CN109101811A - A kind of O&M and auditing method of the controllable Oracle session based on the tunnel SSH - Google Patents

A kind of O&M and auditing method of the controllable Oracle session based on the tunnel SSH Download PDF

Info

Publication number
CN109101811A
CN109101811A CN201810908751.1A CN201810908751A CN109101811A CN 109101811 A CN109101811 A CN 109101811A CN 201810908751 A CN201810908751 A CN 201810908751A CN 109101811 A CN109101811 A CN 109101811A
Authority
CN
China
Prior art keywords
ssh
oracle
proxy module
protocol proxy
auditing system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810908751.1A
Other languages
Chinese (zh)
Other versions
CN109101811B (en
Inventor
郑学新
王继洪
范渊
吴永越
刘韬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu DBAPPSecurity Co Ltd
Original Assignee
Chengdu DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu DBAPPSecurity Co Ltd filed Critical Chengdu DBAPPSecurity Co Ltd
Priority to CN201810908751.1A priority Critical patent/CN109101811B/en
Publication of CN109101811A publication Critical patent/CN109101811A/en
Application granted granted Critical
Publication of CN109101811B publication Critical patent/CN109101811B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/12Accounting

Abstract

The O&M and auditing method for the controllable Oracle session based on the tunnel SSH that the invention discloses a kind of, user is by supporting the client of SSH tunnel mode to initiate certification connection request to O&M and auditing system, SSH protocol proxy module header data in SSH data packet of taking carries out subscription authentication, and it gives remaining data to Oracle protocol proxy module and handles, Oracle proxy module linking objective assets and user, the two-way authentication between user and O&M and auditing system and O&M and auditing system and desired asset is completed, O&M and auditing system are started to work.The present invention solves traditional O&M and auditing system and does not support the oracle database O&M and audit issues of SSH tunnel mode, while also providing the user with a kind of controllable experience of system session;When data flow through O&M and auditing system, system can be directly involved in Oracle session, and administrator can be allowed to carry out certain control to session, for example block session, order examination & approval, permission control etc..

