CN109428881A - Network safety protection method, network element device, system and computer storage medium - Google Patents

Network safety protection method, network element device, system and computer storage medium Download PDF

Info

Publication number
CN109428881A
CN109428881A CN201710792343.XA CN201710792343A CN109428881A CN 109428881 A CN109428881 A CN 109428881A CN 201710792343 A CN201710792343 A CN 201710792343A CN 109428881 A CN109428881 A CN 109428881A
Authority
CN
China
Prior art keywords
dmz
information
monitoring
total
monitored
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710792343.XA
Other languages
Chinese (zh)
Other versions
CN109428881B (en
Inventor
吴彤
陈帆
陈一帆
高有军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201710792343.XA priority Critical patent/CN109428881B/en
Publication of CN109428881A publication Critical patent/CN109428881A/en
Application granted granted Critical
Publication of CN109428881B publication Critical patent/CN109428881B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The invention discloses a kind of network safety protection method, network element device, system and computer storage mediums, wherein, sub- isolated area (DMZ) is set in the outlet side of MEC equipment, total DMZ of at least one sub- rear end DMZ, EPC and the DMZ connecting with total DMZ management platform constitute distributed Safe Architecture For eNet;The described method includes: being monitored to data stream;When monitoring that the data flow will lead to the monitoring information of network security risk, the monitoring information is reported to total DMZ;The data flow is actively cut off, user's communication is terminated.

Description

Network safety protection method, network element device, system and computer storage medium
Technical field
The present invention relates to guard technology more particularly to a kind of network safety protection method, network element device, system and computers Storage medium.
Background technique
In existing network, by taking LTE network framework as an example, in order to ensure network security, a network rack as shown in Figure 1 In structure, there are an isolated area (DMZ, Demilitarized Zone) in the exit of each provincial network.The characteristic of DMZ network To protect Intranet not by the attack of external network, wherein in Intranet exit, DMZ there are network address translation (NAT, NetworkAddressTranslation it) converts, by the address conversion of Intranet is an address of isolated area, while preventing fires External network is converted at wall again by NAT, to be protected to Intranet.The DMZ function is: monitoring network letter Breath, and the information transmitting that active termination is illegal.
MEC deployed with devices is on S1 mouth at present, when user initiates request of data, if local service is requested, then and number of request It is forwarded according to direct local routing, if not local service, then be uploaded directly into EPC for data, normally enters external network.Wherein exist The domain DMZ of the rear end EPC is isolated area, is a buffer area of outer net and Intranet, ensure that the safety of Intranet, still, network The function of local routing forwarding, no any safeguard measure at this are provided after joined MEC, at this, Intranet is easy sudden and violent It is exposed to outer net, there are biggish security risks.
Be using problem of the existing technology: for MEC equipment, current there is no be directed to MEC equipment networking institute The safety safeguard measure of offer, the outlet side of MEC equipment can not actively cut off the communication there are security risk, meanwhile, network After joined MEC equipment, provides the apparatus the port of an extranet access Intranet, it is easy to be deposited by the attack from outer net In larger security risk.
Summary of the invention
In view of this, the embodiment of the present invention is desirable to provide a kind of network safety protection method, network element device, system and calculating Machine storage medium solves at least problem of the existing technology.
The technical solution of the embodiment of the present invention is achieved in that
Sub- isolated area DMZ is arranged in the outlet side of MEC equipment in a kind of network safety protection method of the embodiment of the present invention, Total DMZ of at least one sub- rear end DMZ, EPC and DMZ connecting with total DMZ management platform constitutes distributed network security frame Structure;The described method includes:
Data stream is monitored;
When monitoring that the data flow will lead to the monitoring information of network security risk, the monitoring is reported to total DMZ Information;
The data flow is actively cut off, user's communication is terminated.
It is described that data stream is monitored in above scheme, comprising:
The outer net data flow of MEC data flow, and/or Intranet and outbound communication to Intranet is monitored, and obtains network-side Message breath;
The network port information is determined as information to be monitored.
It is described that data stream is monitored in above scheme, comprising:
The outer net data flow of MEC data flow, and/or Intranet and outbound communication to Intranet is monitored, in data flow The data packet of characterization user information is parsed, and the keyword for meeting feature is extracted;
The keyword is used to record the access information parameter of user;
The access information parameter is determined as information to be monitored.
In above scheme, when monitoring that the data flow will lead to the monitoring information of network security risk, on total DMZ Report the monitoring information, comprising:
It is when monitoring the information to be monitored is the monitoring information for leading to network security risk, the monitoring information is real When be reported to total DMZ;Alternatively,
When monitoring the information to be monitored is the monitoring information for leading to network security risk, by the monitoring information week Phase property is reported to total DMZ;Alternatively,
When monitoring the information to be monitored is the monitoring information for leading to network security risk, response current time is received To the stat commands that issue of DMZ management platform, the monitoring information active that the correspondence current time is counted It is reported to total DMZ.
It is described actively to cut off the data flow in above scheme, terminate user's communication, comprising:
According to the monitoring information, the communication port of the data flow is cut off, terminates the described and communication ends The link communication of mouth.
A kind of network element device of the embodiment of the present invention, the network element device include: memory and processor;Wherein,
The memory, for storing the computer program that can be run on a processor;
The processor when for running the computer program, monitors data stream;When monitoring the data When stream will lead to the monitoring information of network security risk, the monitoring information is reported to total DMZ;The data flow is actively cut off, Terminate user's communication.
In above scheme, the processor is also used to the outer of the MEC data flow, and/or Intranet of Intranet and outbound communication Network data stream is monitored, and obtains network port information;The network port information is determined as information to be monitored.
In above scheme, the processor is also used to the outer of the MEC data flow, and/or Intranet of Intranet and outbound communication Network data stream is monitored, and is parsed to the data packet for characterizing user information in data flow, is extracted the key for meeting feature Word;The keyword is used to record the access information parameter of user;The access information parameter is determined as information to be monitored.
In above scheme, the processor is also used to monitor that the information to be monitored is to lead to network security risk Monitoring information when, by the monitoring information real-time report give total DMZ;Alternatively, when monitoring that the information to be monitored is When leading to the monitoring information of network security risk, the monitoring information is periodically reported to total DMZ;Alternatively, when monitoring When to the information to be monitored being the monitoring information for leading to network security risk, DMZ pipe that response current time receives The stat commands that platform issues, the monitoring information active reporting that the correspondence current time is counted is to described total DMZ。
In above scheme, the processor is also used to according to the monitoring information, by the communication port of the data flow into Row cutting terminates the link communication with the communication port.
A kind of network security protection system of the embodiment of the present invention, the system comprises: MEC equipment, going out in MEC equipment The sub- isolated area DMZ of mouth side setting, total DMZ of at least one sub- rear end DMZ, EPC and the DMZ management connecting with total DMZ are flat Platform;Wherein,
At least one described sub- DMZ, comprising: memory and processor;
The memory, for storing the computer program that can be run on a processor;
Processor when for running the computer program, is executed such as the step of any one of above scheme the method.
A kind of computer storage medium of the embodiment of the present invention, is stored thereon with computer program, which is characterized in that the meter It is realized when calculation machine program is executed by processor such as the step of any one of above scheme the method.
The network safety protection method of the embodiment of the present invention is the outlet side isolated area DMZ of setting in MEC equipment, until Total DMZ of a few sub- rear end DMZ, EPC and the DMZ management platform connecting with total DMZ constitute distributed network security frame Structure.The described method includes: being monitored to data stream;When monitor the data flow will lead to network security risk monitoring letter When breath, the monitoring information is reported to total DMZ;The data flow is actively cut off, user's communication is terminated.
Using the embodiment of the present invention, it is provided with sub- DMZ in the outlet side of MEC equipment, it can by function provided by sub- DMZ It is cut off with active there are the communication of security risk, the port for avoiding extranet access Intranet provided by MEC equipment is come from The attack of outer net, reduces network security risk.And the distributed structure/architecture being made of sub- DMZ, total DMZ and DMZ management platform Deployment, it is ensured that the flexibility of network deployment reduces the investment of integral device.
Detailed description of the invention
Fig. 1 is the one in the prior art Safe Architecture For eNet schematic diagram comprising MEC equipment;
Fig. 2 is the implementation flow chart of one method of the embodiment of the present invention;
Fig. 3 is the schematic diagram formed using one domain DMZ of the embodiment of the present invention and its module;
Fig. 4 is the schematic diagram using one DMZ distributed structure/architecture of the embodiment of the present invention;
Fig. 5 is the Safe Architecture For eNet schematic diagram using the embodiment of the present invention one including MEC equipment;
Fig. 6 is the information exchange schematic diagram using one domain the DMZ domain neutron DMZ and total domain DMZ of the embodiment of the present invention.
Specific embodiment
The implementation of technical solution is described in further detail with reference to the accompanying drawing.
A kind of network safety protection method of the embodiment of the present invention is the outlet side DMZ of setting in MEC equipment, at least Total DMZ of one sub- rear end DMZ, EPC and the DMZ connecting with total DMZ management platform constitute distributed Safe Architecture For eNet. As shown in Figure 2, which comprises
Step 101 monitors data stream;
Step 102, when monitoring that the data flow will lead to the monitoring information of network security risk, reported to total DMZ The monitoring information;
Step 103 actively cuts off the data flow, terminates user's communication.
In existing network security architecture as shown in Figure 1, only firewall protects MEC equipment, and firewall The communication there are network security risk can not actively be blocked.And in embodiments of the present invention, it is arranged in the outlet side of MEC equipment Sub- DMZ can actively cut off the communication there are security risk by function provided by sub- DMZ, it may be assumed that utilize the blocking of sub- DMZ Function cuts off exceptional communication.Specifically, when monitoring that the data flow will lead to the monitoring information of network security risk, to Total DMZ reports the monitoring information, to carry out Real-time Alarm.Before reporting, later or simultaneously any opportunity is ok The operation of triggering cutting data flow, the port to avoid extranet access Intranet provided by MEC equipment is attacked by from outer net It hits, to reduce network security risk.
In the embodiment of the present invention, by the distributed structure/architecture that constitutes of sub- DMZ, total DMZ and DMZ management platform, sub- DMZ and total DMZ has monitoring function, reporting functions and block function.As shown in Figure 3 each is all included at least in sub- DMZ and total DMZ A module, it may be assumed that the monitoring module 11 for executing monitoring function, the reporting module 12 for executing reporting functions, the resistance for executing block function Disconnected module 13.
In the embodiment of the present invention, an example of the distributed structure/architecture being made of sub- DMZ, total DMZ and DMZ management platform is such as Shown in Fig. 4, it is direct-connected that total DMZ and DMZ manages platform, rise sub- DMZ information is collected, analysis, it is unified manage, parameter configuration and report Etc. functions.Using this distributed structure/architecture, it is ensured that the flexibility of network deployment, to reduce the investment of integral device.
In the embodiment of the present invention, a system schematic comprising MEC equipment and above-mentioned distributed structure/architecture as shown in figure 5, The buffer area domain DMZ and firewall are increased between MEC equipment and enterprise network/Internet, wherein the domain DMZ and MEC are empty altogether One example of quasi-ization Platform deployment, the deployment of virtual platform altogether refers to using same set of hardware device, and by the domain DMZ and Some software functions of MEC are all configured in MEC equipment.Meanwhile in the system, the management platform of a set of DMZ is also added, is led to The management platform for crossing DMZ is managed and monitors to DMZ network domains.In DMZ network domains, the sub- domain DMZ that is connected with MEC equipment and Speech, specific implementation can be with are as follows: cross after MEC partial data reaches DMZ isolated area, address conversion carried out by NAT, when data from It when firewall is gone out, equally again passes by a NAT and is converted to outer net address, similarly outer network data is equally deposited later into Intranet It is converted in NAT, ensure that data access safety, protect the safety of Intranet.And the DMZ in the rear end EPC, it is above-mentioned distribution The total node of DMZ (being properly termed as total DMZ) in framework.It is DMZ subregion at each MEC equipment export, to will entirely move The Intranet of network has carried out completely isolated with outer net.Since the direct-connected DMZ of the total node of DMZ (being properly termed as total DMZ) manages platform, Therefore, the total node of DMZ (being properly termed as total DMZ) can carry out the sub- DMZ in network under the control that the DMZ manages platform Parameter configuration counts all sub- DMZ and reports information, and the unified existing network security configuration parameter of update.
It is described that data stream is monitored in one embodiment of the embodiment of the present invention, comprising: to the MEC data flow of Intranet, And/or Intranet and the outer net data flow of outbound communication are monitored, and obtain network port information, such as warning message.One is shown Example can be port warning message.The network port information is determined as information to be monitored.
It is described that data stream is monitored in one embodiment of the embodiment of the present invention, comprising: to the MEC data flow of Intranet, And/or Intranet and the outer net data flow of outbound communication are monitored, and are solved to the data packet for characterizing user information in data flow Analysis, extracts the keyword for meeting feature, such as user accesses data characteristic information.The keyword is used to record the visit of user Ask information parameter.The access information parameter is determined as information to be monitored.
In one embodiment of the embodiment of the present invention, when monitor the data flow will lead to network security risk monitoring letter When breath, the monitoring information is reported to total DMZ, there are three kinds of reporting schemes, it is described below respectively:
One, when monitoring the information to be monitored is the monitoring information for leading to network security risk, the monitoring is believed Real-time report is ceased to total DMZ.In one example, real-time report is that each sub- domain DMZ monitors network there are security risks, or When person has had found that illegal or network is invaded when extracting key message, it is immediately reported to total domain DMZ, is carried out real When alert.
Two, when monitoring the information to be monitored is the monitoring information for leading to network security risk, the monitoring is believed Breath is periodically reported to total DMZ.In one example, some information that network accesses can be timed by each sub- domain DMZ Report, including the parameter information of access and the network be under attack etc., information are periodically reported, and DMZ manages platform and will be collected into Information is summarized, and updates the unified area DMZ access parameter, and it is uniformly issued in each sub- domain DMZ, real-time guard is whole The safety of a Intranet.
Three, when monitoring the information to be monitored is the monitoring information for leading to network security risk, current time is responded The stat commands that the DMZ management platform received issues, the monitoring information that the correspondence current time is counted Active reporting gives total DMZ.In one example, DMZ management platform has actively issued stat commands, each domain DMZ (including each son The domain DMZ and total domain DMZ) the moment statistical information is actively subjected to active reporting.
As shown in figure 4, each domain DMZ (including each sub- domain DMZ and total domain DMZ) includes monitoring module 11,12 He of reporting module Module 13 is blocked, distributed DMZ framework may be implemented.Wherein, monitoring module 11 is monitored comprising network port information, to user The resolve packet function of information, and wherein keyword is extracted, record access information parameter of user etc.;Reporting module 12 be by Monitoring information (user accesses data characteristic information, warning message etc.) is stored and is reported;Blocking 13 function of module is actively Cut off the communication of user.DMZ management platform provides a set of visualized operation interface, can be in the visualized operation interface DMZ system operation situation all in network is presented.
In one embodiment of the embodiment of the present invention, the data flow is actively cut off, terminates user's communication, comprising: according to institute Monitoring information is stated, the communication port of the data flow is cut off, terminates the link communication with the communication port.One In a example, the above-mentioned distributed structure/architecture being made of sub- DMZ, total DMZ, DMZ management platform, its working principle is that: pass through prison Control module is monitored the data Jing Guo the module, when there are invalid information, unauthorized access parameter, network intrusions etc., monitoring Involved information (such as invalid information transmission port and user related information etc.) is sent to reporting module by module.On The information that report module is involved in danger is sent to total DMZ and is counted, while the information also triggers the function of blocking module.Resistance After disconnected module receives the information of monitoring module, by the monitoring module, the communication port is cut off immediately, terminates this link Communication.Total DMZ counts the information being collected into, and will access parameter etc. and integrates, while being directed to original information parameter It is updated, ensure that internet security real-time update, platform is managed by total DMZ and is uniformly handed down to the parameterized template of arrangement Monitoring module updates the parameter of monitoring module, completes DMZ real-time update.
A process as shown in FIG. 6, includes the following steps:
Step 301, monitoring module listen to invalid information transmission.
Step 302, simultaneously trigger reporting module and block module report and block function.
Invalid information is reported to total domain DMZ by step 303.
Step 304 blocks module actively to cut off communication.
The whole network is summarized unauthorized access parameter and is uniformly issued by step 305, enhances internet security.
A kind of network element device of the embodiment of the present invention, the network element device include: monitoring module, reporting module and blocking mould Block;Wherein,
The monitoring module, for being monitored to data stream;
The reporting module, for when monitoring that the data flow will lead to the monitoring information of network security risk, to Total DMZ reports the monitoring information;
The blocking module terminates user's communication for actively cutting off the data flow.
In one embodiment of the embodiment of the present invention, the monitoring module, be further used for the MEC data flow of Intranet and/ Or Intranet and the outer net data flow of outbound communication are monitored, and obtain network port information;The network port information is determined For information to be monitored.
In one embodiment of the embodiment of the present invention, the monitoring module, be further used for the MEC data flow of Intranet and/ Or Intranet and the outer net data flow of outbound communication are monitored, and are parsed to the data packet for characterizing user information in data flow, Extract the keyword for meeting feature;The keyword is used to record the access information parameter of user;The access information is joined Number is determined as information to be monitored.
In one embodiment of the embodiment of the present invention, the reporting module is further used for:
It is when monitoring the information to be monitored is the monitoring information for leading to network security risk, the monitoring information is real When be reported to total DMZ;Alternatively,
When monitoring the information to be monitored is the monitoring information for leading to network security risk, by the monitoring information week Phase property is reported to total DMZ;Alternatively,
When monitoring the information to be monitored is the monitoring information for leading to network security risk, response current time is received To the stat commands that issue of DMZ management platform, the monitoring information active that the correspondence current time is counted It is reported to total DMZ.
In one embodiment of the embodiment of the present invention, the blocking module is further used for according to the monitoring information, by institute The communication port for stating data flow is cut off, and the link communication with the communication port is terminated.
A kind of network element device of the embodiment of the present invention, the network element device include: memory and processor;Wherein,
The memory, for storing the computer program that can be run on a processor;
The processor when for running the computer program, monitors data stream;When monitoring the data When stream will lead to the monitoring information of network security risk, the monitoring information is reported to total DMZ;The data flow is actively cut off, Terminate user's communication.
In one embodiment of the embodiment of the present invention, the processor is also used to the MEC data flow, and/or Intranet to Intranet It is monitored with the outer net data flow of outbound communication, obtains network port information;The network port information is determined as wait supervise Control information.
In one embodiment of the embodiment of the present invention, the processor is also used to the MEC data flow, and/or Intranet to Intranet It is monitored with the outer net data flow of outbound communication, the data packet that user information is characterized in data flow is parsed, is extracted Meet the keyword of feature;The keyword is used to record the access information parameter of user;The access information parameter is determined For information to be monitored.
In one embodiment of the embodiment of the present invention, the processor is also used to monitor that the information to be monitored is to lead When causing the monitoring information of network security risk, the monitoring information real-time report is given to total DMZ;Alternatively, when monitoring institute When to state information to be monitored be the monitoring information for leading to network security risk, the monitoring information is periodically reported to described total DMZ;Alternatively, response current time connects when monitoring the information to be monitored is the monitoring information for leading to network security risk The stat commands that the DMZ management platform received issues, the monitoring information master that the correspondence current time is counted It is dynamic to be reported to total DMZ.
In one embodiment of the embodiment of the present invention, the processor is also used to according to the monitoring information, by the data The communication port of stream is cut off, and the link communication with the communication port is terminated.
A kind of network security protection system of the embodiment of the present invention, the system comprises: MEC equipment, going out in MEC equipment The sub- isolated area DMZ of mouth side setting, total DMZ of at least one sub- rear end DMZ, EPC and the DMZ management connecting with total DMZ are flat Platform;Wherein,
At least one described sub- DMZ, comprising: memory and processor;
The memory, for storing the computer program that can be run on a processor;
Processor when for running the computer program, is executed such as the step of any one of above-described embodiment the method.
A kind of computer storage medium of the embodiment of the present invention, is stored thereon with computer program, the computer program quilt It is realized when processor executes such as the step of any one of above-described embodiment the method.
If the module integrated described in the embodiment of the present invention is realized in the form of software function module and as independent production Product when selling or using, also can store in a computer readable storage medium.Based on this understanding, the present invention is real Applying the technical solution of example, substantially the part that contributes to existing technology can embody in the form of software products in other words Come, which is stored in a storage medium, including some instructions are used so that a computer equipment (can To be personal computer, server or network equipment etc.) execute the whole or portion of each embodiment the method for the present invention Point.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), deposits at random The various media that can store program code such as access to memory (RAM, Random Access Memory), magnetic or disk. It is combined in this way, the embodiment of the present invention is not limited to any specific hardware and software.
Correspondingly, the embodiment of the present invention also provides a kind of computer storage medium, wherein it is stored with computer program, the meter Calculation machine program is used to execute the network safety protection method of the embodiment of the present invention.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.

Claims (12)

1. a kind of network safety protection method, which is characterized in that in the outlet side of MEC equipment, sub- isolated area DMZ is set, at least one Total DMZ of a sub- rear end DMZ, EPC and DMZ connecting with total DMZ management platform constitutes distributed Safe Architecture For eNet;Institute The method of stating includes:
Data stream is monitored;
When monitoring that the data flow will lead to the monitoring information of network security risk, the monitoring information is reported to total DMZ;
The data flow is actively cut off, user's communication is terminated.
2. the method according to claim 1, wherein described monitor data stream, comprising:
The outer net data flow of MEC data flow, and/or Intranet and outbound communication to Intranet is monitored, and obtains network-side message Breath;
The network port information is determined as information to be monitored.
3. the method according to claim 1, wherein described monitor data stream, comprising:
The outer net data flow of MEC data flow, and/or Intranet and outbound communication to Intranet is monitored, to characterizing in data flow The data packet of user information is parsed, and the keyword for meeting feature is extracted;
The keyword is used to record the access information parameter of user;
The access information parameter is determined as information to be monitored.
4. according to the method in claim 2 or 3, which is characterized in that when monitoring that the data flow will lead to network security When the monitoring information of risk, the monitoring information is reported to total DMZ, comprising:
When monitoring the information to be monitored is the monitoring information for leading to network security risk, by the monitoring information it is real-time on Offer total DMZ;Alternatively,
It is when monitoring the information to be monitored is the monitoring information for leading to network security risk, the monitoring information is periodical It is reported to total DMZ;Alternatively,
When monitoring the information to be monitored is the monitoring information for leading to network security risk, what response current time received The stat commands that the DMZ management platform issues, the monitoring information active reporting that the correspondence current time is counted To total DMZ.
5. according to the method described in claim 4, terminate user's communication it is characterized in that, described actively cut off the data flow, Include:
According to the monitoring information, the communication port of the data flow is cut off, is terminated described and the communication port Link communication.
6. a kind of network element device, which is characterized in that the network element device includes: memory and processor;Wherein,
The memory, for storing the computer program that can be run on a processor;
The processor when for running the computer program, monitors data stream;When monitoring the data flow meeting When leading to the monitoring information of network security risk, the monitoring information is reported to total DMZ;The data flow is actively cut off, is terminated User's communication.
7. network element device according to claim 6, which is characterized in that the processor is also used to the MEC data to Intranet Stream, and/or Intranet and the outer net data flow of outbound communication are monitored, and obtain network port information;By the network-side message Breath is determined as information to be monitored.
8. network element device according to claim 6, which is characterized in that the processor is also used to the MEC data to Intranet Stream, and/or Intranet and the outer net data flow of outbound communication are monitored, and are carried out to the data packet for characterizing user information in data flow Parsing, extracts the keyword for meeting feature;The keyword is used to record the access information parameter of user;The access is believed Breath parameter is determined as information to be monitored.
9. network element device according to claim 7 or 8, which is characterized in that the processor is also used to described when monitoring When information to be monitored is the monitoring information for leading to network security risk, the monitoring information real-time report is given to total DMZ;Or Person, it is when monitoring the information to be monitored is the monitoring information for leading to network security risk, the monitoring information is periodical It is reported to total DMZ;Alternatively, being rung when monitoring the information to be monitored is the monitoring information for leading to network security risk Should before reception to the stat commands that issue of DMZ management platform, the correspondence current time is counted to obtain Monitoring information active reporting give total DMZ.
10. network element device according to claim 9, which is characterized in that the processor is also used to be believed according to the monitoring Breath, the communication port of the data flow is cut off, and terminates the link communication with the communication port.
11. a kind of network security protection system, which is characterized in that the system comprises: MEC equipment, in the outlet side of MEC equipment Total DMZ of the sub- isolated area DMZ, at least one sub- rear end DMZ, EPC that are arranged and the DMZ connecting with total DMZ manage platform;Its In,
At least one described sub- DMZ, comprising: memory and processor;
The memory, for storing the computer program that can be run on a processor;
Processor when for running the computer program, is executed such as the step of any one of claim 1 to 5 the method.
12. a kind of computer storage medium, which is characterized in that be stored thereon with computer program, which is characterized in that the computer It is realized when program is executed by processor such as the step of any one of claim 1 to 5 the method.
CN201710792343.XA 2017-09-05 2017-09-05 Network security protection method, network element equipment, system and computer storage medium Active CN109428881B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710792343.XA CN109428881B (en) 2017-09-05 2017-09-05 Network security protection method, network element equipment, system and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710792343.XA CN109428881B (en) 2017-09-05 2017-09-05 Network security protection method, network element equipment, system and computer storage medium

Publications (2)

Publication Number Publication Date
CN109428881A true CN109428881A (en) 2019-03-05
CN109428881B CN109428881B (en) 2021-10-26

Family

ID=65514147

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710792343.XA Active CN109428881B (en) 2017-09-05 2017-09-05 Network security protection method, network element equipment, system and computer storage medium

Country Status (1)

Country Link
CN (1) CN109428881B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110048956A (en) * 2019-05-29 2019-07-23 中国海洋石油集团有限公司 Internetwork link load control system
CN111371741A (en) * 2020-02-19 2020-07-03 中国平安人寿保险股份有限公司 Method and device for transmitting data of external network to internal network, computer equipment and storage medium
CN111371741B (en) * 2020-02-19 2024-04-26 中国平安人寿保险股份有限公司 Method, device, computer equipment and storage medium for transmitting external network data to internal network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140245305A1 (en) * 2013-02-22 2014-08-28 Sas Institute Inc. Systems and Methods for Multi-Tenancy Data Processing
US20140331309A1 (en) * 2011-04-18 2014-11-06 Bank Of America Corporation Secure Network Cloud Architecture
CN106792821A (en) * 2016-12-27 2017-05-31 中国移动通信集团江苏有限公司 Connection control method and device based on virtual gateway
CN107018534A (en) * 2016-01-28 2017-08-04 中兴通讯股份有限公司 A kind of method for realizing mobile edge calculations service, apparatus and system
WO2017147355A1 (en) * 2016-02-25 2017-08-31 ACS (US), Inc. Platform for computing at the mobile edge

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140331309A1 (en) * 2011-04-18 2014-11-06 Bank Of America Corporation Secure Network Cloud Architecture
US20140245305A1 (en) * 2013-02-22 2014-08-28 Sas Institute Inc. Systems and Methods for Multi-Tenancy Data Processing
CN107018534A (en) * 2016-01-28 2017-08-04 中兴通讯股份有限公司 A kind of method for realizing mobile edge calculations service, apparatus and system
WO2017147355A1 (en) * 2016-02-25 2017-08-31 ACS (US), Inc. Platform for computing at the mobile edge
CN106792821A (en) * 2016-12-27 2017-05-31 中国移动通信集团江苏有限公司 Connection control method and device based on virtual gateway

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CHINA MOBILE等: "key issue-support of mobile edge computing", 《3GPP,S2-162144》 *
张建敏等: "移动边缘计算技术及其本地分流方案", 《电信科学》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110048956A (en) * 2019-05-29 2019-07-23 中国海洋石油集团有限公司 Internetwork link load control system
CN111371741A (en) * 2020-02-19 2020-07-03 中国平安人寿保险股份有限公司 Method and device for transmitting data of external network to internal network, computer equipment and storage medium
CN111371741B (en) * 2020-02-19 2024-04-26 中国平安人寿保险股份有限公司 Method, device, computer equipment and storage medium for transmitting external network data to internal network

Also Published As

Publication number Publication date
CN109428881B (en) 2021-10-26

Similar Documents

Publication Publication Date Title
CN106330602B (en) A kind of virtual tenant network monitoring method of cloud computing and system
CN103378980B (en) A kind of layer network alarm and business correlation analysis and device
CN109558366A (en) A kind of firewall based on multiple processor structure
CN105119930B (en) Malicious websites means of defence based on OpenFlow agreement
CN108040055A (en) A kind of fire wall combined strategy and safety of cloud service protection
CN104967588B (en) Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack
CN105721457B (en) Network security protection system and network security defence method based on dynamic mapping
CN108063753A (en) A kind of information safety monitoring method and system
CN107231371A (en) The safety protecting method of Electricity Information Network, device and system
CN105049450A (en) Cloud security system based on virtual network environment and deployment framework of cloud security system
CN104468631A (en) Network intrusion identification method based on anomaly flow and black-white list library of IP terminal
CN102438026A (en) Industrial control network security protection method and system
CN109391599A (en) A kind of detection system of the Botnet communication signal based on HTTPS traffic characteristics analysis
CN106790193A (en) The method for detecting abnormality and device of Intrusion Detection based on host network behavior
CN107819633A (en) It is a kind of quickly to find and handle the system and its processing method of network failure
CN109462621A (en) Network safety protective method, device and electronic equipment
CN108322417A (en) Processing method, device and system and the safety equipment of network attack
CN108809970A (en) A kind of safety protecting method of smart home security gateway
CN105049441B (en) Prevent the method and system of link type ddos attack
CN107070951A (en) A kind of intranet security guard system and method
CN103686737B (en) Wireless sensor network intrusion tolerance method and system based on tree topology
CN108769076A (en) Data collecting system, method and device with network isolation function
CN107995287A (en) A kind of method by IPMI remote monitoring data Centroid health status
CN107332863A (en) The safety detection method and system of a kind of main frame based on centralized management
CN107070888A (en) Gateway security management method and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant