mysql database that type identification, which goes out the operation system, then using when accessing the mysql database with correspondence The test data of the intrusion rule of mysql database, the test number of the intrusion rule without corresponding mysql database will be had It accesses according to systems such as oracle, sqlserver.It is in above-mentioned access process, different test datas one is a pair of above-mentioned The operation system of firewall protection accesses, so that the different test datas not intercepted by above-mentioned firewall is obtained, and The different test datas intercepted by above-mentioned firewall.
In one embodiment, referring to Fig. 5, above-mentioned test module 200, comprising:
Submodule 210 is tested, for testing the firewall multiple and different test datas simultaneously.
In the present embodiment, in order to save the testing time, test submodule 210 can be right simultaneously by multiple above-mentioned test datas Firewall is tested, and specifically, first calls multiple and different above-mentioned intrusion rules, these intrusion rules are respectively configured Multiple and different test datas is formed in the configuration file of data for testing firewall, then by these test datas pair The operation system of firewall protection accesses, citing ground, while opening a plurality of thread and testing firewall, every thread It is connected to operation system, and every thread is all made of a test data and accesses to above-mentioned operation system, surveys multiple in this way Examination data while the operation system for the firewall protection that accesses, can save access time, working efficiency be improved, if any 10,000 A test data needs to access, if accessing one by one, needs to access 10,000 times, can consume a longer time, if but opening 100 threads greatly increase working efficiency then can be completed after 100 access.
In another embodiment, referring to Fig. 6, above-mentioned test module 200, comprising:
Judging submodule 220, for judging that the intrusion rule in the test data and the interception in the firewall are advised Then whether match;
Access submodule 230, for the test data intrusion rule and the firewall interception rule match when, Then access success;If the intrusion rule and interception rule mismatch, success is accessed, and obtain accessing successful first Test data.
In the present embodiment, when test data tests the firewall, first by test data to firewall Operation system accesses, and accesses there are two types of results, at this moment one kind proves test data for operation system can normally be accessed Firewall can be successfully bypassed, one is access less than operation system, it was demonstrated that the test data is intercepted by firewall.Specifically It says, the intrusion rule of above-mentioned test data is matched with the interception rule of firewall, if the two matches, at this moment test data It can be intercepted, that is, access successfully by firewall, if the two mismatches, test data can bypass firewall, thus successful access The operation system of the firewall protection.Such as, key character can be intercepted by intercepting setting in rule, if with correspondence in intrusion rule Key character, then intrusion rule with intercept rule be adapted to;Rule can then be invaded with case sensitive letter by intercepting setting in rule Then middle character either capitalization or lowercase is adapted to interception rule.
Further, the intrusion rule that can successfully bypass the test data of firewall is recorded according to access result Come, the interception rule of firewall is then adjusted according to these intrusion rules, thus optimize firewall, specifically, above-mentioned access As a result in, if test data can successfully bypass firewall, so that operation system normally be accessed, illustrate this test data pair It is a loophole for firewall, so the interception rule of adjustment firewall can be gone according to the intrusion rule of this test data Then, firewall is intercepted when encountering the data with such intrusion rule again.Citing ground, different invasions The interception rule of rule adjustment firewall is also different, and if included key character in intrusion rule, adjustment intercepts rule, so that Intercepting rule includes that can intercept the key character, can be by this moment if the intrusion rule again attacks firewall It intercepts.
In one embodiment, the device of the above-mentioned optimization firewall based on security protection, comprising:
Mark module, in the preset database by configured to the data and the intrusion rule mark tested Note.
In the present embodiment, after obtaining accessing successful first test data, mark module can be in presetting database Intrusion rule be marked, can be at one is test data specifically, by there are two types of access results known to above-mentioned steps Function bypasses firewall, then the test data can be denoted as the first test data, corresponding, the corresponding intrusion rule of the first test data It labeled as A, and records, intercepts rule for use in adjustment;One is test datas to be intercepted by firewall, then the test number According to that can be denoted as the second test data, corresponding, which can be labeled as B.Since invasion is advised Diversity and non-intellectual then, if thinking, firewall can intercept more data for having intrusion rule, so needing largely to enter Rule is invaded to be tested, acquisition is effective during the test, can be used for adjusting the intrusion rule of firewall interception rule, and by In the substantial amounts of intrusion rule, if breakpoint is resurveyed again, it be easy to cause retest or test leakage to try, so in preset data In library after tested cross intrusion rule be marked, the intrusion rule same in this way when restarting task after testing breakpoint not It is tested again, it, in this way will not be because of when testing again directly since the last one intrusion rule to be measured before breakpoint Breakpoint and the job schedule lost.
Further, referring to Fig. 7, the device of the above-mentioned optimization firewall based on security protection, further includes:
Authentication module 500, for using first test data to the operation system of the firewall after optimization into Row access;
Module 600 is surveyed again, if being intercepted after first test data optimization by the firewall, optimizes success, if The firewall after first test data is not optimised intercepts, then according to the corresponding configuration text of first test data Part again optimizes the firewall.
In the present embodiment, after optimizing firewall, it is to be ensured that the firewall can intercept above-mentioned first test data, then Need to verify whether the firewall optimizes success, specific verification process are as follows: authentication module 500 by the first test data to optimization after The operation system of firewall protection access, if the firewall after the first test data is optimised intercepts, that is, illustrate that this is anti- Wall with flues optimizes successfully, if the firewall after the first test data is not optimised intercepts, that is, illustrates that optimization firewall is unsuccessful, needs Firewall is optimized again, then firewall is adjusted according to the intrusion rule in above-mentioned first test data configuration file again Interception rule, to optimize above-mentioned firewall, then the firewall is verified again, so until verifying when, it is above-mentioned Firewall can intercept above-mentioned first test data, then illustrate that above-mentioned firewall optimizes successfully.
Referring to Fig. 8, a kind of computer equipment is also provided in the embodiment of the present invention, which can be server, Its internal structure can be as shown in Figure 8.The computer equipment includes processor, the memory, network connected by system bus Interface and database.Wherein, the processor of the Computer Design is for providing calculating and control ability.The computer equipment is deposited Reservoir includes non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program And database.The internal memory provides environment for the operation of operating system and computer program in non-volatile memory medium.It should The database of computer equipment is used to store the data such as the method for optimization firewall based on security protection.The computer equipment Network interface is used to communicate with external terminal by network connection.To realize one kind when the computer program is executed by processor The method of optimization firewall based on security protection.
Above-mentioned processor executes the step of method of the above-mentioned optimization firewall based on security protection: obtaining anti-for testing The test data of wall with flues, wherein different configuration files is had in the different test datas, the configuration file is used for table Sign invades the invasion strategy of the operation system of the firewall protection;The test data is accessed to the industry of the firewall protection Business system obtains accessing successful first test data;According to described in the corresponding configuration file optimization of first test data Firewall.
The step of above-mentioned computer equipment, the test data obtained for testing firewall, comprising: from preset number According to intrusion rule is obtained in library, the intrusion rule is for a kind of rule that can bypass firewall and be arranged;By the invasion Rule is configured in the configuration file of the data for testing firewall, so that the data form the test data.
In one embodiment, above-mentioned that the intrusion rule is configured to the configuration file for being used to test the data of firewall In, so that before the step of data form the test data, comprising: according to the operation system of the firewall protection Type classifies to the intrusion rule;It is called according to the type of the operation system of the firewall protection corresponding described Intrusion rule can avoid the occurrence of test data in this way and access not corresponding operation system and cause invalid test, waste money The case where source.
In one embodiment, the step of above-mentioned operation system that the test data is accessed to the firewall protection, Include: by multiple and different test datas while to access the operation system of the firewall protection, visit can be saved in this way It asks the time, improves working efficiency.
In one embodiment, the operation system described above that the test data is accessed to the firewall protection, obtains To the step of accessing successful first test data, comprising: judge the intrusion rule and the firewall in the test data In interception rule whether match;If the interception rule match of the intrusion rule of the test data and the firewall, is visited It asks unsuccessfully;If the intrusion rule and interception rule mismatch, success is accessed, and obtains accessing successful first test Data.
In another embodiment, the above-mentioned operation system that the test data is accessed to the firewall protection, obtains After the step of accessing successful first test data, comprising: in the preset database by it is configured to the data and into The intrusion rule label of row test.
In one embodiment, described to optimize the firewall according to the corresponding configuration file of first test data After step, comprising: accessed using operation system of first test data to the firewall after optimization;If institute State the first test data it is optimised after the firewall intercept, then optimize success, if first test data is not optimised The firewall afterwards intercepts, then is carried out again to the firewall according to the corresponding configuration file of first test data excellent Change.
It will be understood by those skilled in the art that structure shown in Fig. 8, only part relevant to application scheme is tied The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme.
One embodiment of the invention also provides a kind of computer readable storage medium, is stored thereon with computer program, calculates Machine program realizes a kind of optimization firewall method based on security protection when being executed by processor, specifically: it obtains for surveying Try the test data of firewall, wherein different configuration files is had in the different test datas, the configuration file is used The invasion strategy of the operation system of the firewall protection is invaded in characterization;The test data is accessed into the firewall protection Operation system, obtain accessing successful first test data;According to the corresponding configuration file optimization of first test data The firewall.
The step of above-mentioned computer readable storage medium, the test data obtained for testing firewall, comprising: from Intrusion rule is obtained in preset database, the intrusion rule is for a kind of rule that can bypass firewall and be arranged;It will The intrusion rule is configured in the configuration file of the data for testing firewall, so that the data form the test number According to.
In one embodiment, above-mentioned that the intrusion rule is configured to the configuration file for being used to test the data of firewall In, so that before the step of data form the test data, comprising: according to the operation system of the firewall protection Type classifies to the intrusion rule;It is called according to the type of the operation system of the firewall protection corresponding described Intrusion rule can avoid the occurrence of test data in this way and access not corresponding operation system and cause invalid test, waste money The case where source.
In one embodiment, the step of above-mentioned operation system that the test data is accessed to the firewall protection, Include: by multiple and different test datas while to access the operation system of the firewall protection, visit can be saved in this way It asks the time, improves working efficiency.
In one embodiment, the above-mentioned operation system that the test data is accessed to the firewall protection, must visit The step of asking successful first test data, comprising: judge in the intrusion rule and the firewall in the test data Intercept whether rule matches;If the interception rule match of the intrusion rule of the test data and the firewall, accesses mistake It loses;If the intrusion rule and interception rule mismatch, success is accessed, and obtains accessing successful first test number According to.
In another embodiment, the above-mentioned operation system that the test data is accessed to the firewall protection, obtains After the step of accessing successful first test data, comprising: in the preset database by it is configured to the data and into The intrusion rule label of row test.
In one embodiment, described to optimize the firewall according to the corresponding configuration file of first test data After step, comprising: accessed using operation system of first test data to the firewall after optimization;If institute State the first test data it is optimised after the firewall intercept, then optimize success, if first test data is not optimised The firewall afterwards intercepts, then is carried out again to the firewall according to the corresponding configuration file of first test data excellent Change.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the computer program can store and a non-volatile computer In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, Any reference used in provided herein and embodiment to memory, storage, database or other media, Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM (PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include Random access memory (RAM) or external cache.By way of illustration and not limitation, mono- diversified forms of RAM can obtain, Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double speed are according to rate SDRAM (SSRSDRAM), enhancing Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, device, article or the method that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, device, article or method institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, device of element, article or method.
The above description is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all utilizations Equivalent structure or equivalent flow shift made by description of the invention and accompanying drawing content is applied directly or indirectly in other correlations Technical field, be included within the scope of the present invention.

Claims (10)

1. a kind of method of the optimization firewall based on security protection characterized by comprising
Obtain the test data for testing firewall, wherein different configuration files is had in the different test datas, The configuration file is used to characterize the invasion strategy for the operation system for invading the firewall protection;
The operation system that the test data is accessed to the firewall protection obtains accessing successful first test data;
Optimize the firewall according to the corresponding configuration file of first test data.
2. the method for the optimization firewall according to claim 1 based on security protection, which is characterized in that the acquisition is used In the step of testing the test data of firewall, comprising:
Intrusion rule is obtained from preset database, the intrusion rule is for a kind of rule that can bypass firewall and be arranged Then;
The intrusion rule is configured in the configuration file for the data for being used to test firewall so that the data formed it is described Test data.
3. the method for the optimization firewall according to claim 2 based on security protection, which is characterized in that it is described will be described Intrusion rule is configured in the configuration file of the data for testing firewall, so that the data form the test data Before step, comprising:
According to the type of the operation system of the firewall protection, classify to the intrusion rule;
The corresponding intrusion rule is called according to the type of the operation system of the firewall protection.
4. the method for the optimization firewall according to claim 1 based on security protection, which is characterized in that it is described will be described Test data accesses the step of operation system of the firewall protection, comprising:
Multiple and different test datas is accessed to the operation system of the firewall protection simultaneously.
5. the method for the optimization firewall according to claim 2 based on security protection, which is characterized in that it is described will be described Test data accesses the operation system of the firewall protection, obtains the step of accessing successful first test data, comprising:
Judge whether the intrusion rule in the test data matches with the interception rule in the firewall;
If the interception rule match of the intrusion rule of the test data and the firewall, accesses failure;If the invasion It is regular to be mismatched with the interception rule, then success is accessed, and obtain accessing successful first test data.
6. the method for optimization firewall according to claim 2, which is characterized in that described that the test data is accessed institute The operation system for stating firewall protection, after obtaining the step of accessing successful first test data, comprising:
In the preset database by configured to the data and the intrusion rule tested marks.
7. the method for the optimization firewall according to claim 1 based on security protection, which is characterized in that described according to institute After stating the step of corresponding configuration file of the first test data optimizes the firewall, comprising:
It is accessed using operation system of first test data to the firewall after optimization;
If the firewall after first test data is optimised intercepts, optimize success, if first test data The firewall after not optimised intercepts, then according to the corresponding configuration file of first test data again to the fire prevention Wall optimizes.
8. a kind of device of the optimization firewall based on security protection characterized by comprising
Module is obtained, for obtaining the test data for testing firewall, wherein with not in the different test datas Same configuration file, the configuration file are used to characterize the invasion strategy for the operation system for invading the firewall protection;
Test module obtains accessing successful for the test data to be accessed to the operation system of the firewall protection One test data;
Optimization module, for optimizing the firewall according to the corresponding configuration file of first test data.
9. a kind of computer equipment, including memory and processor, the memory are stored with computer program, feature exists In the step of processor realizes any one of claims 1 to 7 the method when executing the computer program.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program The step of method described in any one of claims 1 to 7 is realized when being executed by processor.
CN201811083931.7A 2018-09-17 2018-09-17 The method, apparatus and computer equipment of optimization firewall based on security protection Pending CN109067779A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811083931.7A CN109067779A (en) 2018-09-17 2018-09-17 The method, apparatus and computer equipment of optimization firewall based on security protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811083931.7A CN109067779A (en) 2018-09-17 2018-09-17 The method, apparatus and computer equipment of optimization firewall based on security protection

Publications (1)

Publication Number Publication Date
CN109067779A true CN109067779A (en) 2018-12-21

Family

ID=64762979

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811083931.7A Pending CN109067779A (en) 2018-09-17 2018-09-17 The method, apparatus and computer equipment of optimization firewall based on security protection

Country Status (1)

Country Link
CN (1) CN109067779A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110247933A (en) * 2019-07-08 2019-09-17 中国工商银行股份有限公司 The method and apparatus for realizing firewall policy
CN112398857A (en) * 2020-11-17 2021-02-23 腾讯科技(深圳)有限公司 Firewall testing method and device, computer equipment and storage medium
CN114301638A (en) * 2021-12-13 2022-04-08 山石网科通信技术股份有限公司 Method and device for reproducing firewall rules, storage medium and processor
CN114338145A (en) * 2021-12-27 2022-04-12 绿盟科技集团股份有限公司 Safety protection method and device and electronic equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101060521A (en) * 2006-04-18 2007-10-24 华为技术有限公司 Information packet filtering method and network firewall
US20150143502A1 (en) * 2013-09-25 2015-05-21 Veracode, Inc. System and method for automated configuration of application firewalls
US20150358282A1 (en) * 2014-06-04 2015-12-10 Bank Of America Corporation Firewall Policy Browser
CN105187435A (en) * 2015-09-24 2015-12-23 浪潮电子信息产业股份有限公司 Firewall rule filtration optimization method
US20160277357A1 (en) * 2013-03-18 2016-09-22 British Telecommunications Public Limited Company Firewall testing
CN107395593A (en) * 2017-07-19 2017-11-24 深信服科技股份有限公司 A kind of leak automation means of defence, fire wall and storage medium
CN108429774A (en) * 2018-06-21 2018-08-21 蔡梦臣 A kind of firewall policy centralized optimization management method and its system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101060521A (en) * 2006-04-18 2007-10-24 华为技术有限公司 Information packet filtering method and network firewall
US20160277357A1 (en) * 2013-03-18 2016-09-22 British Telecommunications Public Limited Company Firewall testing
US20150143502A1 (en) * 2013-09-25 2015-05-21 Veracode, Inc. System and method for automated configuration of application firewalls
US20150358282A1 (en) * 2014-06-04 2015-12-10 Bank Of America Corporation Firewall Policy Browser
CN105187435A (en) * 2015-09-24 2015-12-23 浪潮电子信息产业股份有限公司 Firewall rule filtration optimization method
CN107395593A (en) * 2017-07-19 2017-11-24 深信服科技股份有限公司 A kind of leak automation means of defence, fire wall and storage medium
CN108429774A (en) * 2018-06-21 2018-08-21 蔡梦臣 A kind of firewall policy centralized optimization management method and its system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
EHAB AL-SHAER: "Automated pseudo-live testing of firewall configuration enforcement", 《 IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS》 *
傅慧: "动态包过滤防火墙规则优化研究", 《信息网络安全》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110247933A (en) * 2019-07-08 2019-09-17 中国工商银行股份有限公司 The method and apparatus for realizing firewall policy
CN112398857A (en) * 2020-11-17 2021-02-23 腾讯科技(深圳)有限公司 Firewall testing method and device, computer equipment and storage medium
CN112398857B (en) * 2020-11-17 2023-07-25 腾讯科技(深圳)有限公司 Firewall testing method, device, computer equipment and storage medium
CN114301638A (en) * 2021-12-13 2022-04-08 山石网科通信技术股份有限公司 Method and device for reproducing firewall rules, storage medium and processor
CN114301638B (en) * 2021-12-13 2024-02-06 山石网科通信技术股份有限公司 Firewall rule reproduction method and device, storage medium and processor
CN114338145A (en) * 2021-12-27 2022-04-12 绿盟科技集团股份有限公司 Safety protection method and device and electronic equipment
CN114338145B (en) * 2021-12-27 2023-09-26 绿盟科技集团股份有限公司 Safety protection method and device and electronic equipment

Similar Documents

Publication Publication Date Title
US10038711B1 (en) Penetration testing of a networked system
CN109067779A (en) The method, apparatus and computer equipment of optimization firewall based on security protection
US10367846B2 (en) Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign
US10257220B2 (en) Verifying success of compromising a network node during penetration testing of a networked system
CN104301302B (en) Go beyond one's commission attack detection method and device
US11206281B2 (en) Validating the use of user credentials in a penetration testing campaign
CN107634967B (en) CSRFtoken defense system and method for CSRF attack
CN104468632A (en) Loophole attack prevention method, device and system
US20140157366A1 (en) Network access control system and method
Maraj et al. Testing techniques and analysis of SQL injection attacks
Anand et al. Vulnerability-based security pattern categorization in search of missing patterns
CN109376530B (en) Process mandatory behavior control method and system based on mark
CN110933054B (en) Data network security protection method and device, computer equipment and storage medium
CN107682346B (en) System and method for rapidly positioning and identifying CSRF attack
CN106790169B (en) Protection method and device for scanning of scanning equipment
CN112383536B (en) Firewall verification method and device, computer equipment and storage medium
Khamdamov et al. Method of developing a web-application firewall
JP6950304B2 (en) How to match secure elements, computer programs, devices, servers and file information
KR102470683B1 (en) Security design flaw detection method based on unit test case, recording medium and device for performing the same
Agrawal et al. Offensive Web Application Security Framework.
Williams Protection from the Inside: Application Security Methodologies Compared
Akram et al. Defense Mechanism Using Multilayered Approach and SQL Injection Methods for Web Based Attacks
Liu et al. INTRUSION CONFINEMENT BY ISOLATION IN
Ilić et al. One approach to the testing of security of proposed database application software
CN113765859A (en) Network security filtering method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181221

RJ01 Rejection of invention patent application after publication