Description

A kind of O&M and auditing method of the controllable Oracle session based on the tunnel SSH
Technical field
The present invention relates to database technical fields, are a kind of controllable Oracle sessions based on the tunnel SSH specifically O&M and auditing method.
Background technique
With the continuous development of O&M audit technique, O&M and audit about database are received more and more attention. Database information is even more important as a kind of sensitive data, the access safety of database.O&M and auditing system save user's letter The authorization message of breath, oracle database information and oracle database to user.Therefore each Accessing Oracle Database It needs by authenticating three times: user authentication, for limiting the accessible database of specific user;Authorization identifying limits specific use Family accesses specific database;Oracle database account authentication, it is ensured that visited using correct oracle database account It asks.But when each Accessing Oracle Database of user, require first to log in O&M and auditing system, increase O&M complexity Degree.
Application No. is the patents of CN201710236691.9 to propose a kind of Oracle data applied to O&M auditing system Library access method is selected using the configuration file generated in downloading O&M auditing system to client config directory from client The mode of login, for solving the problems, such as that Accessing Oracle Database needs to log in O&M auditing system in the prior art.But no The take data in the tunnel SSH of O&M and auditing system are supported to carry out O&M audit.
Application No. is a kind of method that the patent of CN201710373310.1 proposes automatic discovery cluster resource, the service of filling in The information such as device IP address can find data-base cluster resource automatically, to solve the problems, such as be authenticated to oracle database, It is unrelated with the certification of O&M auditing system.
The oracle database O&M mode of existing tradition O&M and auditing system does not support SSH tunnel mode, tradition Database O&M be to be audited by way of bypassing packet capturing, have no idea to grab the Oracle data inside the tunnel SSH, Session can not also be controlled simultaneously, can only passively grab data.Traditional bypass packet capturing audit is connected in user Data packet of the transmission on network is spied upon when oracle server, carries out audit work using the data of snooping, it cannot Carry out user authenticating work, that is, current user can linking objective assets be do not carry out subscription authentication, and The control that conversates cannot be intervened in the connection of user.
Summary of the invention
The O&M and auditing method for the controllable Oracle session based on the tunnel SSH that the purpose of the present invention is to provide a kind of, By the module in the tunnel SSH integrated in O&M and auditing system, receives and authenticate user by SSH protocol proxy module and be The connection request of system;The Oracle data in the tunnel SSH are docked with Oracle protocol proxy module, pass through Oracle agency by agreement After module authentication, Oracle protocol proxy module serve as O&M and auditing system and client and O&M and auditing system and The go-between of desired asset, O&M and auditing system are audited and are controlled to the session content of client and desired asset.
The present invention is achieved through the following technical solutions: a kind of O&M of the controllable Oracle session based on the tunnel SSH and being examined Meter method, user is by supporting the client of SSH tunnel mode to initiate certification connection request, SSH association to O&M and auditing system View proxy module header data in SSH data packet of taking carries out subscription authentication, and gives remaining data to Oracle agreement generation Reason module is handled, Oracle proxy module linking objective assets and user, complete user and O&M and auditing system and Two-way authentication between O&M and auditing system and desired asset, O&M and auditing system are started to work.
Further, in order to preferably realize the present invention, specifically includes the following steps:
Step F1: user initiates the connection request to O&M auditing system using the client of support SSH tunnel mode;
Step F2:SSH protocol proxy module receives the SSH data packet from client, the head in SSH data packet of then taking The authentication of data content progress user and O&M and auditing system;
Step F3: after subscription authentication success, remaining data content in SSH data packet is sent to by SSH protocol proxy module Oracle protocol proxy module is handled;
Step F4: user initiates authentication request to desired asset by Oracle protocol proxy module;
Step F5: after authenticating successfully, Oracle protocol proxy module linking objective assets;
Step F6:Oracle protocol proxy module is connect with client, completes the connection of Client and O&M and auditing system, with And the connection of O&M and auditing system and desired asset, O&M and auditing system are started to work.
Further, in order to preferably realize the present invention, the step F1 specifically includes the following steps:
Step F11: user opens the client for supporting SSH tunnel mode;
Step F12: user fills in the link information under direct-connected environment in the connectivity option card of client;
Step F13: user fills in the Account Logon information of O&M and auditing system in the SSH tunneling option card of client, with And the listening port of O&M and auditing system.
Further, in order to preferably realize the present invention, the step F2 specifically includes the following steps:
Step F21:SSH protocol proxy module receives the SSH data packet for being encapsulated in the tunnel SSH that user is sent by client;
Step F22:SSH protocol proxy module parses in SSH data packet about O&M and auditing system login account and password Information, and the log-on message of taking;
Step F23:SSH protocol proxy module authenticates the operation layer that logon information is sent to O&M and auditing system, according to It returns the result and judges whether user can access O&M and auditing system;
Step F24: F31 is successfully thened follow the steps if authenticating;The attended operation that client is disconnected if failed authentication, terminates this Session task.
Further, in order to preferably realize the present invention, the step F3 specifically includes the following steps:
Step F31: after subscription authentication success, SSH protocol proxy module parses remaining data information in SSH data packet;
Data information remaining in SSH data packet is sent to Oracle agency by agreement mould by step F32:SSH protocol proxy module Block.
Further, in order to preferably realize the present invention, the step F4 specifically includes the following steps:
Step F41:Oracle protocol proxy module receives the data information from SSH protocol proxy module;
Step F42:Oracle protocol proxy module parses data information content according to the rule of oneself again;
User name, the relevant link information for linking objective assets of taking after the parsing of step F43:Oracle protocol proxy module And SSH protocol proxy module send O&M and auditing system log-on message, to the operation layer of O&M and auditing system send out Play the authentication request of linking objective assets;
Step F44: whether operation layer verifies user by the asset table of administrator's typing and has the right linking objective assets;
Step F45: F51 is successfully thened follow the steps if authenticating;The attended operation that client is disconnected if failed authentication, terminates this Session task.
Further, in order to preferably realize the present invention, the step F5 specifically includes the following steps:
After step F51:Oracle protocol proxy module authenticates successfully, operation layer to Oracle protocol proxy module send account, Password and control information field command Oracle protocol proxy module linking objective assets.
Step F52:Oracle protocol proxy module carries in the SSH data packet parsed according to the commander of operation layer Remaining Oracle data information initiates the connection request to desired asset;
Step F53: desired asset carries out authentication to the connection request of Oracle protocol proxy module, holds if authenticating successfully Row step F61;The attended operation that client is disconnected if failed authentication terminates this session task.
Further, in order to preferably realize the present invention, the step F6 specifically includes the following steps:
After step F61:Oracle protocol proxy module authenticates successfully, Oracle protocol proxy module, which initiates authentication to user, is asked It asks;F62 is successfully thened follow the steps if authenticating;The attended operation that Client is disconnected if authentification failure terminates this session task;
After step F62:Oracle protocol proxy module and subscription authentication success, O&M and auditing system confirmation user and target are provided The connection of production, O&M and auditing system are started to work;
Step F63: O&M and auditing system are audited and are judged according to the data that user sends, if not meeting administrator's formulation Security strategy and jurisdictions mandate, then O&M and auditing system prevent the data from being sent to desired asset;
Step F64: administrator can intervene O&M and auditing system at any time, by Oracle protocol proxy module check user with The connection of desired asset can block session or control session, and cut off the company of user and desired asset when necessary It connects.
Working principle:
1.Client is by supporting the Oracle client of SSH tunnel mode to initiate the connection request to O&M auditing system.
2.SSH protocol proxy module authenticates and receives the data packet from Oracle client, in data packet of then taking Data content and authentication.
3.SSH protocol proxy module delivers a packet to Oracle protocol proxy module and is handled.
4.Client connects assets information by Oracle protocol proxy module.
5.Oracle protocol proxy module requests O&M and auditing system linking objective assets.
The connection of 6.Oracle protocol proxy module completion Client and O&M and auditing system and O&M and audit are The connection of system and desired asset, O&M and auditing system are started to work.
Compared with prior art, the present invention have the following advantages that and the utility model has the advantages that
(1) present invention solution traditional O&M and auditing system is not supported the oracle database O&M of SSH tunnel mode and is examined Meter problem, while also providing the user with a kind of controllable O&M of system session and experience of auditing;
(2) data of user convey after O&M and audit to oracle server, solve traditional by bypassing snooping side Formula can just be audited data the problem of;
(3) data flow through O&M and when auditing systems, and system can be directly involved in Oracle session, can allow administrator couple Session carries out certain control, for example block session, order examination & approval, permission control etc..
Detailed description of the invention
Fig. 1 is the work flow diagram of the embodiment of the present invention 1;
Fig. 2 is O&M of the present invention and auditing system work flow diagram;
Fig. 3 is work flow diagram of the present invention.
Specific embodiment
The present invention is described in further detail below with reference to embodiment, embodiments of the present invention are not limited thereto.
Embodiment 1:
The present invention is achieved through the following technical solutions, as shown in Figure 1-Figure 3, a kind of controllable Oracle session based on the tunnel SSH O&M and auditing method, user is by supporting the client of SSH tunnel mode to initiate certification connection to O&M and auditing system Request, SSH protocol proxy module header data in SSH data packet of taking carries out subscription authentication, and remaining data are given Oracle protocol proxy module is handled, Oracle proxy module linking objective assets and user, complete user and O&M with Two-way authentication between auditing system and O&M and auditing system and desired asset, O&M and auditing system are started to work.
It should be noted that the SSH tunnel mode is established on the basis of application layer and transport layer by above-mentioned improvement Security protocol, aims at telnet session and other network services provide the agreement of safety, can effectively be prevented using SSH agreement The only information leakage problem in remote management procedures.Traditional network server, such as: ftp, pop and telnet are in itself It is all unsafe, because they are easy to be trapped on network with transmission password and data, these passwords and data in plain text. Moreover, the safety verification mode of these service routines is also to have its weakness, that is, it is highly susceptible to the attack of " onlooker ".It is so-called The attack pattern of " onlooker ", exactly " onlooker " pretend to be real server to receive the data that client is transmitted to server, so Client is pretended to be to transmit data to real server again afterwards.Data transmission between server and client side is by " onlooker " one It changes hands after having done trick, with regard to will appear very serious problem.It, can be the data of all transmission by using the tunnel SSH It is packaged encryption, " onlooker " this attack pattern is impossible to realize in this way, and can prevent DNS deception and IP Deception.Using SSH agreement there are one additional benefit be exactly the data transmitted be by encapsulation compress, it is possible to accelerate The speed of transmission.
SSH agreement mainly consists of three parts:
1) transport layer protocol
2) user authentication protocol
3) connection protocol
The present invention proposes the O&M and auditing method of a kind of kind of controllable Oracle session based on the tunnel SSH, and user passes through client It holds to O&M and auditing system and initiates the connection celebration, the desired asset is server.Traditional database O&M is to pass through side The mode of road packet capturing is audited, and is had no idea to grab the Oracle data in the tunnel SSH, be cannot achieve audit.And pass through The mode for bypassing packet capturing, can not control Oracle session, can only passively grab data.Present invention mainly solves tradition O&M and auditing system do not support SSH tunnel mode oracle database O&M and audit the problem of, while also be user A kind of controllable O&M of Oracle session and experience of auditing are provided.
First by integrating the module in the tunnel SSH in O&M and auditing system, SSH protocol proxy module receives the present invention SSH data packet from client, the SSH data packet include that Oracle data and client log in O&M and auditing system Log-on message, log-on message include logging in the monitoring end of account, password and the O&M and auditing system of O&M and auditing system Mouthful etc..SSH protocol proxy module is parsed about the log-on message for logging in O&M and auditing system in SSH data packet, and to user It is authenticated with system.
After subscription authentication success, SSH protocol proxy module parses remaining data content in SSH data packet, described remaining Data content be Oracle data.Oracle data are sent to Oracle agency by agreement after the parsing of SSH protocol proxy module Module is handled.Oracle protocol proxy module sends SSH protocol proxy module according to the protocol rule of oneself Oracle data are parsed again.
Oracle protocol proxy module is taken the user name of linking objective assets in Oracle data, relevant connection letter The O&M and the log-on message of auditing system etc. of breath and the transmission of SSH protocol proxy module, initiate authentication request to desired asset. The operation layer of O&M and auditing system carries out authentication to Oracle protocol proxy module according to Oracle data.
After Oracle protocol proxy module authenticates successfully, Oracle data are carried to desired asset and initiate the connection request. Oracle protocol proxy module and desired asset successful connection, then O&M and auditing system and desired asset also successful connection.
Oracle protocol proxy module is authenticated with user again, after subscription authentication success, Oracle protocol proxy module With user's successful connection, then desired asset and user's also successful connection.
Oracle protocol proxy module is used as " go-between ", completes the certification connection of user and O&M and auditing system, with And O&M is connect with the certification of auditing system and desired asset.
The other parts of the present embodiment are same as the previously described embodiments, and so it will not be repeated.
Embodiment 2:
The present embodiment advanced optimizes on the basis of the above embodiments, as shown in Figure 1-Figure 3, specifically includes the following steps:
Step F1: user initiates the connection request to O&M auditing system using the client of support SSH tunnel mode;
Step F2:SSH protocol proxy module receives the SSH data packet from client, the head in SSH data packet of then taking The authentication of data content progress user and O&M and auditing system;
Step F3: after subscription authentication success, remaining data content in SSH data packet is sent to by SSH protocol proxy module Oracle protocol proxy module is handled;
Step F4: user initiates authentication request to desired asset by Oracle protocol proxy module;
Step F5: after authenticating successfully, Oracle protocol proxy module linking objective assets;
Step F6:Oracle protocol proxy module is connect with client, completes the connection of Client and O&M and auditing system, with And the connection of O&M and auditing system and desired asset, O&M and auditing system are started to work.
It should be noted that by above-mentioned improvement, the O&M of present invention application SSH tunnel mode and auditing system login side Formula inserts login username and login password, and SSH protocol proxy module carries out subscription authentication, and the data that client is sent are envelopes SSH data packet mounted in the tunnel SSH, including the log-on message and Oracle data for logging in O&M and auditing system.SSH association View proxy module receives the SSH data packet from client, and parses the information in wherein about login system, to user and is System is attached authentication.
After subscription authentication success, SSH protocol proxy module parses the Oracle data in SSH data packet, and by Oracle Data are sent to Oracle protocol proxy module and are further processed.Oracle protocol proxy module is advised according to the agreement of oneself Then Oracle data are parsed again.Information in Oracle data after parsing about linking objective assets is sent to Operation layer initiates authentication request to desired asset.
Operation layer authenticates Oracle protocol proxy module according to Oracle data, authenticates successfully then Oracle agreement Proxy module initiates the connection request to desired asset.After desired asset and Oracle protocol proxy module are successfully connected, O&M with Auditing system is also successfully connected with desired asset.Oracle protocol proxy module is returned again to be authenticated with user, authentication at Then desired asset is also successfully connected with user function.
Oracle protocol proxy module is respectively as client and O&M and auditing system, O&M and auditing system and target " go-between " between assets carries out two-way authentication.After client, O&M and auditing system, desired asset are connected with each other successfully, O&M and auditing system are started to work, and receive and judge the data packet that client transmits, if the data packet of transmission does not meet system Agreement, the then transmission of system refusal data packet.Simultaneously as data can flow through O&M and auditing system, system can be directly involved Into Oracle session, so administrator can carry out certain control by system to session, for example session, order is blocked to examine Batch, permission control etc..
The other parts of the present embodiment are same as the previously described embodiments, and so it will not be repeated.
Embodiment 3:
The present embodiment advanced optimizes on the basis of the above embodiments, and as shown in Figure 1-Figure 3, the step F1 is specifically included Following steps:
Step F11: user opens the client for supporting SSH tunnel mode;
Step F12: user fills in the link information under direct-connected environment in the connectivity option card of client;
Step F13: user fills in the Account Logon information of O&M and auditing system in the SSH tunneling option card of client, with And the listening port of O&M and auditing system.
It should be noted that user is by supporting the client of SSH tunnel mode to O&M and examining by above-mentioned improvement Meter systems initiate the connection request.As shown in Fig. 2, filling in the link information under direct-connected environment in connectivity option card, including service Name, user name, password etc. do not change the login habit of legacy user.Then O&M is filled in the tabs in the tunnel SSH and is examined The Account Logon information of meter systems (i.e. fort machine) and the listening port of O&M and auditing system.
The other parts of the present embodiment are same as the previously described embodiments, and so it will not be repeated.
Embodiment 4:
The present embodiment advanced optimizes on the basis of the above embodiments, and as shown in Figure 1-Figure 3, the step F2 is specifically included Following steps:
Step F21:SSH protocol proxy module receives the SSH data packet for being encapsulated in the tunnel SSH that user is sent by client;
Step F22:SSH protocol proxy module parses in SSH data packet about O&M and auditing system login account and password Information, and the log-on message of taking;
Step F23:SSH protocol proxy module authenticates the operation layer that logon information is sent to O&M and auditing system, according to It returns the result and judges whether user can access O&M and auditing system;
Step F24: F31 is successfully thened follow the steps if authenticating;The attended operation that client is disconnected if failed authentication, terminates this Session task.
It should be noted that user fills in O&M and audit in the SSH tunneling option card of client by above-mentioned improvement The Account Logon information and O&M of system and the listening port of auditing system, i.e. user pass through client to SSH agency by agreement Module sends SSH data packet.The received SSH data packet of SSH protocol proxy module is encapsulated in the tunnel SSH, SSH data It include Oracle data and the log-on message about system in packet.SSH protocol proxy module parses the SSH from client first About the information such as O&M and auditing system login account and password in data packet, and the information of taking is sent to O&M and auditing system Operation layer authenticated, according to operation layer return result judge whether user can access O&M and auditing system.If authentication F31 is successfully thened follow the steps, if failed authentication, disconnects the attended operation of client, terminates this session task.
The other parts of the present embodiment are same as the previously described embodiments, and so it will not be repeated.
Embodiment 5:
The present embodiment advanced optimizes on the basis of the above embodiments, and as shown in Figure 1-Figure 3, the step F3 is specifically included Following steps:
Step F31: after subscription authentication success, SSH protocol proxy module parses remaining data information in SSH data packet;
Data information remaining in SSH data packet is sent to Oracle agency by agreement mould by step F32:SSH protocol proxy module Block.
The step F4 specifically includes the following steps:
Step F41:Oracle protocol proxy module receives the data information from SSH protocol proxy module;
Step F42:Oracle protocol proxy module parses data information content according to the rule of oneself again;
User name, the relevant link information for linking objective assets of taking after the parsing of step F43:Oracle protocol proxy module And SSH protocol proxy module send O&M and auditing system log-on message, to the operation layer of O&M and auditing system send out Play the authentication request of linking objective assets;
Step F44: whether operation layer verifies user by the asset table of administrator's typing and has the right linking objective assets;
Step F45: F51 is successfully thened follow the steps if authenticating;The attended operation that client is disconnected if failed authentication, terminates this Session task.
It should be noted that after subscription authentication success, SSH protocol proxy module parses SSH data packet by above-mentioned improvement In remaining Oracle data, Oracle data are sent to Oracle protocol proxy module, Oracle agency by agreement after parsing Module parses Oracle data content according to the protocol rule of oneself again.
After Oracle protocol proxy module parses Oracle data, wherein O&M of taking with auditing system connect mesh What user name, other relevant link informations and SSH protocol proxy module the connection O&M and auditing system for marking assets were used Log-on message, and the authentication request with desired asset is initiated to the operation layer of O&M and auditing system.
Information that operation layer is taken according to Oracle protocol proxy module and administrator assets of typing operation layer in advance Information Authentication user whether Internet access desired asset, successfully then follow the steps F51 if authenticating;Client is disconnected if failed authentication The attended operation at end terminates this session task.
The other parts of the present embodiment are same as the previously described embodiments, and so it will not be repeated.
Embodiment 6:
The present embodiment advanced optimizes on the basis of the above embodiments, and as shown in Figure 1-Figure 3, the step F5 is specifically included Following steps:
After step F51:Oracle protocol proxy module authenticates successfully, operation layer to Oracle protocol proxy module send account, Password and control information field command Oracle protocol proxy module linking objective assets.
Step F52:Oracle protocol proxy module carries in the SSH data packet parsed according to the commander of operation layer Remaining Oracle data information initiates the connection request to desired asset;
Step F53: desired asset carries out authentication to the connection request of Oracle protocol proxy module, holds if authenticating successfully Row step F61;The attended operation that client is disconnected if failed authentication terminates this session task.
It should be noted that after authenticating successfully, Oracle protocol proxy module, which receives, comes from operation layer by above-mentioned improvement Assets information, the assets information includes the connection account about desired asset, password and the control information such as information field, industry Business layer controls the connection type of Oracle protocol proxy module and desired asset by these information.Oracle agency by agreement mould Remaining Oracle data information initiates the connection request to desired asset in the SSH data packet that carrying has parsed, if successful connection, Then O&M and audit and desired asset also successful connection, at this time Oracle protocol proxy module as " go-between " authenticate O&M and The connection of auditing system and desired asset;If connection failure, the attended operation of client is disconnected, terminates this session.
Oracle protocol proxy module selects to go connection mesh by certain mode according to assets information and the rule of oneself Assets are marked, described certain mode ratio is if any direct-connected, SSL encryption channel TCP etc..
The other parts of the present embodiment are same as the previously described embodiments, and so it will not be repeated.
Embodiment 7:
The present embodiment advanced optimizes on the basis of the above embodiments, and as shown in Figure 1-Figure 3, the step F6 is specifically included Following steps:
After step F61:Oracle protocol proxy module authenticates successfully, Oracle protocol proxy module, which initiates authentication to user, is asked It asks;F62 is successfully thened follow the steps if authenticating;The attended operation that Client is disconnected if authentification failure terminates this session task;
After step F62:Oracle protocol proxy module and subscription authentication success, O&M and auditing system confirmation user and target are provided The connection of production, O&M and auditing system are started to work;
Step F63: O&M and auditing system are audited and are judged according to the data that user sends, if not meeting administrator's formulation Security strategy and jurisdictions mandate, then O&M and auditing system prevent the data from being sent to desired asset;
Step F64: administrator can intervene O&M and auditing system at any time, by Oracle protocol proxy module check user with The connection of desired asset can block session or control session, and cut off the company of user and desired asset when necessary It connects.
It should be noted that by above-mentioned improvement, after desired asset and O&M and auditing system are successfully connected, Oracle association Proxy module is discussed according to connection account, password and the control information such as information field in assets information about desired asset to user It is authenticated again, to establish a certification by the data path between rear believable client and desired asset.Because of mesh The data of preceding Oracle agency by agreement mould are not the data protocol contents of open source, so being sent to the authentication information in desired asset Data be the data packet that is originally sent using Client as female parent, replacement is sent to desired asset after calculating authentication information, So desired asset needs Oracle protocol proxy module to authenticate user again.O&M and audit system if authenticating successfully The connection relationship of system confirmation client and desired asset, then starts O&M and audit work, client is disconnected if authentification failure The attended operation at end terminates this session task.
In O&M and audit work, O&M and auditing system audit and judge that client is sent to the data of desired asset, If not meeting the security strategy and jurisdictions mandate that administrator specifies, system prevents the data from being sent to desired asset.It manages simultaneously Member can also intervene O&M and auditing system, cut off oracle protocol proxy module and O&M and auditing system when necessary Between connection.
O&M can obtain client and target as " go-between " of client and desired asset with auditing system simultaneously The data packet of assets is preferentially audited and is judged to the data packet of client.And certain data packets can be prevented to be sent to mesh Assets are marked, entire connection content can be controlled according to the own protocol of system, administrator can also intervene O&M and audit System checks the connection of user and assets by Oracle protocol proxy module, to block session or control session, and must The connection of user and desired asset are cut off when wanting.
Oracle protocol proxy module serves as " go-between " and O&M and the audit of client and O&M and auditing system The go-between of system and desired asset carries out two-way authentication.O&M and auditing system energy while work in this way It is enough that effective monitoring and control are carried out to client.
The other parts of the present embodiment are same as the previously described embodiments, and so it will not be repeated.
The above is only presently preferred embodiments of the present invention, not does limitation in any form to the present invention, it is all according to According to technical spirit any simple modification to the above embodiments of the invention, equivalent variations, protection of the invention is each fallen within Within the scope of.

Claims (8)

1. a kind of O&M and auditing method of the controllable Oracle session based on the tunnel SSH, it is characterised in that: user passes through support The client of SSH tunnel mode initiates certification connection request to O&M and auditing system, and SSH protocol proxy module is taken SSH number Subscription authentication is carried out according to header data in packet, and gives remaining data to Oracle protocol proxy module and handles, Oracle proxy module linking objective assets and user, complete user and O&M and auditing system and O&M and auditing system and Two-way authentication between desired asset, O&M and auditing system are started to work.
2. the O&M and auditing method of a kind of controllable Oracle session based on the tunnel SSH according to claim 1, special Sign is: specifically includes the following steps:
Step F1: user initiates the connection request to O&M auditing system using the client of support SSH tunnel mode;
Step F2:SSH protocol proxy module receives the SSH data packet from client, the head in SSH data packet of then taking The authentication of data content progress user and O&M and auditing system;
Step F3: after subscription authentication success, remaining data content in SSH data packet is sent to by SSH protocol proxy module Oracle protocol proxy module is handled;
Step F4: user initiates authentication request to desired asset by Oracle protocol proxy module;
Step F5: after authenticating successfully, Oracle protocol proxy module linking objective assets;
Step F6:Oracle protocol proxy module is connect with client, completes the connection of Client and O&M and auditing system, with And the connection of O&M and auditing system and desired asset, O&M and auditing system are started to work.
3. the O&M and auditing method of a kind of controllable Oracle session based on the tunnel SSH according to claim 2, special Sign is: the step F1 specifically includes the following steps:
Step F11: user opens the client for supporting SSH tunnel mode;
Step F12: user fills in the link information under direct-connected environment in the connectivity option card of client;
Step F13: user fills in the Account Logon information of O&M and auditing system in the SSH tunneling option card of client, with And the listening port of O&M and auditing system.
4. the O&M and auditing method of a kind of controllable Oracle session based on the tunnel SSH according to claim 3, special Sign is: the step F2 specifically includes the following steps:
Step F21:SSH protocol proxy module receives the SSH data packet for being encapsulated in the tunnel SSH that user is sent by client;
Step F22:SSH protocol proxy module parses in SSH data packet about O&M and auditing system login account and password Information, and the log-on message of taking;
Step F23:SSH protocol proxy module authenticates the operation layer that logon information is sent to O&M and auditing system, according to It returns the result and judges whether user can access O&M and auditing system;
Step F24: F31 is successfully thened follow the steps if authenticating;The attended operation that client is disconnected if failed authentication, terminates this Session task.
5. the O&M and auditing method of a kind of controllable Oracle session based on the tunnel SSH according to claim 4, special Sign is: the step F3 specifically includes the following steps:
Step F31: after subscription authentication success, SSH protocol proxy module parses remaining data information in SSH data packet;
Data information remaining in SSH data packet is sent to Oracle agency by agreement mould by step F32:SSH protocol proxy module Block.
6. the O&M and auditing method of a kind of controllable Oracle session based on the tunnel SSH according to claim 5, special Sign is: the step F4 specifically includes the following steps:
Step F41:Oracle protocol proxy module receives the data information from SSH protocol proxy module;
Step F42:Oracle protocol proxy module parses data information content according to the rule of oneself again;
User name, the relevant link information for linking objective assets of taking after the parsing of step F43:Oracle protocol proxy module And SSH protocol proxy module send O&M and auditing system log-on message, to the operation layer of O&M and auditing system send out Play the authentication request of linking objective assets;
Step F44: whether operation layer verifies user by the asset table of administrator's typing and has the right linking objective assets;
Step F45: F51 is successfully thened follow the steps if authenticating;The attended operation that client is disconnected if failed authentication, terminates this Session task.
7. the O&M and auditing method of a kind of controllable Oracle session based on the tunnel SSH according to claim 6, special Sign is: the step F5 specifically includes the following steps:
After step F51:Oracle protocol proxy module authenticates successfully, operation layer to Oracle protocol proxy module send account, Password and control information field command Oracle protocol proxy module linking objective assets;
Step F52:Oracle protocol proxy module carries in the SSH data packet parsed and is left according to the commander of operation layer Oracle data information initiate the connection request to desired asset;
Step F53: desired asset carries out authentication to the connection request of Oracle protocol proxy module, holds if authenticating successfully Row step F61;The attended operation that client is disconnected if failed authentication terminates this session task.
8. the O&M and auditing method of a kind of controllable Oracle session based on the tunnel SSH according to claim 7, special Sign is: the step F6 specifically includes the following steps:
After step F61:Oracle protocol proxy module authenticates successfully, Oracle protocol proxy module, which initiates authentication to user, is asked It asks;F62 is successfully thened follow the steps if authenticating;The attended operation that Client is disconnected if authentification failure terminates this session task;
After step F62:Oracle protocol proxy module and subscription authentication success, O&M and auditing system confirmation user and target are provided The connection of production, O&M and auditing system are started to work;
Step F63: O&M and auditing system are audited and are judged according to the data that user sends, if not meeting administrator's formulation Security strategy and jurisdictions mandate, then O&M and auditing system prevent the data from being sent to desired asset;
Step F64: administrator can intervene O&M and auditing system at any time, by Oracle protocol proxy module check user with The connection of desired asset can block session or control session, and cut off the company of user and desired asset when necessary It connects.
CN201810908751.1A 2018-08-10 2018-08-10 Operation, maintenance and audit method of controllable Oracle session based on SSH tunnel Active CN109101811B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810908751.1A CN109101811B (en) 2018-08-10 2018-08-10 Operation, maintenance and audit method of controllable Oracle session based on SSH tunnel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810908751.1A CN109101811B (en) 2018-08-10 2018-08-10 Operation, maintenance and audit method of controllable Oracle session based on SSH tunnel

Publications (2)

Publication Number Publication Date
CN109101811A true CN109101811A (en) 2018-12-28
CN109101811B CN109101811B (en) 2021-10-15

Family

ID=64849215

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810908751.1A Active CN109101811B (en) 2018-08-10 2018-08-10 Operation, maintenance and audit method of controllable Oracle session based on SSH tunnel

Country Status (1)

Country Link
CN (1) CN109101811B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111405062A (en) * 2020-04-01 2020-07-10 河南信大网御科技有限公司 Mimic input agent device based on SSH protocol, communication system and method
CN111490971A (en) * 2020-02-26 2020-08-04 江苏智先生信息科技有限公司 General hospital information infrastructure safety operation and maintenance and auditing method
CN112749182A (en) * 2019-10-30 2021-05-04 深圳市傲冠软件股份有限公司 Method, audit terminal, device and storage medium for agent access to Oracle database
CN113420007A (en) * 2021-03-31 2021-09-21 阿里巴巴新加坡控股有限公司 Audit processing method and device for database access and electronic equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102123042A (en) * 2010-12-30 2011-07-13 中国民航信息网络股份有限公司 System configuration intelligent management system and management method thereof
US8042155B1 (en) * 2006-09-29 2011-10-18 Netapp, Inc. System and method for generating a single use password based on a challenge/response protocol
CN104270334A (en) * 2014-06-13 2015-01-07 国家电网公司 SSH (Secure Shell) network security access protocol monitoring method
CN107423638A (en) * 2017-08-02 2017-12-01 成都安恒信息技术有限公司 A kind of password management system and application method based on order detection type Modify password
CN107493344A (en) * 2017-08-29 2017-12-19 郑州云海信息技术有限公司 A kind of method and system of web access Docker containers
CN107682209A (en) * 2017-11-10 2018-02-09 青岛萨纳斯智能科技股份有限公司 A kind of SDP big datas automatically dispose monitor supervision platform
CN108111301A (en) * 2017-12-13 2018-06-01 中国联合网络通信集团有限公司 The method and its system for realizing SSH agreements are exchanged based on rear quantum key

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8042155B1 (en) * 2006-09-29 2011-10-18 Netapp, Inc. System and method for generating a single use password based on a challenge/response protocol
CN102123042A (en) * 2010-12-30 2011-07-13 中国民航信息网络股份有限公司 System configuration intelligent management system and management method thereof
CN104270334A (en) * 2014-06-13 2015-01-07 国家电网公司 SSH (Secure Shell) network security access protocol monitoring method
CN107423638A (en) * 2017-08-02 2017-12-01 成都安恒信息技术有限公司 A kind of password management system and application method based on order detection type Modify password
CN107493344A (en) * 2017-08-29 2017-12-19 郑州云海信息技术有限公司 A kind of method and system of web access Docker containers
CN107682209A (en) * 2017-11-10 2018-02-09 青岛萨纳斯智能科技股份有限公司 A kind of SDP big datas automatically dispose monitor supervision platform
CN108111301A (en) * 2017-12-13 2018-06-01 中国联合网络通信集团有限公司 The method and its system for realizing SSH agreements are exchanged based on rear quantum key

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
KAI LI等: "A Web Management Platform of Internet-based Electrical Engineering Lab:Using SSH Framwork", 《网页在线公开:HTTPS://IEEEXPLORE.IEEE.ORG/STAMP/STAMP.JSP?TP=&ARNUMBER=6295334》 *
孙禹鹏: "基于SSH的设备运维系统的设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
沈婧等: "基于Oracle数据库的医院随访管理系统的研究与设计", 《电子设计工程》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112749182A (en) * 2019-10-30 2021-05-04 深圳市傲冠软件股份有限公司 Method, audit terminal, device and storage medium for agent access to Oracle database
CN112749182B (en) * 2019-10-30 2023-01-31 深圳市傲冠软件股份有限公司 Method for accessing Oracle database by proxy, audit terminal, device and computer readable storage medium
CN111490971A (en) * 2020-02-26 2020-08-04 江苏智先生信息科技有限公司 General hospital information infrastructure safety operation and maintenance and auditing method
CN111490971B (en) * 2020-02-26 2022-06-28 江苏智先生信息科技有限公司 General hospital information infrastructure safety operation and maintenance and auditing method
CN111405062A (en) * 2020-04-01 2020-07-10 河南信大网御科技有限公司 Mimic input agent device based on SSH protocol, communication system and method
CN111405062B (en) * 2020-04-01 2023-08-11 河南信大网御科技有限公司 Pseudo input proxy device based on SSH protocol, communication system and method
CN113420007A (en) * 2021-03-31 2021-09-21 阿里巴巴新加坡控股有限公司 Audit processing method and device for database access and electronic equipment
CN113420007B (en) * 2021-03-31 2023-09-26 阿里巴巴新加坡控股有限公司 Audit processing method and device for database access and electronic equipment

Also Published As

Publication number Publication date
CN109101811B (en) 2021-10-15

Similar Documents

Publication Publication Date Title
CN109101811A (en) A kind of O&M and auditing method of the controllable Oracle session based on the tunnel SSH
CN103532981B (en) A kind of identity trustship towards many tenants authenticates cloud resource access control system and control method
US7389534B1 (en) Method and apparatus for establishing virtual private network tunnels in a wireless network
KR100953092B1 (en) Method and system for serving single sign on
EP1766840B1 (en) Graduated authentication in an identity management system
CN107508837A (en) A kind of cross-platform heterogeneous system login method based on intelligent code key certification
CN102655494B (en) SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode
EP2790370B1 (en) Authentication method and system oriented to heterogeneous network
CN201194396Y (en) Safe gateway platform based on transparent proxy gateway
CN101129014B (en) System and method for multi-session establishment
CN107733861A (en) It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method
CN101714918A (en) Safety system for logging in VPN and safety method for logging in VPN
EP2031793A1 (en) Framework of managing network security and information processing method thereof
CN107231336A (en) A kind of access control method, device and the gateway device of LAN Intranet resource
WO2004034645A1 (en) Identification information protection method in wlan interconnection
GB2373418A (en) Method and system to provide and manage secure access to internal computer systems from an external client
CN107426174A (en) A kind of access control system and method for credible performing environment
US11805104B2 (en) Computing system operational methods and apparatus
CN102893575B (en) By means of the disposal password of IPSEC and IKE the 1st edition certification
CN106161368A (en) It is a kind of for cloud application is carried out remote access method, Apparatus and system
CN111277607A (en) Communication tunnel module, application monitoring module and mobile terminal security access system
CN109450859A (en) A kind of cipher code protection method applied to plaintext agency by agreement in O&M auditing system
CN109005179A (en) Network security tunnel establishing method based on port controlling
CN101986598A (en) Authentication method, server and system
CN115085943B (en) Edge computing method and platform for safe encryption of electric power Internet of things in north and south directions

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant