CN110730178A - Method and device for dynamically controlling privileged system port and strategy opening - Google Patents
Method and device for dynamically controlling privileged system port and strategy opening Download PDFInfo
- Publication number
- CN110730178A CN110730178A CN201910998163.6A CN201910998163A CN110730178A CN 110730178 A CN110730178 A CN 110730178A CN 201910998163 A CN201910998163 A CN 201910998163A CN 110730178 A CN110730178 A CN 110730178A
- Authority
- CN
- China
- Prior art keywords
- ports
- opening
- port
- dynamically
- strategies
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
Abstract
The invention discloses a method for dynamically controlling opening of privileged system ports and policies, which comprises the following steps: A) collecting ports and strategies needing dynamic control; B) setting the ports and strategies which need to be dynamically controlled; C) running a dynamic control privilege device, and dynamically adding and deleting rule setting on a registry, a firewall and services of a privilege system to control opening and closing of ports and strategies; D) judging whether to execute the dynamic control privilege device, if so, executing step E); otherwise, executing step F); E) after execution, opening and closing according to a set port and a set strategy; F) and (6) exiting. The invention also relates to a device for realizing the method. The method and the device for dynamically controlling the opening of the privileged system port and the strategy have the following advantages that: the opening of the ports and the strategy of the privileged system can be dynamically allocated, so that manual misoperation is reduced to the maximum extent, and labor force is released.
Description
Technical Field
The invention relates to the field of security management of privileged accounts, in particular to a method and a device for dynamically controlling opening of privileged system ports and policies.
Background
With the continuous development of national economy and the gradual popularization of social informatization degree along with the development of the internet, the dependence of people on networks in daily production and life is gradually enhanced, however, the security problem of a privileged system is more and more severe, the most important problem existing in the current informatization application is solved, for an attacker, a port attacking the privileged system and a strategy utilizing the system are the most commonly used attacking means, and if the port and the strategy of the privileged system are not effectively managed, the system is easy to attack, so that the research on the security of computer network information technology must be increased, the hidden danger influencing the security of the privileged system is found out, and therefore, a method and a device for dynamically controlling the opening of the port and the strategy of the privileged system are needed.
The traditional privileged system port and policy protection is manually added and opened, so that errors of manual misoperation, manpower increase and personnel handover can exist, the privileged system security loopholes can exist due to incomplete opening of the port policy, a backdoor is provided for an attacker, and great privilege management security hidden dangers are caused to enterprises.
Disclosure of Invention
The present invention provides a method and an apparatus for dynamically controlling the opening of the ports and policies of the privileged system, which can dynamically allocate the opening of the ports and policies of the privileged system, minimize manual misoperation, and release labor force, in view of the above-mentioned defects of the prior art.
The technical scheme adopted by the invention for solving the technical problems is as follows: a method for dynamically controlling the opening of privileged system ports and policies is constructed, which comprises the following steps:
A) collecting ports and strategies needing dynamic control;
B) setting the ports and strategies which need to be dynamically controlled;
C) running a dynamic control privilege device, and dynamically adding and deleting rule setting on a registry, a firewall and services of a privilege system to control opening and closing of ports and strategies;
D) judging whether to execute the dynamic control privilege device, if so, executing step E); otherwise, executing step F);
E) after execution, opening and closing according to a set port and a set strategy;
F) and (6) exiting.
In the method for dynamically controlling the opening of the privileged system port and the policy of the present invention, the step B) further includes:
B1) writing the ports and the strategies which need to be dynamically controlled on a notebook;
B2) and setting the ports and the strategies which need to be dynamically controlled according to the corresponding opening and closing parameters.
In the method for dynamically controlling the opening of the privileged system port and the policy, when the port and the policy which need to be dynamically controlled are collected, operation and maintenance personnel collect the port and the policy.
The invention also relates to a device for realizing the method for dynamically controlling the opening of the privileged system port and the strategy, which comprises the following steps:
a port policy collection unit: the system is used for collecting ports and strategies needing dynamic control;
a port policy setting unit: the system comprises a port and a strategy which are used for setting the port and the strategy which need to be dynamically controlled;
an operation unit: the device is used for operating the dynamic control privilege device and dynamically adding and deleting rule setting on a registry, a firewall and services of a privilege system so as to control the opening and closing of ports and strategies;
an execution judgment unit: means for determining whether to execute the dynamic control privilege;
an opening and closing unit: after the execution, opening and closing are carried out according to the set port and the strategy;
an exit unit: for exit.
In the apparatus of the present invention, the port policy setting unit further includes:
a port policy writing module: the port and the strategy which need to be dynamically controlled are written on the notebook;
a port policy setting module: and the system is used for setting the ports and the strategies which need to be dynamically controlled according to the corresponding opening and closing parameters.
In the device of the present invention, the port and the policy that need to be dynamically controlled are collected by the operation and maintenance staff.
The method and the device for dynamically controlling the opening of the privileged system port and the strategy have the following advantages that: ports and policies that need to be dynamically controlled are collected; setting ports and strategies which need to be dynamically controlled; running a dynamic control privilege device, and dynamically adding and deleting rule setting on a registry, a firewall and services of a privilege system to control opening and closing of ports and strategies; after executing the dynamic control privilege device, opening and closing according to the set port and strategy; the method does not need manual adding and opening, so the method can dynamically allocate the opening of the ports and the strategy of the privileged system, reduce manual misoperation to the maximum extent and release labor force.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow diagram of a method in one embodiment of a method and apparatus for dynamically controlling the opening of privileged system ports and policies of the present invention;
FIG. 2 is a specific flowchart illustrating the setting of the ports and policies that need to be dynamically controlled in the embodiment;
fig. 3 is a schematic structural diagram of the device in the embodiment.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the embodiment of the method and apparatus for dynamically controlling the opening of privileged system ports and policies of the present invention, a flowchart of the method for dynamically controlling the opening of privileged system ports and policies is shown in fig. 1. In fig. 1, the method for dynamically controlling the opening of the privileged system port and the policy includes the following steps:
step S01 collects the ports and policies that need dynamic control: in this step, the ports and policies that need to be dynamically controlled are collected. Specifically, when collecting the ports and policies that need to be dynamically controlled, the operation and maintenance personnel collect the ports and policies.
Step S02 sets the port and policy that need to be dynamically controlled: in this step, the collected ports and policies that need to be dynamically controlled are set, and during setting, corresponding setting can be performed according to specific requirements.
Step S03 is to run a dynamic control privilege device to achieve the opening and closing of control ports and policies by dynamically adding and deleting rule settings to the registry, firewall, and services of the privileged system: in this step, the dynamic privilege control device is operated, and the purposes of opening and closing the system port and the policy can be achieved by dynamically adding and deleting rule settings to the registry, the firewall, the service and the like of the privilege system.
Step S04 judges whether or not to execute the dynamic control privileged device: in this step, it is determined whether to execute the dynamic control privilege device, and if the result of the determination is yes, step S05 is executed; otherwise, step S06 is executed.
After step S05 is executed, opening and closing are performed according to the set port and policy: if the determination result of the above step S04 is yes, that is, the dynamic control privileged device is to be executed, the present step is executed. In this step, after the dynamic control privilege device is executed, opening and closing are performed according to the set port and policy.
Step S06 exits: if the determination result of the above step S04 is no, that is, the dynamic control privileged device is not executed, the present step is executed. In this step, the current flow is exited.
The method for dynamically controlling the opening of the privileged system port and the policy does not need manual addition and opening, so the method can dynamically allocate the opening of the privileged system port and the policy, reduce manual misoperation to the maximum extent and release labor force.
For the present embodiment, the step S02 can be further refined, and the detailed flowchart is shown in fig. 2. In fig. 2, the step S02 further includes the following steps:
step S21 writes the port and policy to be dynamically controlled on the notepad: in this step, the ports and policies to be dynamically controlled are written on the notepad.
Step S22 sets the ports and policies to be dynamically controlled according to the corresponding open and close parameters: in this step, the ports and policies to be dynamically controlled are set according to the corresponding opening and closing parameters. Setting of the port and the policy that require dynamic control is realized through the above-described steps S21 to S22.
The embodiment also relates to a device for implementing the method for dynamically controlling the opening of the privileged system port and the policy, and a schematic structural diagram of the device is shown in fig. 3. In fig. 3, the apparatus includes a port policy collecting unit 1, a port policy setting unit 2, an execution unit 3, an execution judging unit 4, an opening/closing unit 5, and an exit unit 6.
The port strategy collection unit 1 is used for collecting ports and strategies which need to be dynamically controlled; specifically, when collecting the ports and policies that need to be dynamically controlled, the operation and maintenance personnel collect the ports and policies.
The port strategy setting unit 2 is used for setting a port and a strategy which need to be dynamically controlled; when the device is set, the device can be correspondingly set according to specific requirements.
The operation unit 3 is used for operating the dynamic control privilege device, and can dynamically add and delete rule settings to a registry, a firewall and services of the privilege system so as to achieve the purpose of controlling the opening and closing of ports and policies.
The execution judging unit 4 is used for judging whether to execute the dynamic control privileged device. The opening and closing unit 5 is used for opening and closing according to the set port and the policy after executing the dynamic control privilege device. The ejection unit 6 is used for ejection.
The device of the invention does not need manual adding and opening, so the invention can dynamically allocate the opening of the port and the strategy of the privileged system, reduce manual misoperation to the maximum extent and release labor force.
In this embodiment, the port policy setting unit 2 further includes a port policy writing module 21 and a port policy setting module 22; the port strategy writing module 21 is used for writing the port and the strategy which need to be dynamically controlled on the notebook; the port policy setting module 22 is used to set the ports and policies that need to be dynamically controlled according to the corresponding open and close parameters. The setting of the ports and the policies to be dynamically controlled is realized by the port policy writing module 21 and the port policy setting module 22.
In a word, the invention does not need to manually add and open, thereby avoiding manual misoperation, reducing manpower, avoiding personnel handover errors, avoiding privilege system security holes existing in imperfect port strategy opening, and improving the security of enterprise privilege management. Therefore, the invention can dynamically allocate the opening of the ports and the strategy of the privileged system, reduce the manual misoperation to the maximum extent and release the labor force.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (6)
1. A method for dynamically controlling the opening of privileged system ports and policies is characterized by comprising the following steps:
A) collecting ports and strategies needing dynamic control;
B) setting the ports and strategies which need to be dynamically controlled;
C) running a dynamic control privilege device, and dynamically adding and deleting rule setting on a registry, a firewall and services of a privilege system to control opening and closing of ports and strategies;
D) judging whether to execute the dynamic control privilege device, if so, executing step E); otherwise, executing step F);
E) after execution, opening and closing according to a set port and a set strategy;
F) and (6) exiting.
2. The method of dynamically controlling the opening of privileged system ports and policies of claim 1, wherein the step B) further comprises:
B1) writing the ports and the strategies which need to be dynamically controlled on a notebook;
B2) and setting the ports and the strategies which need to be dynamically controlled according to the corresponding opening and closing parameters.
3. The method for dynamically controlling the opening of privileged system ports and policies according to claim 1 or 2, wherein the ports and policies to be dynamically controlled are collected by operation and maintenance personnel.
4. An apparatus for implementing the method of dynamically controlling privileged system port and policy opening of claim 1, comprising:
a port policy collection unit: the system is used for collecting ports and strategies needing dynamic control;
a port policy setting unit: the system comprises a port and a strategy which are used for setting the port and the strategy which need to be dynamically controlled;
an operation unit: the device is used for operating the dynamic control privilege device and dynamically adding and deleting rule setting on a registry, a firewall and services of a privilege system so as to control the opening and closing of ports and strategies;
an execution judgment unit: means for determining whether to execute the dynamic control privilege;
an opening and closing unit: after the execution, opening and closing are carried out according to the set port and the strategy;
an exit unit: for exit.
5. The apparatus of claim 4, wherein the port policy setting unit further comprises:
a port policy writing module: the port and the strategy which need to be dynamically controlled are written on the notebook;
a port policy setting module: and the system is used for setting the ports and the strategies which need to be dynamically controlled according to the corresponding opening and closing parameters.
6. The apparatus according to claim 4 or 5, wherein the port and policy requiring dynamic control are collected by operation and maintenance personnel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910998163.6A CN110730178A (en) | 2019-10-21 | 2019-10-21 | Method and device for dynamically controlling privileged system port and strategy opening |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910998163.6A CN110730178A (en) | 2019-10-21 | 2019-10-21 | Method and device for dynamically controlling privileged system port and strategy opening |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110730178A true CN110730178A (en) | 2020-01-24 |
Family
ID=69221645
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910998163.6A Pending CN110730178A (en) | 2019-10-21 | 2019-10-21 | Method and device for dynamically controlling privileged system port and strategy opening |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110730178A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11831606B2 (en) | 2020-04-29 | 2023-11-28 | Kyndryl, Inc. | Dynamically managing firewall ports of an enterprise network |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060075478A1 (en) * | 2004-09-30 | 2006-04-06 | Nortel Networks Limited | Method and apparatus for enabling enhanced control of traffic propagation through a network firewall |
| US20140006777A1 (en) * | 2012-06-29 | 2014-01-02 | Oslsoft, Inc. | Establishing Secure Communication Between Networks |
| CN105721499A (en) * | 2016-04-07 | 2016-06-29 | 周文奇 | Information security system of industrial communication security gateway |
| CN105871930A (en) * | 2016-06-21 | 2016-08-17 | 上海携程商务有限公司 | Self-adaptive firewall security policy configuration method and system based on applications |
| CN110290153A (en) * | 2019-07-19 | 2019-09-27 | 国网安徽省电力有限公司信息通信分公司 | A kind of automatic delivery method of Port Management strategy and device of firewall |
| CN110336834A (en) * | 2019-07-31 | 2019-10-15 | 中国工商银行股份有限公司 | Treating method and apparatus for firewall policy |
-
2019
- 2019-10-21 CN CN201910998163.6A patent/CN110730178A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060075478A1 (en) * | 2004-09-30 | 2006-04-06 | Nortel Networks Limited | Method and apparatus for enabling enhanced control of traffic propagation through a network firewall |
| US20140006777A1 (en) * | 2012-06-29 | 2014-01-02 | Oslsoft, Inc. | Establishing Secure Communication Between Networks |
| CN105721499A (en) * | 2016-04-07 | 2016-06-29 | 周文奇 | Information security system of industrial communication security gateway |
| CN105871930A (en) * | 2016-06-21 | 2016-08-17 | 上海携程商务有限公司 | Self-adaptive firewall security policy configuration method and system based on applications |
| CN110290153A (en) * | 2019-07-19 | 2019-09-27 | 国网安徽省电力有限公司信息通信分公司 | A kind of automatic delivery method of Port Management strategy and device of firewall |
| CN110336834A (en) * | 2019-07-31 | 2019-10-15 | 中国工商银行股份有限公司 | Treating method and apparatus for firewall policy |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11831606B2 (en) | 2020-04-29 | 2023-11-28 | Kyndryl, Inc. | Dynamically managing firewall ports of an enterprise network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324334B (en) | Security group policy management method, device, equipment and computer readable storage medium | |
| US9166988B1 (en) | System and method for controlling virtual network including security function | |
| CN102855430B (en) | Process blacklist and whitelist control method based on Windows system | |
| WO2021114582A1 (en) | Endogenous security user access authentication management system and method | |
| US20090064334A1 (en) | Adaptive Autonomic Threat Detection and Quarantine | |
| US8209758B1 (en) | System and method for classifying users of antivirus software based on their level of expertise in the field of computer security | |
| CN109803055B (en) | Telecommunication network fraud telephone on-line detection and control method | |
| CN101350814A (en) | Safety remote access technology and gateway thereof | |
| EP1802023A1 (en) | System and method for controling ngn service-based firewall | |
| CN111709023B (en) | Application isolation method and system based on trusted operating system | |
| CN110730178A (en) | Method and device for dynamically controlling privileged system port and strategy opening | |
| CN106295355A (en) | A kind of active safety support method towards Linux server | |
| CN110175457A (en) | A kind of dual Architecture trusted operating system and method | |
| CN112583810B (en) | Zero trust method for context-based virtual network | |
| CN110012016B (en) | Method and system for controlling resource access in hybrid cloud environment | |
| CN106453397A (en) | Method of automatically identifying network ticket-robbing and intrusion through big data analysis | |
| CN103178988A (en) | Method and system for monitoring virtualized resources with optimized performance | |
| Du | Application of information communication network security management and control based on big data technology | |
| CN112202704A (en) | Block chain intelligent contract safety protection system | |
| CN106230640B (en) | Security rule port configuration method and device | |
| KR100959276B1 (en) | A system for preventing installation of malicious codes using a control list at the kernel level and the computer-readable recording medium having recording the program thereof | |
| JP2020535515A (en) | Systems, methods, computer programs, and recording media for managing server groups | |
| CN110881023A (en) | Method for providing network differentiated security service based on SDN/NFV | |
| CN111262815A (en) | Virtual host management system | |
| CN112637150A (en) | Honey pot analysis method and system based on nginx |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200124 |
|
| RJ01 | Rejection of invention patent application after publication |