CN109428881A - Network safety protection method, network element device, system and computer storage medium - Google Patents
Network safety protection method, network element device, system and computer storage medium Download PDFInfo
- Publication number
- CN109428881A CN109428881A CN201710792343.XA CN201710792343A CN109428881A CN 109428881 A CN109428881 A CN 109428881A CN 201710792343 A CN201710792343 A CN 201710792343A CN 109428881 A CN109428881 A CN 109428881A
- Authority
- CN
- China
- Prior art keywords
- dmz
- information
- monitoring
- total
- monitored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention discloses a kind of network safety protection method, network element device, system and computer storage mediums, wherein, sub- isolated area (DMZ) is set in the outlet side of MEC equipment, total DMZ of at least one sub- rear end DMZ, EPC and the DMZ connecting with total DMZ management platform constitute distributed Safe Architecture For eNet;The described method includes: being monitored to data stream;When monitoring that the data flow will lead to the monitoring information of network security risk, the monitoring information is reported to total DMZ;The data flow is actively cut off, user's communication is terminated.
Description
Technical field
The present invention relates to guard technology more particularly to a kind of network safety protection method, network element device, system and computers
Storage medium.
Background technique
In existing network, by taking LTE network framework as an example, in order to ensure network security, a network rack as shown in Figure 1
In structure, there are an isolated area (DMZ, Demilitarized Zone) in the exit of each provincial network.The characteristic of DMZ network
To protect Intranet not by the attack of external network, wherein in Intranet exit, DMZ there are network address translation (NAT,
NetworkAddressTranslation it) converts, by the address conversion of Intranet is an address of isolated area, while preventing fires
External network is converted at wall again by NAT, to be protected to Intranet.The DMZ function is: monitoring network letter
Breath, and the information transmitting that active termination is illegal.
MEC deployed with devices is on S1 mouth at present, when user initiates request of data, if local service is requested, then and number of request
It is forwarded according to direct local routing, if not local service, then be uploaded directly into EPC for data, normally enters external network.Wherein exist
The domain DMZ of the rear end EPC is isolated area, is a buffer area of outer net and Intranet, ensure that the safety of Intranet, still, network
The function of local routing forwarding, no any safeguard measure at this are provided after joined MEC, at this, Intranet is easy sudden and violent
It is exposed to outer net, there are biggish security risks.
Be using problem of the existing technology: for MEC equipment, current there is no be directed to MEC equipment networking institute
The safety safeguard measure of offer, the outlet side of MEC equipment can not actively cut off the communication there are security risk, meanwhile, network
After joined MEC equipment, provides the apparatus the port of an extranet access Intranet, it is easy to be deposited by the attack from outer net
In larger security risk.
Summary of the invention
In view of this, the embodiment of the present invention is desirable to provide a kind of network safety protection method, network element device, system and calculating
Machine storage medium solves at least problem of the existing technology.
The technical solution of the embodiment of the present invention is achieved in that
Sub- isolated area DMZ is arranged in the outlet side of MEC equipment in a kind of network safety protection method of the embodiment of the present invention,
Total DMZ of at least one sub- rear end DMZ, EPC and DMZ connecting with total DMZ management platform constitutes distributed network security frame
Structure;The described method includes:
Data stream is monitored;
When monitoring that the data flow will lead to the monitoring information of network security risk, the monitoring is reported to total DMZ
Information;
The data flow is actively cut off, user's communication is terminated.
It is described that data stream is monitored in above scheme, comprising:
The outer net data flow of MEC data flow, and/or Intranet and outbound communication to Intranet is monitored, and obtains network-side
Message breath;
The network port information is determined as information to be monitored.
It is described that data stream is monitored in above scheme, comprising:
The outer net data flow of MEC data flow, and/or Intranet and outbound communication to Intranet is monitored, in data flow
The data packet of characterization user information is parsed, and the keyword for meeting feature is extracted;
The keyword is used to record the access information parameter of user;
The access information parameter is determined as information to be monitored.
In above scheme, when monitoring that the data flow will lead to the monitoring information of network security risk, on total DMZ
Report the monitoring information, comprising:
It is when monitoring the information to be monitored is the monitoring information for leading to network security risk, the monitoring information is real
When be reported to total DMZ;Alternatively,
When monitoring the information to be monitored is the monitoring information for leading to network security risk, by the monitoring information week
Phase property is reported to total DMZ;Alternatively,
When monitoring the information to be monitored is the monitoring information for leading to network security risk, response current time is received
To the stat commands that issue of DMZ management platform, the monitoring information active that the correspondence current time is counted
It is reported to total DMZ.
It is described actively to cut off the data flow in above scheme, terminate user's communication, comprising:
According to the monitoring information, the communication port of the data flow is cut off, terminates the described and communication ends
The link communication of mouth.
A kind of network element device of the embodiment of the present invention, the network element device include: memory and processor;Wherein,
The memory, for storing the computer program that can be run on a processor;
The processor when for running the computer program, monitors data stream;When monitoring the data
When stream will lead to the monitoring information of network security risk, the monitoring information is reported to total DMZ;The data flow is actively cut off,
Terminate user's communication.
In above scheme, the processor is also used to the outer of the MEC data flow, and/or Intranet of Intranet and outbound communication
Network data stream is monitored, and obtains network port information;The network port information is determined as information to be monitored.
In above scheme, the processor is also used to the outer of the MEC data flow, and/or Intranet of Intranet and outbound communication
Network data stream is monitored, and is parsed to the data packet for characterizing user information in data flow, is extracted the key for meeting feature
Word;The keyword is used to record the access information parameter of user;The access information parameter is determined as information to be monitored.
In above scheme, the processor is also used to monitor that the information to be monitored is to lead to network security risk
Monitoring information when, by the monitoring information real-time report give total DMZ;Alternatively, when monitoring that the information to be monitored is
When leading to the monitoring information of network security risk, the monitoring information is periodically reported to total DMZ;Alternatively, when monitoring
When to the information to be monitored being the monitoring information for leading to network security risk, DMZ pipe that response current time receives
The stat commands that platform issues, the monitoring information active reporting that the correspondence current time is counted is to described total
DMZ。
In above scheme, the processor is also used to according to the monitoring information, by the communication port of the data flow into
Row cutting terminates the link communication with the communication port.
A kind of network security protection system of the embodiment of the present invention, the system comprises: MEC equipment, going out in MEC equipment
The sub- isolated area DMZ of mouth side setting, total DMZ of at least one sub- rear end DMZ, EPC and the DMZ management connecting with total DMZ are flat
Platform;Wherein,
At least one described sub- DMZ, comprising: memory and processor;
The memory, for storing the computer program that can be run on a processor;
Processor when for running the computer program, is executed such as the step of any one of above scheme the method.
A kind of computer storage medium of the embodiment of the present invention, is stored thereon with computer program, which is characterized in that the meter
It is realized when calculation machine program is executed by processor such as the step of any one of above scheme the method.
The network safety protection method of the embodiment of the present invention is the outlet side isolated area DMZ of setting in MEC equipment, until
Total DMZ of a few sub- rear end DMZ, EPC and the DMZ management platform connecting with total DMZ constitute distributed network security frame
Structure.The described method includes: being monitored to data stream;When monitor the data flow will lead to network security risk monitoring letter
When breath, the monitoring information is reported to total DMZ;The data flow is actively cut off, user's communication is terminated.
Using the embodiment of the present invention, it is provided with sub- DMZ in the outlet side of MEC equipment, it can by function provided by sub- DMZ
It is cut off with active there are the communication of security risk, the port for avoiding extranet access Intranet provided by MEC equipment is come from
The attack of outer net, reduces network security risk.And the distributed structure/architecture being made of sub- DMZ, total DMZ and DMZ management platform
Deployment, it is ensured that the flexibility of network deployment reduces the investment of integral device.
Detailed description of the invention
Fig. 1 is the one in the prior art Safe Architecture For eNet schematic diagram comprising MEC equipment;
Fig. 2 is the implementation flow chart of one method of the embodiment of the present invention;
Fig. 3 is the schematic diagram formed using one domain DMZ of the embodiment of the present invention and its module;
Fig. 4 is the schematic diagram using one DMZ distributed structure/architecture of the embodiment of the present invention;
Fig. 5 is the Safe Architecture For eNet schematic diagram using the embodiment of the present invention one including MEC equipment;
Fig. 6 is the information exchange schematic diagram using one domain the DMZ domain neutron DMZ and total domain DMZ of the embodiment of the present invention.
Specific embodiment
The implementation of technical solution is described in further detail with reference to the accompanying drawing.
A kind of network safety protection method of the embodiment of the present invention is the outlet side DMZ of setting in MEC equipment, at least
Total DMZ of one sub- rear end DMZ, EPC and the DMZ connecting with total DMZ management platform constitute distributed Safe Architecture For eNet.
As shown in Figure 2, which comprises
Step 101 monitors data stream;
Step 102, when monitoring that the data flow will lead to the monitoring information of network security risk, reported to total DMZ
The monitoring information;
Step 103 actively cuts off the data flow, terminates user's communication.
In existing network security architecture as shown in Figure 1, only firewall protects MEC equipment, and firewall
The communication there are network security risk can not actively be blocked.And in embodiments of the present invention, it is arranged in the outlet side of MEC equipment
Sub- DMZ can actively cut off the communication there are security risk by function provided by sub- DMZ, it may be assumed that utilize the blocking of sub- DMZ
Function cuts off exceptional communication.Specifically, when monitoring that the data flow will lead to the monitoring information of network security risk, to
Total DMZ reports the monitoring information, to carry out Real-time Alarm.Before reporting, later or simultaneously any opportunity is ok
The operation of triggering cutting data flow, the port to avoid extranet access Intranet provided by MEC equipment is attacked by from outer net
It hits, to reduce network security risk.
In the embodiment of the present invention, by the distributed structure/architecture that constitutes of sub- DMZ, total DMZ and DMZ management platform, sub- DMZ and total
DMZ has monitoring function, reporting functions and block function.As shown in Figure 3 each is all included at least in sub- DMZ and total DMZ
A module, it may be assumed that the monitoring module 11 for executing monitoring function, the reporting module 12 for executing reporting functions, the resistance for executing block function
Disconnected module 13.
In the embodiment of the present invention, an example of the distributed structure/architecture being made of sub- DMZ, total DMZ and DMZ management platform is such as
Shown in Fig. 4, it is direct-connected that total DMZ and DMZ manages platform, rise sub- DMZ information is collected, analysis, it is unified manage, parameter configuration and report
Etc. functions.Using this distributed structure/architecture, it is ensured that the flexibility of network deployment, to reduce the investment of integral device.
In the embodiment of the present invention, a system schematic comprising MEC equipment and above-mentioned distributed structure/architecture as shown in figure 5,
The buffer area domain DMZ and firewall are increased between MEC equipment and enterprise network/Internet, wherein the domain DMZ and MEC are empty altogether
One example of quasi-ization Platform deployment, the deployment of virtual platform altogether refers to using same set of hardware device, and by the domain DMZ and
Some software functions of MEC are all configured in MEC equipment.Meanwhile in the system, the management platform of a set of DMZ is also added, is led to
The management platform for crossing DMZ is managed and monitors to DMZ network domains.In DMZ network domains, the sub- domain DMZ that is connected with MEC equipment and
Speech, specific implementation can be with are as follows: cross after MEC partial data reaches DMZ isolated area, address conversion carried out by NAT, when data from
It when firewall is gone out, equally again passes by a NAT and is converted to outer net address, similarly outer network data is equally deposited later into Intranet
It is converted in NAT, ensure that data access safety, protect the safety of Intranet.And the DMZ in the rear end EPC, it is above-mentioned distribution
The total node of DMZ (being properly termed as total DMZ) in framework.It is DMZ subregion at each MEC equipment export, to will entirely move
The Intranet of network has carried out completely isolated with outer net.Since the direct-connected DMZ of the total node of DMZ (being properly termed as total DMZ) manages platform,
Therefore, the total node of DMZ (being properly termed as total DMZ) can carry out the sub- DMZ in network under the control that the DMZ manages platform
Parameter configuration counts all sub- DMZ and reports information, and the unified existing network security configuration parameter of update.
It is described that data stream is monitored in one embodiment of the embodiment of the present invention, comprising: to the MEC data flow of Intranet,
And/or Intranet and the outer net data flow of outbound communication are monitored, and obtain network port information, such as warning message.One is shown
Example can be port warning message.The network port information is determined as information to be monitored.
It is described that data stream is monitored in one embodiment of the embodiment of the present invention, comprising: to the MEC data flow of Intranet,
And/or Intranet and the outer net data flow of outbound communication are monitored, and are solved to the data packet for characterizing user information in data flow
Analysis, extracts the keyword for meeting feature, such as user accesses data characteristic information.The keyword is used to record the visit of user
Ask information parameter.The access information parameter is determined as information to be monitored.
In one embodiment of the embodiment of the present invention, when monitor the data flow will lead to network security risk monitoring letter
When breath, the monitoring information is reported to total DMZ, there are three kinds of reporting schemes, it is described below respectively:
One, when monitoring the information to be monitored is the monitoring information for leading to network security risk, the monitoring is believed
Real-time report is ceased to total DMZ.In one example, real-time report is that each sub- domain DMZ monitors network there are security risks, or
When person has had found that illegal or network is invaded when extracting key message, it is immediately reported to total domain DMZ, is carried out real
When alert.
Two, when monitoring the information to be monitored is the monitoring information for leading to network security risk, the monitoring is believed
Breath is periodically reported to total DMZ.In one example, some information that network accesses can be timed by each sub- domain DMZ
Report, including the parameter information of access and the network be under attack etc., information are periodically reported, and DMZ manages platform and will be collected into
Information is summarized, and updates the unified area DMZ access parameter, and it is uniformly issued in each sub- domain DMZ, real-time guard is whole
The safety of a Intranet.
Three, when monitoring the information to be monitored is the monitoring information for leading to network security risk, current time is responded
The stat commands that the DMZ management platform received issues, the monitoring information that the correspondence current time is counted
Active reporting gives total DMZ.In one example, DMZ management platform has actively issued stat commands, each domain DMZ (including each son
The domain DMZ and total domain DMZ) the moment statistical information is actively subjected to active reporting.
As shown in figure 4, each domain DMZ (including each sub- domain DMZ and total domain DMZ) includes monitoring module 11,12 He of reporting module
Module 13 is blocked, distributed DMZ framework may be implemented.Wherein, monitoring module 11 is monitored comprising network port information, to user
The resolve packet function of information, and wherein keyword is extracted, record access information parameter of user etc.;Reporting module 12 be by
Monitoring information (user accesses data characteristic information, warning message etc.) is stored and is reported;Blocking 13 function of module is actively
Cut off the communication of user.DMZ management platform provides a set of visualized operation interface, can be in the visualized operation interface
DMZ system operation situation all in network is presented.
In one embodiment of the embodiment of the present invention, the data flow is actively cut off, terminates user's communication, comprising: according to institute
Monitoring information is stated, the communication port of the data flow is cut off, terminates the link communication with the communication port.One
In a example, the above-mentioned distributed structure/architecture being made of sub- DMZ, total DMZ, DMZ management platform, its working principle is that: pass through prison
Control module is monitored the data Jing Guo the module, when there are invalid information, unauthorized access parameter, network intrusions etc., monitoring
Involved information (such as invalid information transmission port and user related information etc.) is sent to reporting module by module.On
The information that report module is involved in danger is sent to total DMZ and is counted, while the information also triggers the function of blocking module.Resistance
After disconnected module receives the information of monitoring module, by the monitoring module, the communication port is cut off immediately, terminates this link
Communication.Total DMZ counts the information being collected into, and will access parameter etc. and integrates, while being directed to original information parameter
It is updated, ensure that internet security real-time update, platform is managed by total DMZ and is uniformly handed down to the parameterized template of arrangement
Monitoring module updates the parameter of monitoring module, completes DMZ real-time update.
A process as shown in FIG. 6, includes the following steps:
Step 301, monitoring module listen to invalid information transmission.
Step 302, simultaneously trigger reporting module and block module report and block function.
Invalid information is reported to total domain DMZ by step 303.
Step 304 blocks module actively to cut off communication.
The whole network is summarized unauthorized access parameter and is uniformly issued by step 305, enhances internet security.
A kind of network element device of the embodiment of the present invention, the network element device include: monitoring module, reporting module and blocking mould
Block;Wherein,
The monitoring module, for being monitored to data stream;
The reporting module, for when monitoring that the data flow will lead to the monitoring information of network security risk, to
Total DMZ reports the monitoring information;
The blocking module terminates user's communication for actively cutting off the data flow.
In one embodiment of the embodiment of the present invention, the monitoring module, be further used for the MEC data flow of Intranet and/
Or Intranet and the outer net data flow of outbound communication are monitored, and obtain network port information;The network port information is determined
For information to be monitored.
In one embodiment of the embodiment of the present invention, the monitoring module, be further used for the MEC data flow of Intranet and/
Or Intranet and the outer net data flow of outbound communication are monitored, and are parsed to the data packet for characterizing user information in data flow,
Extract the keyword for meeting feature;The keyword is used to record the access information parameter of user;The access information is joined
Number is determined as information to be monitored.
In one embodiment of the embodiment of the present invention, the reporting module is further used for:
It is when monitoring the information to be monitored is the monitoring information for leading to network security risk, the monitoring information is real
When be reported to total DMZ;Alternatively,
When monitoring the information to be monitored is the monitoring information for leading to network security risk, by the monitoring information week
Phase property is reported to total DMZ;Alternatively,
When monitoring the information to be monitored is the monitoring information for leading to network security risk, response current time is received
To the stat commands that issue of DMZ management platform, the monitoring information active that the correspondence current time is counted
It is reported to total DMZ.
In one embodiment of the embodiment of the present invention, the blocking module is further used for according to the monitoring information, by institute
The communication port for stating data flow is cut off, and the link communication with the communication port is terminated.
A kind of network element device of the embodiment of the present invention, the network element device include: memory and processor;Wherein,
The memory, for storing the computer program that can be run on a processor;
The processor when for running the computer program, monitors data stream;When monitoring the data
When stream will lead to the monitoring information of network security risk, the monitoring information is reported to total DMZ;The data flow is actively cut off,
Terminate user's communication.
In one embodiment of the embodiment of the present invention, the processor is also used to the MEC data flow, and/or Intranet to Intranet
It is monitored with the outer net data flow of outbound communication, obtains network port information;The network port information is determined as wait supervise
Control information.
In one embodiment of the embodiment of the present invention, the processor is also used to the MEC data flow, and/or Intranet to Intranet
It is monitored with the outer net data flow of outbound communication, the data packet that user information is characterized in data flow is parsed, is extracted
Meet the keyword of feature;The keyword is used to record the access information parameter of user;The access information parameter is determined
For information to be monitored.
In one embodiment of the embodiment of the present invention, the processor is also used to monitor that the information to be monitored is to lead
When causing the monitoring information of network security risk, the monitoring information real-time report is given to total DMZ;Alternatively, when monitoring institute
When to state information to be monitored be the monitoring information for leading to network security risk, the monitoring information is periodically reported to described total
DMZ;Alternatively, response current time connects when monitoring the information to be monitored is the monitoring information for leading to network security risk
The stat commands that the DMZ management platform received issues, the monitoring information master that the correspondence current time is counted
It is dynamic to be reported to total DMZ.
In one embodiment of the embodiment of the present invention, the processor is also used to according to the monitoring information, by the data
The communication port of stream is cut off, and the link communication with the communication port is terminated.
A kind of network security protection system of the embodiment of the present invention, the system comprises: MEC equipment, going out in MEC equipment
The sub- isolated area DMZ of mouth side setting, total DMZ of at least one sub- rear end DMZ, EPC and the DMZ management connecting with total DMZ are flat
Platform;Wherein,
At least one described sub- DMZ, comprising: memory and processor;
The memory, for storing the computer program that can be run on a processor;
Processor when for running the computer program, is executed such as the step of any one of above-described embodiment the method.
A kind of computer storage medium of the embodiment of the present invention, is stored thereon with computer program, the computer program quilt
It is realized when processor executes such as the step of any one of above-described embodiment the method.
If the module integrated described in the embodiment of the present invention is realized in the form of software function module and as independent production
Product when selling or using, also can store in a computer readable storage medium.Based on this understanding, the present invention is real
Applying the technical solution of example, substantially the part that contributes to existing technology can embody in the form of software products in other words
Come, which is stored in a storage medium, including some instructions are used so that a computer equipment (can
To be personal computer, server or network equipment etc.) execute the whole or portion of each embodiment the method for the present invention
Point.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), deposits at random
The various media that can store program code such as access to memory (RAM, Random Access Memory), magnetic or disk.
It is combined in this way, the embodiment of the present invention is not limited to any specific hardware and software.
Correspondingly, the embodiment of the present invention also provides a kind of computer storage medium, wherein it is stored with computer program, the meter
Calculation machine program is used to execute the network safety protection method of the embodiment of the present invention.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.
Claims (12)
1. a kind of network safety protection method, which is characterized in that in the outlet side of MEC equipment, sub- isolated area DMZ is set, at least one
Total DMZ of a sub- rear end DMZ, EPC and DMZ connecting with total DMZ management platform constitutes distributed Safe Architecture For eNet;Institute
The method of stating includes:
Data stream is monitored;
When monitoring that the data flow will lead to the monitoring information of network security risk, the monitoring information is reported to total DMZ;
The data flow is actively cut off, user's communication is terminated.
2. the method according to claim 1, wherein described monitor data stream, comprising:
The outer net data flow of MEC data flow, and/or Intranet and outbound communication to Intranet is monitored, and obtains network-side message
Breath;
The network port information is determined as information to be monitored.
3. the method according to claim 1, wherein described monitor data stream, comprising:
The outer net data flow of MEC data flow, and/or Intranet and outbound communication to Intranet is monitored, to characterizing in data flow
The data packet of user information is parsed, and the keyword for meeting feature is extracted;
The keyword is used to record the access information parameter of user;
The access information parameter is determined as information to be monitored.
4. according to the method in claim 2 or 3, which is characterized in that when monitoring that the data flow will lead to network security
When the monitoring information of risk, the monitoring information is reported to total DMZ, comprising:
When monitoring the information to be monitored is the monitoring information for leading to network security risk, by the monitoring information it is real-time on
Offer total DMZ;Alternatively,
It is when monitoring the information to be monitored is the monitoring information for leading to network security risk, the monitoring information is periodical
It is reported to total DMZ;Alternatively,
When monitoring the information to be monitored is the monitoring information for leading to network security risk, what response current time received
The stat commands that the DMZ management platform issues, the monitoring information active reporting that the correspondence current time is counted
To total DMZ.
5. according to the method described in claim 4, terminate user's communication it is characterized in that, described actively cut off the data flow,
Include:
According to the monitoring information, the communication port of the data flow is cut off, is terminated described and the communication port
Link communication.
6. a kind of network element device, which is characterized in that the network element device includes: memory and processor;Wherein,
The memory, for storing the computer program that can be run on a processor;
The processor when for running the computer program, monitors data stream;When monitoring the data flow meeting
When leading to the monitoring information of network security risk, the monitoring information is reported to total DMZ;The data flow is actively cut off, is terminated
User's communication.
7. network element device according to claim 6, which is characterized in that the processor is also used to the MEC data to Intranet
Stream, and/or Intranet and the outer net data flow of outbound communication are monitored, and obtain network port information;By the network-side message
Breath is determined as information to be monitored.
8. network element device according to claim 6, which is characterized in that the processor is also used to the MEC data to Intranet
Stream, and/or Intranet and the outer net data flow of outbound communication are monitored, and are carried out to the data packet for characterizing user information in data flow
Parsing, extracts the keyword for meeting feature;The keyword is used to record the access information parameter of user;The access is believed
Breath parameter is determined as information to be monitored.
9. network element device according to claim 7 or 8, which is characterized in that the processor is also used to described when monitoring
When information to be monitored is the monitoring information for leading to network security risk, the monitoring information real-time report is given to total DMZ;Or
Person, it is when monitoring the information to be monitored is the monitoring information for leading to network security risk, the monitoring information is periodical
It is reported to total DMZ;Alternatively, being rung when monitoring the information to be monitored is the monitoring information for leading to network security risk
Should before reception to the stat commands that issue of DMZ management platform, the correspondence current time is counted to obtain
Monitoring information active reporting give total DMZ.
10. network element device according to claim 9, which is characterized in that the processor is also used to be believed according to the monitoring
Breath, the communication port of the data flow is cut off, and terminates the link communication with the communication port.
11. a kind of network security protection system, which is characterized in that the system comprises: MEC equipment, in the outlet side of MEC equipment
Total DMZ of the sub- isolated area DMZ, at least one sub- rear end DMZ, EPC that are arranged and the DMZ connecting with total DMZ manage platform;Its
In,
At least one described sub- DMZ, comprising: memory and processor;
The memory, for storing the computer program that can be run on a processor;
Processor when for running the computer program, is executed such as the step of any one of claim 1 to 5 the method.
12. a kind of computer storage medium, which is characterized in that be stored thereon with computer program, which is characterized in that the computer
It is realized when program is executed by processor such as the step of any one of claim 1 to 5 the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710792343.XA CN109428881B (en) | 2017-09-05 | 2017-09-05 | Network security protection method, network element equipment, system and computer storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710792343.XA CN109428881B (en) | 2017-09-05 | 2017-09-05 | Network security protection method, network element equipment, system and computer storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109428881A true CN109428881A (en) | 2019-03-05 |
CN109428881B CN109428881B (en) | 2021-10-26 |
Family
ID=65514147
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710792343.XA Active CN109428881B (en) | 2017-09-05 | 2017-09-05 | Network security protection method, network element equipment, system and computer storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109428881B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110048956A (en) * | 2019-05-29 | 2019-07-23 | 中国海洋石油集团有限公司 | Internetwork link load control system |
CN111371741A (en) * | 2020-02-19 | 2020-07-03 | 中国平安人寿保险股份有限公司 | Method and device for transmitting data of external network to internal network, computer equipment and storage medium |
CN111371741B (en) * | 2020-02-19 | 2024-04-26 | 中国平安人寿保险股份有限公司 | Method, device, computer equipment and storage medium for transmitting external network data to internal network |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140245305A1 (en) * | 2013-02-22 | 2014-08-28 | Sas Institute Inc. | Systems and Methods for Multi-Tenancy Data Processing |
US20140331309A1 (en) * | 2011-04-18 | 2014-11-06 | Bank Of America Corporation | Secure Network Cloud Architecture |
CN106792821A (en) * | 2016-12-27 | 2017-05-31 | 中国移动通信集团江苏有限公司 | Connection control method and device based on virtual gateway |
CN107018534A (en) * | 2016-01-28 | 2017-08-04 | 中兴通讯股份有限公司 | A kind of method for realizing mobile edge calculations service, apparatus and system |
WO2017147355A1 (en) * | 2016-02-25 | 2017-08-31 | ACS (US), Inc. | Platform for computing at the mobile edge |
-
2017
- 2017-09-05 CN CN201710792343.XA patent/CN109428881B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140331309A1 (en) * | 2011-04-18 | 2014-11-06 | Bank Of America Corporation | Secure Network Cloud Architecture |
US20140245305A1 (en) * | 2013-02-22 | 2014-08-28 | Sas Institute Inc. | Systems and Methods for Multi-Tenancy Data Processing |
CN107018534A (en) * | 2016-01-28 | 2017-08-04 | 中兴通讯股份有限公司 | A kind of method for realizing mobile edge calculations service, apparatus and system |
WO2017147355A1 (en) * | 2016-02-25 | 2017-08-31 | ACS (US), Inc. | Platform for computing at the mobile edge |
CN106792821A (en) * | 2016-12-27 | 2017-05-31 | 中国移动通信集团江苏有限公司 | Connection control method and device based on virtual gateway |
Non-Patent Citations (2)
Title |
---|
CHINA MOBILE等: "key issue-support of mobile edge computing", 《3GPP,S2-162144》 * |
张建敏等: "移动边缘计算技术及其本地分流方案", 《电信科学》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110048956A (en) * | 2019-05-29 | 2019-07-23 | 中国海洋石油集团有限公司 | Internetwork link load control system |
CN111371741A (en) * | 2020-02-19 | 2020-07-03 | 中国平安人寿保险股份有限公司 | Method and device for transmitting data of external network to internal network, computer equipment and storage medium |
CN111371741B (en) * | 2020-02-19 | 2024-04-26 | 中国平安人寿保险股份有限公司 | Method, device, computer equipment and storage medium for transmitting external network data to internal network |
Also Published As
Publication number | Publication date |
---|---|
CN109428881B (en) | 2021-10-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106330602B (en) | A kind of virtual tenant network monitoring method of cloud computing and system | |
CN103378980B (en) | A kind of layer network alarm and business correlation analysis and device | |
CN109558366A (en) | A kind of firewall based on multiple processor structure | |
CN105119930B (en) | Malicious websites means of defence based on OpenFlow agreement | |
CN108040055A (en) | A kind of fire wall combined strategy and safety of cloud service protection | |
CN104967588B (en) | Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack | |
CN105721457B (en) | Network security protection system and network security defence method based on dynamic mapping | |
CN108063753A (en) | A kind of information safety monitoring method and system | |
CN107231371A (en) | The safety protecting method of Electricity Information Network, device and system | |
CN105049450A (en) | Cloud security system based on virtual network environment and deployment framework of cloud security system | |
CN104468631A (en) | Network intrusion identification method based on anomaly flow and black-white list library of IP terminal | |
CN102438026A (en) | Industrial control network security protection method and system | |
CN109391599A (en) | A kind of detection system of the Botnet communication signal based on HTTPS traffic characteristics analysis | |
CN106790193A (en) | The method for detecting abnormality and device of Intrusion Detection based on host network behavior | |
CN107819633A (en) | It is a kind of quickly to find and handle the system and its processing method of network failure | |
CN109462621A (en) | Network safety protective method, device and electronic equipment | |
CN108322417A (en) | Processing method, device and system and the safety equipment of network attack | |
CN108809970A (en) | A kind of safety protecting method of smart home security gateway | |
CN105049441B (en) | Prevent the method and system of link type ddos attack | |
CN107070951A (en) | A kind of intranet security guard system and method | |
CN103686737B (en) | Wireless sensor network intrusion tolerance method and system based on tree topology | |
CN108769076A (en) | Data collecting system, method and device with network isolation function | |
CN107995287A (en) | A kind of method by IPMI remote monitoring data Centroid health status | |
CN107332863A (en) | The safety detection method and system of a kind of main frame based on centralized management | |
CN107070888A (en) | Gateway security management method and equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |