CN110753039B - Method and device for remote login safety protection - Google Patents
Method and device for remote login safety protection Download PDFInfo
- Publication number
- CN110753039B CN110753039B CN201910936520.6A CN201910936520A CN110753039B CN 110753039 B CN110753039 B CN 110753039B CN 201910936520 A CN201910936520 A CN 201910936520A CN 110753039 B CN110753039 B CN 110753039B
- Authority
- CN
- China
- Prior art keywords
- client
- abnormal
- network topology
- telnet
- temporary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000002159 abnormal effect Effects 0.000 claims abstract description 98
- 230000005855 radiation Effects 0.000 claims abstract description 34
- 230000006399 behavior Effects 0.000 claims abstract description 19
- 230000004044 response Effects 0.000 claims description 14
- 230000000694 effects Effects 0.000 claims description 9
- 230000009471 action Effects 0.000 claims description 3
- 230000002547 anomalous effect Effects 0.000 claims description 3
- 230000007123 defense Effects 0.000 abstract description 8
- 230000005856 abnormality Effects 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000033228 biological regulation Effects 0.000 description 2
- 230000003831 deregulation Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 230000032683 aging Effects 0.000 description 1
- 230000008034 disappearance Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention relates to a method and a device for remote login safety protection, wherein the method comprises the following steps: generating a network topology according to the network information of the client; responding to a network abnormity alarm sent by a client, and marking the abnormity level of an abnormal client in the network topology; according to the abnormal grade, radiating the designated protection range from the abnormal client along the network topology; and enabling all clients located in the radiation protection range of the abnormal client to start corresponding temporary control according to the abnormal level so as to limit all remote login behaviors in a specified time. The method of the invention provides unified centralized management and protection for remote login of a large number of clients in a complex network environment, thereby actively adjusting defense strategies according to situation awareness of the safe real-time state of the whole network and achieving the purpose of effective protection.
Description
Technical Field
The invention relates to the technical field of network security. The invention further relates to a method and a device for remote login safety protection.
Background
As the network environment of various organizations becomes more complex, the events of remotely logging in to the operating system and performing hacking by means of stealing system accounts, brute force, and the like become more serious, and the logging-in means includes but is not limited to SSH, remote connection, and the like.
Thus, protection against login, especially telnet, is also increasingly important. The general login protection function only aims at the single action of login, cannot be associated with the security state of the whole network, and only can provide passive defense. Or the network violence is identified by checking a login failure log and the like so as to inform a network manager to prevent and treat.
Based on the above situation, it is necessary to provide a security protection policy especially for large number of clients, which considers passive defense and automatically adjusts the defense policy according to the situation awareness of the security real-time status of the whole network, so as to achieve the purpose of effective protection.
Disclosure of Invention
In one aspect, the present invention provides a method for remote login security protection based on the above object, wherein the method includes:
generating a network topology according to the network information of the client;
responding to a network abnormity alarm sent by a client, and marking the abnormity level of an abnormal client in the network topology;
according to the abnormal grade, radiating the designated protection range from the abnormal client along the network topology;
and enabling all clients located in the radiation protection range of the abnormal client to start corresponding temporary control according to the abnormal level so as to limit all remote login behaviors in a specified time.
An embodiment of the method of telnet security according to the invention is described, wherein the method further comprises:
and closing the temporary control to allow the remote login behavior in response to the client receiving the control canceling instruction.
According to an embodiment of the method for remote login security protection, the closing the temporary control to allow the remote login behavior in response to the client receiving the control release instruction further includes:
and responding to the abnormal client to close the temporary management and control, and canceling the radiation protection range of the abnormal client.
According to an embodiment of the method for remote login security protection of the present invention, enabling all clients located within the radiation protection range of the abnormal client to initiate corresponding temporary policing according to the abnormal level so as to limit all remote login behaviors within a specified time further includes:
and responding to the fact that the client is located in the radiation protection range of the at least one abnormal client, setting a locking identifier for the client according to the abnormal grade of the at least one abnormal client, and starting or removing temporary management and control according to the state of the locking identifier.
An embodiment of the method of telnet security according to the invention is described, wherein the method further comprises:
setting a white list for a client in the network topology to allow telnet initiated by a specified IP address and/or IP address segment; and/or
A blacklist is set for clients in the network topology to limit telnets initiated by a given IP address and/or segment of IP addresses.
In another aspect, the present invention further provides a device for remote login security protection, wherein the device includes:
at least one processor; and
a memory storing processor-executable program instructions that, when executed by the processor, perform the steps of:
generating a network topology according to the network information of the client;
responding to a network abnormity alarm sent by a client, and marking the abnormity level of an abnormal client in the network topology;
according to the abnormal grade, radiating the designated protection range from the abnormal client along the network topology;
and enabling all clients located in the radiation protection range of the abnormal client to start corresponding temporary control according to the abnormal level so as to limit all remote login behaviors in a specified time.
In an embodiment of the apparatus for remote login security protection according to the invention, the method further comprises:
and closing the temporary control to allow the remote login behavior in response to the client receiving the control canceling instruction.
An embodiment of the apparatus for telnet security protection according to the present invention, wherein in response to the client receiving a deregistration instruction, closing the temporary administration to allow the telnet action further comprises:
and responding to the abnormal client to close the temporary management and control, and canceling the radiation protection range of the abnormal client.
An embodiment of the apparatus for telnet security guards according to the present invention, wherein enabling all clients located within the radiation protection scope of the abnormal client to initiate corresponding temporary policing according to the abnormal level to limit all telnet activities within a specified time further comprises:
and responding to the fact that the client is located in the radiation protection range of the at least one abnormal client, setting a locking identifier for the client according to the abnormal grade of the at least one abnormal client, and starting or removing temporary management and control according to the state of the locking identifier.
In an embodiment of the apparatus for remote login security protection according to the invention, the method further comprises:
setting a white list for a client in the network topology to allow telnet initiated by a specified IP address and/or IP address segment; and/or
A blacklist is set for clients in the network topology to limit telnets initiated by a given IP address and/or segment of IP addresses.
By adopting the technical scheme, the invention at least has the following beneficial effects: the method and the system realize the security protection strategy aiming at the login of a large number of clients, provide unified centralized management and protection for the remote login of a large number of clients in a complex network environment, perform login protection according to strategy configuration, sense self-regulation according to the situation of security risks by detecting the security state of the whole network, and prompt risks, so that the defense strategy can be actively adjusted according to the situation of the security real-time state of the whole network, and the aim of effective protection is fulfilled.
The present invention provides aspects of embodiments, which should not be used to limit the scope of the present invention. Other embodiments are contemplated in accordance with the techniques described herein, as will be apparent to one of ordinary skill in the art upon study of the following figures and detailed description, and are intended to be included within the scope of the present application.
Embodiments of the invention are explained and described in more detail below with reference to the drawings, but they should not be construed as limiting the invention.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are required to be used in the description of the prior art and the embodiments will be briefly described below, parts in the drawings are not necessarily drawn to scale, and related elements may be omitted, or in some cases the scale may have been exaggerated in order to emphasize and clearly show the novel features described herein. In addition, the structural order may be arranged differently, as is known in the art.
FIG. 1 shows a schematic block diagram of an embodiment of a method of remote login security protection according to the present invention.
Detailed Description
While the present invention may be embodied in various forms, there is shown in the drawings and will hereinafter be described some exemplary and non-limiting embodiments, with the understanding that the present disclosure is to be considered an exemplification of the invention and is not intended to limit the invention to the specific embodiments illustrated.
FIG. 1 shows a schematic block diagram of an embodiment of a method of remote login security protection according to the present invention. In the embodiment shown in the figure, the method comprises at least the following steps:
s1: generating a network topology according to the network information of the client;
s2: responding to a network abnormity alarm sent by a client, and marking the abnormity level of an abnormal client in the network topology;
s3: according to the abnormal grade, radiating the designated protection range from the abnormal client along the network topology;
s4: and enabling all clients located in the radiation protection range of the abnormal client to start corresponding temporary control according to the abnormal level so as to limit all remote login behaviors in a specified time.
Specifically, first, in step S1, a network topology is generated based on the network information, IP address, and the like fed back from the client. Each node in the topology represents a client. Subsequently, when the network of one client generates an abnormality alarm, step S2 marks the abnormality level of the abnormal client in the network topology. For example, preferably, but not limited to, different levels are labeled according to the high, medium, and low levels of alerts, such as a high risk- > red level; medium risk- > yellow grade; low risk- > orange grade. Step S3 then radiates the designated protection scope from the anomalous client along the network topology according to the anomaly level. For example, when a client is marked as abnormal in the network topology, namely an abnormal node is marked, the radiation range of the abnormal node is determined according to the abnormal level, namely the risk level of the abnormal node, and preferably, a red level radiates a 3-layer outwards along the topological graph, a yellow level radiates a 2-layer outwards, and an orange level radiates a 1-layer outwards. Finally, all the clients in the radiation protection range of the abnormal client in step S4 initiate corresponding temporary control according to the abnormal level to limit all the telnet behaviors within a specified time. For example, temporary management and control of clients in the radiation protection range are started on a topological graph according to the abnormal level, namely the risk level, and the aging of the temporary strategy is 12 hours, 6 hours and 2 hours from high to low according to the level. The temporary management and control proposed here aims to open the telnet protection function to limit all telnet activities, so as to temporarily enforce protection on clients in the network without timely handling of anomalies and/or inconvenience of timely handling and/or failure of first time repair of the network environment by operation and maintenance personnel. The steps S1 to S4 are utilized to provide unified centralized management and protection for remote login of a large number of clients by utilizing the method under a complex network environment, all the clients in the whole group are influenced, and the purpose of batch management is achieved, so that the defense strategy can be actively adjusted according to the situation awareness of the safe real-time state of the whole network, and the purpose of effective protection is achieved.
Further embodiments of the present invention will be described below, it being noted that the numbering of the steps mentioned therein is used only for the convenience of unambiguously indicating the step without any particular indication, and does not limit the order of the steps described.
In some embodiments of the method of telnet security of the present invention, wherein the method further comprises:
s5: and closing the temporary control to allow the remote login behavior in response to the client receiving the control canceling instruction.
In general, once a network abnormality alarm is sent by a client, operation and maintenance personnel can process the network abnormality alarm at the first time. After the processing is completed, the operation and maintenance personnel can manually cancel the temporary management and control function. For example, step S5 notifies the client to close the temporary management by issuing a management release instruction to the client to allow the telnet behavior.
In a further embodiment of the method for remote login security protection of the present invention, the step S5, in response to the client receiving a deregulation instruction, closing the temporary regulation to allow the remote login behavior further includes: and responding to the abnormal client to close the temporary management and control, and canceling the radiation protection range of the abnormal client. In these embodiments, after the operation and maintenance personnel have handled the abnormal situation and closed the temporary management and control of the abnormal client, the operation and maintenance personnel do not need to close the temporary management and control of other clients within the radiation protection range one by one, but may directly cancel the radiation protection range of the abnormal client, for example, in an instruction manner, and the client within the radiation protection range may make an adjustment of the protection policy according to its own situation, for example, close the temporary management and control; and/or, only performing temporary management corresponding to the abnormality level of itself when there is also an abnormality of itself; and/or when the abnormal client is still located in the radiation protection range of other abnormal clients, performing temporary control corresponding to the abnormal level of other abnormal clients and the like.
In several embodiments of the method for telnet security protection of the present invention, the step S4 enabling all clients located within the radiation protection range of the abnormal client to initiate corresponding temporary policing according to the abnormal level so as to limit all telnet activities within the specified time further includes: and responding to the fact that the client is located in the radiation protection range of the at least one abnormal client, setting a locking identifier for the client according to the abnormal grade of the at least one abnormal client, and starting or removing temporary management and control according to the state of the locking identifier. Specifically, when the client is located within the radiation protection range of at least one abnormal client, the temporary management control is started or released according to the state of a lock identifier determined according to the abnormal levels of all the at least one abnormal client, for example, the lock identifier E ═ sum (n), where n is the abnormal level of the radiation source (i.e., the abnormal client). Under the condition that a plurality of abnormal clients simultaneously radiate to a certain client, when the abnormal control of the certain abnormal client is closed due to reasons such as disappearance of an abnormal state or temporary control, the locking mark E is correspondingly reduced. When E is greater than 0, performing temporary management and control on the client to limit all remote logins; when E is 0, the temporary control on the client is canceled to allow remote login.
In one or more embodiments of the method of telnet security of the present invention, the method further comprises:
s6: setting a white list for a client in the network topology to allow telnet initiated by a specified IP address and/or IP address segment; and/or
S7: a blacklist is set for clients in the network topology to limit telnets initiated by a given IP address and/or segment of IP addresses.
In order to give consideration to both passive defense strategies and to perform long-term control on telnet with extremely high risk and reduce unnecessary triggering of active protection, white list rules and/or black list rules are proposed in the embodiments of the present invention. When the white list rule is opened, the rule takes effect under the condition that only the remote login initiated by the specified IP address and/or the IP address field in the rule is allowed. When the blacklist rule is opened, the rule takes effect under the condition that the remote login initiated by the specified IP address and/or IP address field in the blacklist rule is not allowed, and the remote login initiated by other IP addresses and/or IP address fields is allowed. Unnecessary active protection procedures can thus be reduced by blacklisting long-term risk IP addresses and/or IP address segments. Alternatively, when the overall network environment is rather harsh and is in an extremely unsafe condition, the corresponding designated IP address and/or IP address field is white-listed to maintain the proper performance of the necessary few telnets.
In another aspect, the present invention further provides a device for remote login security protection, wherein the device includes: at least one processor; and a memory storing processor-executable program instructions that, when executed by the processor, perform the steps of:
s1: generating a network topology according to the network information of the client;
s2: responding to a network abnormity alarm sent by a client, and marking the abnormity level of an abnormal client in the network topology;
s3: according to the abnormal grade, radiating the designated protection range from the abnormal client along the network topology;
s4: and enabling all clients located in the radiation protection range of the abnormal client to start corresponding temporary control according to the abnormal level so as to limit all remote login behaviors in a specified time.
In some embodiments of the telnet secured device of the present invention, wherein the method further comprises:
s5: and closing the temporary control to allow the remote login behavior in response to the client receiving the control canceling instruction.
In a further embodiment of the apparatus for remote login security protection of the present invention, the step S5, in response to the client receiving the deregulation instruction, closing the temporary regulation to allow the remote login behavior further includes: and responding to the abnormal client to close the temporary management and control, and canceling the radiation protection range of the abnormal client.
In several embodiments of the apparatus for telnet security protection of the present invention, the step S4 enabling all clients within the radiation protection range of the abnormal client to initiate corresponding temporary policing according to the abnormal level to limit all telnet activities within the specified time further includes: and responding to the situation that the client is located in the radiation protection range of at least one abnormal client, setting a locking identifier for the client according to the abnormal grade of the at least one abnormal client, and starting or removing temporary management and control according to the state of the locking identifier.
In one or more embodiments of the telnet secured device of the present invention, the method further comprises:
s6: setting a white list for a client in the network topology to allow telnet initiated by a specified IP address and/or IP address segment; and/or
S7: a blacklist is set for clients in the network topology to limit telnets initiated by a given IP address and/or segment of IP addresses.
The devices and apparatuses disclosed in the embodiments of the present invention may be various electronic terminal apparatuses, such as a mobile phone, a Personal Digital Assistant (PDA), a tablet computer (PAD), a smart television, and the like, or may be a large terminal apparatus, such as a server, and therefore the scope of protection disclosed in the embodiments of the present invention should not be limited to a specific type of device and apparatus. The client disclosed in the embodiment of the present invention may be applied to any one of the above electronic terminal devices in the form of electronic hardware, computer software, or a combination of both.
The computer-readable storage media (e.g., memory) described herein may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. By way of example, and not limitation, nonvolatile memory can include Read Only Memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM), which can act as external cache memory. By way of example and not limitation, RAM is available in a variety of forms such as synchronous RAM (DRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The storage devices of the disclosed aspects are intended to comprise, without being limited to, these and other suitable types of memory.
By adopting the technical scheme, the invention at least has the following beneficial effects: the method and the system realize the security protection strategy aiming at the login of a large number of clients, provide unified centralized management and protection for the remote login of a large number of clients in a complex network environment, perform login protection according to strategy configuration, sense self-regulation according to the situation of security risks by detecting the security state of the whole network, and prompt risks, so that the defense strategy can be actively adjusted according to the situation of the security real-time state of the whole network, and the aim of effective protection is fulfilled.
It is to be understood that the features listed above for the different embodiments may be combined with each other to form further embodiments within the scope of the invention, where technically feasible. Furthermore, the specific examples and embodiments described herein are non-limiting, and various modifications of the structure, steps and sequence set forth above may be made without departing from the scope of the invention.
In this application, the use of the conjunction of the contrary intention is intended to include the conjunction. The use of definite or indefinite articles is not intended to indicate cardinality. In particular, references to "the" object or "a" and "an" object are intended to mean possibly one of at least one such object. However, although elements disclosed in the embodiments of the invention may be described or claimed in the singular, the singular is also to be construed as at least one unless explicitly limited to the singular. Furthermore, the conjunction "or" may be used to convey simultaneous features, rather than mutually exclusive schemes. In other words, the conjunction "or" should be understood to include "and/or". The term "comprising" is inclusive and has the same scope as "comprising".
The above-described embodiments, particularly any "preferred" embodiments, are possible examples of implementations, and are presented merely for a clear understanding of the principles of the invention. Many variations and modifications may be made to the above-described embodiments without departing substantially from the spirit and principles of the technology described herein. All such modifications are intended to be included within the scope of this disclosure.
Claims (10)
1. A method of telnet security, the method comprising:
generating a network topology according to the network information of the client;
responding to a network abnormity alarm sent by a client, and marking the abnormity level of an abnormal client in the network topology;
according to the abnormal level, radiating a designated protection range from the abnormal client along the network topology;
and enabling all clients located in the radiation protection range of the abnormal client to start corresponding temporary control according to the abnormal level so as to limit all remote login behaviors in a specified time.
2. The method of claim 1, further comprising:
and in response to the client receiving a control releasing instruction, closing the temporary control to allow the remote login behavior.
3. The method of claim 2, wherein the closing the temporary governance to allow telnet activity in response to the client receiving a governance release instruction further comprises:
and in response to the abnormal client closing the temporary management and control, canceling the radiation protection range of the abnormal client.
4. The method of claim 1, wherein enabling all clients within the range of the anomalous client radiation protection to initiate respective temporary polices according to the anomaly level to restrict all telnet activities within a specified time further comprises:
and responding to the situation that the client is positioned in the radiation protection range of at least one abnormal client, setting a locking identifier for the client according to the abnormal grade of the at least one abnormal client, and starting or removing the temporary management and control according to the state of the locking identifier.
5. The method of claim 1, further comprising:
setting a white list for clients in the network topology to allow telnet initiated by a specified IP address and/or IP address segment; and/or
Setting a blacklist for clients in the network topology to restrict telnet initiated by a specified IP address and/or IP address segment.
6. A telnet security guard, comprising:
at least one processor; and
a memory storing processor-executable program instructions that, when executed by the processor, perform the steps of:
generating a network topology according to the network information of the client;
responding to a network abnormity alarm sent by a client, and marking the abnormity level of an abnormal client in the network topology;
according to the abnormal level, radiating a designated protection range from the abnormal client along the network topology;
and enabling all clients located in the radiation protection range of the abnormal client to start corresponding temporary control according to the abnormal level so as to limit all remote login behaviors in a specified time.
7. The apparatus of claim 6, wherein the processor is further configured to perform the following steps based on the program instructions:
and in response to the client receiving a control releasing instruction, closing the temporary control to allow the remote login behavior.
8. The apparatus of claim 7, wherein the turning off the temporary governance to allow the telnet action in response to the client receiving a governance release instruction further comprises:
and in response to the abnormal client closing the temporary management and control, canceling the radiation protection range of the abnormal client.
9. The apparatus of claim 6, wherein the causing all clients within the range of the anomalous client radiation protection to initiate respective temporary polices according to the anomaly level to restrict all telnet activities within a specified time further comprises:
and responding to the situation that the client is positioned in the radiation protection range of at least one abnormal client, setting a locking identifier for the client according to the abnormal grade of the at least one abnormal client, and starting or removing the temporary management and control according to the state of the locking identifier.
10. The apparatus of claim 6, wherein the processor is further configured to perform the following steps based on the program instructions:
setting a white list for clients in the network topology to allow telnet initiated by a specified IP address and/or IP address segment; and/or
Setting a blacklist for clients in the network topology to restrict telnet initiated by a specified IP address and/or IP address segment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910936520.6A CN110753039B (en) | 2019-09-29 | 2019-09-29 | Method and device for remote login safety protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910936520.6A CN110753039B (en) | 2019-09-29 | 2019-09-29 | Method and device for remote login safety protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110753039A CN110753039A (en) | 2020-02-04 |
| CN110753039B true CN110753039B (en) | 2022-04-22 |
Family
ID=69277413
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910936520.6A Active CN110753039B (en) | 2019-09-29 | 2019-09-29 | Method and device for remote login safety protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110753039B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111859376A (en) * | 2020-07-21 | 2020-10-30 | 广州锦行网络科技有限公司 | Method for discovering intranet attacker based on windows login information |
| CN114339489B (en) * | 2021-12-28 | 2023-11-21 | 深圳创维数字技术有限公司 | Method, equipment and medium for terminal to finish server authentication in PON system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254153A (en) * | 2016-09-19 | 2016-12-21 | 腾讯科技(深圳)有限公司 | A kind of Network Abnormal monitoring method and apparatus |
| CN109873811A (en) * | 2019-01-16 | 2019-06-11 | 光通天下网络科技股份有限公司 | Network safety protection method and its network security protection system based on attack IP portrait |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101415017A (en) * | 2007-10-16 | 2009-04-22 | 中兴通讯股份有限公司 | Method for transmitting embedded system document based on telnet protocol |
| CN101493779A (en) * | 2009-02-27 | 2009-07-29 | 中国工商银行股份有限公司 | Remote terminal control method |
| CN101764709B (en) * | 2009-12-29 | 2012-02-22 | 福建星网锐捷网络有限公司 | Network physical topology discovering method and network management server based on SNMP |
| US8982726B2 (en) * | 2011-01-17 | 2015-03-17 | Shahram Davari | Network device |
| CN103078938B (en) * | 2012-12-31 | 2015-04-29 | 中国工商银行股份有限公司 | Remote access control system and method |
| CN104135459A (en) * | 2013-05-03 | 2014-11-05 | 北京优联实科信息科技有限公司 | Access control system and access control method thereof |
| CN106803037A (en) * | 2016-11-28 | 2017-06-06 | 全球能源互联网研究院 | A kind of software security means of defence and device |
| CN108156537B (en) * | 2017-12-15 | 2020-01-07 | 维沃移动通信有限公司 | Remote operation method of mobile terminal and mobile terminal |
| CN108111342B (en) * | 2017-12-15 | 2021-08-27 | 北京华创网安科技股份有限公司 | Visualization-based threat alarm display method |
| CN109218077A (en) * | 2018-08-14 | 2019-01-15 | 阿里巴巴集团控股有限公司 | Prediction technique, device, electronic equipment and the storage medium of target device |
| CN109510725B (en) * | 2018-11-28 | 2022-05-17 | 迈普通信技术股份有限公司 | Communication equipment fault detection system and method |
-
2019
- 2019-09-29 CN CN201910936520.6A patent/CN110753039B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254153A (en) * | 2016-09-19 | 2016-12-21 | 腾讯科技(深圳)有限公司 | A kind of Network Abnormal monitoring method and apparatus |
| CN109873811A (en) * | 2019-01-16 | 2019-06-11 | 光通天下网络科技股份有限公司 | Network safety protection method and its network security protection system based on attack IP portrait |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110753039A (en) | 2020-02-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Panchal et al. | Security issues in IIoT: A comprehensive survey of attacks on IIoT and its countermeasures | |
| CN110753039B (en) | Method and device for remote login safety protection | |
| US9661006B2 (en) | Method for protection of automotive components in intravehicle communication system | |
| Ketel et al. | Bring your own device: Security technologies | |
| US10623436B2 (en) | System and method of architectural security and resilience for microgrid systems | |
| CN115361189B (en) | Intelligent management method and system based on distributed firewall security policy | |
| CN105024999A (en) | IP video monitoring network security access method | |
| US11245699B2 (en) | Token-based device access restriction systems | |
| US9645566B2 (en) | Physical presence verification by an industrial control system controller | |
| Dolezilek et al. | Cybersecurity based on IEC 62351 and IEC 62443 for IEC 61850 systems | |
| EP2747345B1 (en) | Ips detection processing method, network security device and system | |
| CN103957185A (en) | Firewall control method for realizing traffic monitoring of application layer | |
| US20180121664A1 (en) | Protecting and monitoring internal bus transactions | |
| Aljohani | Cyberattacks on Energy Infrastructures as Modern War Weapons—Part II: Gaps, Standardization, and Mitigation | |
| CN110933054B (en) | Data network security protection method and device, computer equipment and storage medium | |
| Zegzhda et al. | Approach to APCS protection from cyber threats | |
| Yuhong et al. | Industrial Internet security protection based on an industrial firewall | |
| Berhe et al. | Industrial control system security framework for ethiopia | |
| Idrissi et al. | Cyber security challenges and issues of industrial control systems–some security recommendations | |
| CN116015895A (en) | Big data computer network safety protection system | |
| US10154046B2 (en) | System and method for evaluation and response to cyber security exposure in an embedded control device | |
| Sharma et al. | Prevention against DDOS attack on cloud systems using triple filter: An algorithmic approach | |
| Anft | An Emerging Threat: Ransomware | |
| US20240121213A1 (en) | Firewall gateway device and related methods for protecting distributed energy resources and other operational technologies against cyberattacks | |
| Alderson et al. | Operational technology: Are you vulnerable? |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |