CN110798340B - Port information combing method, device and server - Google Patents

Port information combing method, device and server Download PDF

Info

Publication number
CN110798340B
CN110798340B CN201910961589.4A CN201910961589A CN110798340B CN 110798340 B CN110798340 B CN 110798340B CN 201910961589 A CN201910961589 A CN 201910961589A CN 110798340 B CN110798340 B CN 110798340B
Authority
CN
China
Prior art keywords
port information
devices
server
equipment
communication connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910961589.4A
Other languages
Chinese (zh)
Other versions
CN110798340A (en
Inventor
李志伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Puhui Enterprise Management Co Ltd
Original Assignee
Ping An Puhui Enterprise Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Puhui Enterprise Management Co Ltd filed Critical Ping An Puhui Enterprise Management Co Ltd
Priority to CN201910961589.4A priority Critical patent/CN110798340B/en
Publication of CN110798340A publication Critical patent/CN110798340A/en
Application granted granted Critical
Publication of CN110798340B publication Critical patent/CN110798340B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Computational Linguistics (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application discloses a port information combing method, a device and a server, wherein the method comprises the following steps: the method comprises the steps that a server receives port information of first equipment and port information of one or more equipment which establishes communication connection with the first equipment, wherein the port information of the first equipment is sent by the first equipment; and storing the port information of the first device and the port information of one or more devices establishing communication connection with the first device in an analysis component in an associated manner; then acquiring a query instruction of the device port information associated with the port information of the first device; and then outputting the port information of the one or more devices which is inquired according to the inquiry instruction and is stored in association with the port information of the first device. By adopting the method and the device, the port information between the devices with the closed firewall can be combed, and the combing efficiency is improved.

Description

Port information combing method, device and server
Technical Field
The invention relates to the field of data analysis, in particular to a port information combing method, a device and a server.
Background
With the development and application of network technology, the network security problem becomes increasingly serious. In order to increase the security of network data interaction, a firewall is usually disposed between the internal network and the external network. However, in order to realize communication between devices of the internal network and the external network, it is necessary to close firewalls between some devices. Because the number of the firewalls is large, the firewall between the devices needs to be closed only after the firewall needs to be combed and analyzed, and if the firewall is not combed clearly, potential safety hazards may occur after the firewall is closed. At present, port information between devices of a closed firewall is combed mainly in a manual combing mode, so that the efficiency is low, and the error rate is high.
Disclosure of Invention
The embodiment of the application provides a port information combing method, a device and a server, which realize the combing of port information between devices with closed firewalls, avoid the complexity of manual combing, reduce the error rate of combing, improve the combing efficiency and save the labor cost.
In a first aspect, an embodiment of the present application provides a port information combing method, where the method includes:
the method comprises the steps that a server receives port information of first equipment and port information of one or more devices which establish communication connection with the first equipment, wherein the port information of the first equipment is sent by the first equipment; the first device is a device in a first network, the one or more devices are devices in a second network, and except that a firewall between the first device and the one or more devices is in a closed state, a firewall between any one device in the first network and any one device in the second network is in an open state;
the server stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in an analysis component in an associated mode, and the analysis component is used for inquiring and analyzing the port information;
the server acquires a query instruction of the device port information associated with the port information of the first device;
and the server outputs the port information of the one or more devices which is inquired according to the inquiry instruction and is stored in association with the port information of the first device.
In the embodiment of the application, after the server receives the port information sent by the equipment, the port information is stored in the analysis component for inquiring and analyzing, so that the port information between the equipment with the firewall closed can be combed out, the trouble of manual combing is avoided, meanwhile, the error rate of combing is reduced, the combing efficiency is improved, and the labor cost is saved.
In one possible implementation manner, after the server receives port information of a first device and port information of one or more devices that establish a communication connection with the first device, which are sent by the first device, and before the server stores the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device in association in the analysis component, the method further includes:
and the server performs deduplication processing on the port information of the first device and the port information of one or more devices establishing communication connection with the first device.
In the embodiment of the application, before the server stores the receiving port information into the analysis component, the server firstly performs duplicate removal processing on the port information, removes redundant information, avoids the need of storing redundant information, and saves the storage space of the server.
In one possible implementation manner, the storing, by the server, port information of the first device and port information of one or more devices that establish a communication connection with the first device in association in an analysis component includes:
the server associates and matches the port information of the first device with a first preset field, associates and matches the port information of the one or more devices with a second preset field, wherein the first preset field and the second preset field are correspondingly associated, and the first preset field and the second preset field are fields of preset search keywords;
and the server stores the port information of the first equipment after being associated and matched with the first preset field and the port information of the one or more equipment after being associated and matched with the second preset field in an analysis component.
According to the method and the device, the port information is matched with the preset field in an associated mode, the port information can be checked and inquired through the preset field, the inquiry efficiency can be improved, and the combing efficiency of the port information is further improved.
In one possible implementation manner, after the server outputs the port information of the one or more devices, which is queried according to the query instruction and stored in association with the port information of the first device, the method further includes:
the server acquires a firewall closing instruction, wherein the firewall closing instruction carries port information of second equipment and port information of the one or more equipment and is used for closing a firewall between the second equipment and the one or more equipment; the second device is a device in the first network;
and the server remotely controls the second equipment to close the firewall between the second equipment and the one or more equipment according to the firewall closing instruction.
In a second aspect, an embodiment of the present application provides a port information combing method, where the method includes:
the method comprises the steps that a first device collects port information of the first device and port information of one or more devices which establish communication connection with the first device; the first device is a device in a first network, the one or more devices are devices in a second network, and a firewall between any one device in the first network and any one device in the second network is in an open state except that the firewall between the first device and the one or more devices is in a closed state;
the first device sends port information of the first device and port information of one or more devices establishing communication connection with the first device to a server, the port information of the first device and the port information of the one or more devices are stored in an analysis component of the server in an associated mode, and the analysis component is used for inquiring and analyzing the port information.
According to the method and the device, the port information of the device which is in communication connection with the device is collected, and the collected port information is sent to the server to be used for inquiring and analyzing, so that the port information between the devices with the firewall closed can be combed out, the trouble of manual combing is avoided, meanwhile, the error rate of combing is reduced, the combing efficiency is improved, and the labor cost is saved.
In one possible implementation manner, after the first device acquires the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device, before the first device sends the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device to a server, the method further includes:
the first device performs deduplication processing on port information of the first device and port information of one or more devices establishing communication connection with the first device.
In the embodiment of the application, before the collected port information is sent to the server, the collected port information is subjected to duplicate removal processing, redundant information is removed, the situation that the server needs to store redundant information after the port information is sent to the server is avoided, and the storage space of the server is saved.
In one possible implementation manner, after the first device collects port information of the first device and port information of one or more devices that establish a communication connection with the first device, before the first device sends the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device to a server, the method further includes:
the first device stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in a cache component, and the cache component is a storage component for storing the port information of the first device and the port information of the one or more devices establishing communication connection with the first device in a message queue mode.
In the embodiment of the application, because the port information acquired by the equipment is huge in quantity, the acquired port information is stored in the cache component after the port information is acquired by the equipment, a buffer time is provided for the server to receive the port information, and the pressure of the server to receive and store a large amount of port information is relieved.
In one possible implementation manner, the acquiring, by the first device, port information of the first device and port information of one or more devices that establish a communication connection with the first device includes:
the first equipment circularly collects port information of equipment which establishes communication connection with the first equipment within preset time.
In the embodiment of the present application, port information can be collected only when communication connection has been established between two devices, but communication connection between two devices that can communicate with each other does not exist all the time, and communication connection is established only when communication is needed, so that the devices need to continuously and cyclically collect port information to ensure integrity of the collected port information.
In a third aspect, an embodiment of the present application provides a port information combing device, which includes a unit for executing the port information combing method according to any one of the first aspect and possible implementations thereof.
In a fourth aspect, an embodiment of the present application provides a port information combing server, where the server includes a unit configured to execute the port information combing method according to any one of the second aspect and possible implementations thereof.
In a fifth aspect, an embodiment of the present application provides an apparatus, including a processor, a communication interface, and a memory, where the processor, the communication interface, and the memory are connected to each other, where the memory is used to store a computer program, and the processor is configured to call the computer program to perform the port information combing method according to any one of the first aspect and possible implementation manners thereof.
In a sixth aspect, an embodiment of the present application provides a server, including a processor, a communication interface, and a memory, where the processor, the communication interface, and the memory are connected to each other, where the memory is used to store a computer program, and the processor is configured to call the computer program to execute the port information combing method according to any one of the second aspect and possible implementation manners.
In a seventh aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored, and the computer program, when executed by a processor, causes the processor to execute the port information combing method according to any one of the foregoing first aspect and possible implementation manners thereof.
In an eighth aspect, the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and the computer program, when executed by a processor, causes the processor to execute the port information combing method according to any one of the second aspect and possible implementation manners thereof.
To sum up, the embodiment of the application realizes the combing of the port information between the devices with closed firewall, avoids the complexity of manual combing, reduces the error rate of combing, improves the combing efficiency and saves the labor cost.
Drawings
The drawings to be used in the embodiments of the present application will be described below.
Fig. 1 is a schematic system architecture diagram of a port combing method according to an embodiment of the present application;
fig. 2 is an interaction flow diagram of a port combing method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a logical structure of a port grooming device according to an embodiment of the present application;
fig. 4 is a schematic logical structure diagram of a port grooming server according to an embodiment of the present application;
fig. 5 is a schematic hardware structure diagram of an apparatus according to an embodiment of the present application;
fig. 6 is a schematic hardware structure diagram of a server according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions of the present invention better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
The system architecture of the present solution is described first. Referring to fig. 1, fig. 1 is a schematic diagram of a system architecture of a port combing method according to an embodiment of the present disclosure. The system may include, but is not limited to: the system comprises a first network and a second network, wherein the first network comprises one or more servers (a plurality of servers can form a server cluster) and n devices from 1-1 to 1-n, the second network can comprise n devices from 2-1 to 2-n, and n is an integer greater than or equal to 1.
Normally, a firewall is opened between the first network and the second network, and if a certain device in the first network needs to communicate with a certain device in the second network, the firewall between the two devices needs to be closed first. As shown in fig. 1, it is assumed that device 1-1 in the first network can communicate with devices 2-1, 2-2, and 2-3 in the second network, i.e., indicating that the firewalls between device 1-1 and devices 2-1, 2-2, and 2-3, respectively, have been closed, but that device 1-1 and device 2-n cannot communicate with each other because the firewall is opened between device 1-1 and device 2-n. In fig. 1, the device of the first network and the device of the second network indicate that the firewall is closed and can communicate with each other if there is an arrow connection indicating that the devices can communicate with each other, and indicate that the firewall is opened and cannot communicate with each other if there is no arrow connection between the devices.
The related servers can include, but are not limited to, a background server, a component server, a port information combing server, and the like, and the servers can communicate with a plurality of devices in a network. The server provides port information combing service for the equipment. The server needs to run a corresponding server-side program to provide corresponding port information combing service, such as port information combing database service, data calculation, decision execution, and the like.
The device related to the embodiment of the application can install and run the related application (or APP). The application is a program corresponding to a server and providing a local service to a user. The device in the embodiment of the present application may include, but is not limited to, any electronic device based on an intelligent operating system, which can perform human-computer interaction with a user through an input device such as a keyboard, a virtual keyboard, a touch pad, a touch screen, and a voice control device, such as a smart phone, a tablet computer, a personal computer, and the like. The smart operating system includes, but is not limited to, any operating system that enriches the functionality of a device by providing various applications to the device.
It should be noted that the system architecture of the port combing method provided in the present application is not limited to the system architecture shown in fig. 1.
For traffic needs, firewalls of some devices in the first network and the second network need to be closed to enable intercommunication between the devices of the two networks. However, because the firewall plays a role of protecting the information network security and cannot be closed at will, only the information between the devices which close the firewall between the two networks is clearly combed, and the firewall between the devices can be determined to be closed after the information is clearly analyzed according to the combing result.
Based on the system architecture of a port combing method provided by the present solution given in fig. 1, a port combing method is provided below, and an interaction flow chart of the method is shown in fig. 2. The method may comprise the steps of:
step 201, a first device collects port information of the first device and port information of one or more devices establishing communication connection with the first device.
Step 202, the first device sends port information of the first device and port information of one or more devices establishing communication connection with the first device to a server.
In a specific embodiment, the first device is provided with a port information acquisition component, and the acquisition of the device port information is mainly completed through the acquisition component. Specifically, the first device operation acquisition component may acquire port information of a device that establishes a communication connection with the first device and port information of the first device itself. And the first equipment sends the collected port information of the first equipment and the port information of the equipment establishing communication connection with the first equipment to the server.
The first device may be any one of n devices, i.e., the device 1-1 to the device 1-n in the first network in fig. 1, the server may be a server in the first network in fig. 1, and the device that establishes a communication connection with the first device may be a device that establishes a communication connection with the first device in the second network in fig. 1. The collection component can be a port information collection component obtained by custom programming. Specifically, the collection component may be a port information collection function, and the first device may collect corresponding port information by executing the function.
For ease of understanding, referring to fig. 1, it is assumed that the device 1-1 is equipped with the above-mentioned acquisition component, and the acquisition component is operated to acquire the port information of the devices 2-1, 2-2, and 2-3 that establish communication connection with the device 1-1 and the port information of the device 1-1 itself.
Step 203, the server receives the port information of the first device and the port information of one or more devices establishing communication connection with the first device.
Step 204, the server stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in an analysis component in an associated manner.
In a specific embodiment, the server is installed with a port information analysis component, and the analysis component can be used for storing, querying and analyzing the port information of the device. After receiving port information of a first device and port information of one or more devices establishing communication connection with the first device, which are sent by the first device, a server stores the port information of the first device and the port information of the one or more devices establishing communication connection with the first device in an analysis component in an associated manner, so that the port information can be inquired and analyzed when needed.
Specifically, the analysis component may be an elastic search component, and the elastic search is a distributed extensible real-time search and analysis engine, which not only includes a full-text search function, but also performs the following operations: distributed real-time file storage, and indexing each field so that it can be searched; a distributed search engine for real-time analysis; it can be extended to hundreds of servers, handling large amounts of structured or unstructured data.
In one possible implementation, the server stores, in an analysis component, port information of the first device and port information of one or more devices that establish a communication connection with the first device in association, where the port information includes: the server matches the port information of the first device with a first preset field in an associated mode, matches the port information of the one or more devices with a second preset field in an associated mode, the first preset field and the second preset field are correspondingly correlated, and the first preset field and the second preset field are fields of preset search keywords; and the server stores the port information of the first equipment after being associated and matched with the first preset field and the port information of the one or more equipment after being associated and matched with the second preset field in an analysis component.
Specifically, the server sets fields of search keywords in the analysis component in advance, each field is associated with a certain type of data information, the first preset field may be a field that may be associated with port information of the first device correspondingly, for example, the first preset field may be "port information of a device in a first network", the second preset field may be port information of one or more devices that may be associated with a communication connection established with the first device in a second network correspondingly, for example, the second preset field may be "port information of a device in the second network". For example, if the first preset field is associated with port information of the first device, the second preset field is associated with port information of one or more devices in a second network, which establish communication connection with the first device.
TABLE 1
Figure 316945DEST_PATH_IMAGE001
For ease of understanding, the following is exemplified. Referring to table 1, table 1 is a part of an example of port information corresponding to and associated with the first preset field and the second preset field in the analysis component. As can be seen in table 1, the port numbers of the devices in the first network are correspondingly categorized in the column corresponding to the first preset field, and the port numbers of the devices in the second network are correspondingly categorized in the column corresponding to the second preset field, and the devices in the first network and the devices in the second network establishing communication connection with the devices are correspondingly associated, for example, because the devices of the first network having port information of 192.168.1.2/1234 establish communication connection with the devices of the second network having port information of 192.168.1.3/3306, 192.168.1.5/3307 and 192.168.1.7/3308, respectively, the devices of the first network having port information of 192.168.1.2/1234 are correspondingly associated with the devices of the second network having port information of 192.168.1.3/3306, 192.168.1.5/3307 and 192.168.1.7/3308, respectively, in table 1. That is, several port information "192.168.1.3/3306, 192.168.1.5/3307, and 192.168.1.7/3308" can be queried by searching "192.168.1.2/1234" in the first preset field.
According to the method and the device, the port information is matched with the preset fields in an associated mode, the port information can be checked and inquired through the preset fields, the inquiring efficiency can be improved, and the combing efficiency of the port information is further improved.
Step 205, the server obtains a query instruction of the device port information associated with the port information of the first device.
And step 206, the server outputs the port information of the one or more devices which is inquired according to the inquiry instruction and is stored in association with the port information of the first device.
In a specific embodiment, after the server stores the port information of the device in the first network and the port information of the device in the second network, which establishes a communication connection corresponding to the device, in the analysis component, the server may query and output the relevant port information through the analysis component.
For ease of understanding, see, for example, fig. 1 and table 2. Assume that the port information of device 1-1 in fig. 1 is 192.168.1.2/1234, and the port information of device 2-1, device 2-2 and device 2-3 is 192.168.1.3/3306, 192.168.1.5/3307 and 192.168.1.7/3308, respectively.
The server may obtain a query keyword in a query box of the analysis component, for example, port information "192.168.1.2/1234" of the device 1-1, according to the search keyword, the server matches corresponding port information in the database, may query for content in table 2, for example, and output and display the content in table 2.
TABLE 2
Figure 525204DEST_PATH_IMAGE002
The device corresponding to the port information of the device in the first network in table 2 is device 1-1, and the devices corresponding to the port information of the device in the second network in table 2 are device 2-1, device 2-2, and device 2-3, respectively; that is, it is possible to close the firewall, that is, to say, that device 2-1, device 2-2, and device 2-3 in the second network have established communication with device 1-1 in the first network.
In one possible implementation manner, after the server outputs the port information of the one or more devices, which is queried according to the query instruction and stored in association with the port information of the first device, the method further includes: the server acquires a firewall closing instruction, wherein the firewall closing instruction carries port information of second equipment and port information of the one or more equipment and is used for closing a firewall between the second equipment and the one or more equipment; the second device is a device in the first network; and the server remotely controls the second equipment to close the firewall between the second equipment and the one or more equipment according to the firewall closing instruction.
In a specific embodiment, after querying the port information of the first device and the port information of the one or more devices establishing communication connection therewith, after receiving a firewall turn-off instruction for turning off a firewall between the second device and the one or more devices, the server may log in and operate the second device through an sshpass command and an ssh command, and specifically, the server logs in the second device through the two commands of the sshpass command and the ssh command, transmits the port information of the second device and the port information of the one or more devices to the second device through the sshpass command, the scp command and the ssh command, and then remotely controls the second device to turn off the firewall between the second device and the one or more devices according to the port information of the second device and the port information of the one or more devices. The sshpass command, the scp command and the ssh command are common commands for remote control.
For ease of understanding, the following are illustrated:
assuming that the device 1-3 in fig. 1 is the second device and the devices 2-1, 2-2 and 2-3 in fig. 1 are the one or more devices, since the device 1-1 in fig. 1 can establish communication with the device 2-1, 2-2 and 2-3, i.e. it indicates that there is no security risk in closing the firewall between the device in the first network and the device 2-1, 2-2 and 2-3. Thus, firewalls between device 1-3 and device 2-1, device 2-2, and device 2-3, respectively, may be closed, establishing a communication connection between device 1-3 and devices 2-1, 2-2, and 2-3, respectively. Under the above situation, after the server receives an instruction to close the firewalls between the device 1-3 and the device 2-1, the device 2-2 and the device 2-3, respectively, the server can log in remotely through the sshpas command, the scp command and the ssh command and control the device 1-3 to complete the operation of closing the firewalls between the device and the device 2-1, the device 2-2 and the device 2-3, respectively.
The method and the device for combing the port information between the devices with the closed firewall have the advantages that the port information between the devices with the closed firewall is combed, the complexity of manual combing is avoided, meanwhile, the error rate of combing is reduced, the combing efficiency is improved, and the labor cost is saved.
To sum up, the device in the embodiment of the application collects the port information of the device which is in communication connection with the device, and then sends the collected port information to the server so as to be used for inquiry and analysis, so that the port information between the devices which close the firewall can be combed out, the complexity of manual combing is avoided, meanwhile, the error rate of combing is reduced, the combing efficiency is improved, and the labor cost is saved.
In one possible implementation, the acquiring, by the first device, port information of the first device and port information of one or more devices that establish a communication connection with the first device includes: the first equipment circularly acquires port information of equipment which establishes communication connection with the first equipment within preset time.
In a specific embodiment, within a preset time period, the first device may cyclically acquire, through the acquisition component, port information of devices that establish communication connection with the first device multiple times to ensure that port information of some devices is not missed. The port information of the acquisition device of the operation acquisition component can be acquired only when the communication connection is established between the two devices, but the communication connection between the two devices which can communicate with each other does not exist all the time, and the communication connection is established only when the communication is needed, so that the first device needs to operate the operation collection component to continuously and circularly acquire the port information so as to ensure the integrity of the acquired port information.
In one possible implementation manner, after the first device collects port information of the first device and port information of one or more devices that establish a communication connection with the first device, before the first device sends the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device to a server, the method further includes: the first device performs deduplication processing on port information of the first device and port information of one or more devices establishing communication connection with the first device.
Specifically, after the first device acquires the port information through the acquisition component, the repeatedly acquired port information may be subjected to deduplication processing.
For convenience of understanding, referring to fig. 1, it is assumed that the device 1-1 is equipped with the above-mentioned collection component, the collection component collects port information of the device 1-1 and the device 2-1 twice, and if the collected port information is stored in a list, there are port information of the two devices 1-1 and the two devices 2-1 in the list, the collection component will remove duplicate information and keep only one, for example, the collected partial port information shown in table 3, and assuming that the device in the first network device port information in table 3 is the device 1-1 in fig. 1, and the device in the second network device port information in table 3 is the device 2-1, the device 2-2, and the device 2-3, respectively, wherein the port information collected in number 1 is the same as the port information collected in number 4, the collection component will remove information in one of numbers 1 and 4, and only keep the port information in one number.
TABLE 3
Number of Port information of devices in a first network Port information of a device in a second network
1 192.168.1.2/1234 192.168.1.3/3306
2 192.168.1.2/1234 192.168.1.5/3307
3 192.168.1.2/1234 192.168.1.7/3308
4 192.168.1.2/1234 192.168.1.3/3306
In the embodiment of the application, before the collected port information is sent to the server, the collected port information is subjected to duplicate removal processing, redundant information is removed, the situation that the server needs to store redundant information after the collected port information is sent to the server is avoided, and the storage space of the server is saved.
In one possible implementation manner, after the first device collects port information of the first device and port information of one or more devices that establish a communication connection with the first device, before the first device sends the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device to a server, the method further includes: the first device stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in a cache component, and the cache component is a storage component for storing the port information of the first device and the port information of the one or more devices establishing communication connection with the first device in a message queue mode.
In a specific implementation manner, after the first device acquires the port information through the acquisition component, the first device may first send the port information to a cache component, where the cache component may temporarily store the port information acquired by the acquisition component in a message queue, and then queue and send the port information to the analysis component in the server in the message queue for storage so as to query and analyze the port information as needed.
Specifically, the cache component may be a kafka component, and the kafka component may temporarily store the port information acquired by the acquisition component, store the port information in a message queue, and then send the port information to the server according to the sequence of the queue. For example, referring to table 3, it is assumed that the port information in table 3 is collected in the order from number 1, number 2, number 3 to number 4, and therefore, the collected port information may be stored in the kafka component in the order of the numbers, and then the port information of number 1 may be sent to the server, and then the port information of number 2, number 3, and number 4 may be sent to the server in the order.
Because the acquired port information has huge data volume, the pressure of the acquisition component for storing the port information can be relieved through the embodiment, and meanwhile, a buffer time can be given to the analysis component in the server, so that the pressure of the analysis component in the server for receiving and storing a large amount of port information is relieved.
In one possible implementation manner, after the server receives port information of the first device and port information of one or more devices that establish a communication connection with the first device, which are sent by the first device, and before the server stores the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device in the analysis component, the method further includes: and the server performs deduplication processing on the port information of the first device and the port information of one or more devices establishing communication connection with the first device.
In a specific embodiment, after receiving the port information of the first device and the port information of one or more devices establishing communication connection with the first device, the server may perform, by using the analysis component, deduplication processing on the received port information, and then store the deduplicated port information in the analysis component. The detailed operation of deduplication can refer to the detailed implementation description of deduplication in table 3, and is not described herein again.
In the embodiment of the application, before the server stores the receiving port information into the analysis component, the server firstly carries out duplicate removal processing on the port information, removes redundant information, avoids the need of storing redundant information, and saves the storage space of the server.
It should be noted that, if the port information is deduplicated in the server, the first device may not perform deduplication processing after acquiring the port information, and may send the acquired original port information to the server. Therefore, the processing load of the first equipment can be reduced, and the data acquisition efficiency can be improved.
Fig. 3 is a schematic structural diagram of an apparatus 300, wherein the apparatus 300 comprises: an acquisition unit 301 and a transmission unit 302, wherein:
an acquisition unit 301, configured to acquire port information of the device 300 and port information of one or more devices that establish communication connection with the device 300; wherein the device 300 is a device in a first network, the one or more devices are devices in a second network, and a firewall between any one device in the first network and any one device in the second network is in an open state except that the firewall between the device 300 and the one or more devices is in a closed state;
a sending unit 302, configured to send, to a server, port information of the device 300 and port information of one or more devices that establish a communication connection with the device 300, where the port information of the device 300 and the port information of the one or more devices are stored in an analysis component of the server in an associated manner, and the analysis component is configured to query and analyze the port information.
In one possible implementation manner, the device 300 further includes a deduplication unit, configured to perform deduplication processing on the port information of the device 300 and the port information of the one or more devices that establish the communication connection with the device 300 before the acquisition unit 301 acquires the port information of the device 300 and the port information of the one or more devices that establish the communication connection with the device 300 and the sending unit 302 sends the port information of the device 300 and the port information of the one or more devices that establish the communication connection with the device 300 to the server.
In one possible implementation manner, the device 300 further includes a storage unit, configured to store the port information of the device 300 and the port information of the one or more devices that establish a communication connection with the device 300 in a cache component, where the cache component is a storage component that stores the port information of the device 300 and the port information of the one or more devices that establish a communication connection with the device 300 in the form of a message queue, before the acquisition unit 301 acquires the port information of the device 300 and the port information of the one or more devices that establish a communication connection with the device 300 and the sending unit 302 sends the port information of the device 300 and the port information of the one or more devices that establish a communication connection with the device 300 to a server.
In one possible implementation, the acquiring unit 301 acquires port information of the device 300 and port information of one or more devices that establish communication connection with the device 300, specifically:
and circularly collecting port information of the equipment which establishes communication connection with the equipment 300 in preset time.
The specific implementation and beneficial effects of each unit in the apparatus 300 shown in fig. 3 may correspond to the corresponding descriptions in the method embodiment shown in fig. 2, and are not described herein again.
Referring to fig. 4, fig. 4 is a block diagram illustrating a port information combing server 400 according to an embodiment of the present disclosure, where the port information combing server 400 may be the server illustrated in fig. 1; the server 400 includes: a receiving unit 401, a storage unit 402, an acquisition unit 403, and an output unit 404, wherein:
a receiving unit 401, configured to receive port information of a first device and port information of one or more devices that establish a communication connection with the first device, where the port information of the first device is sent by the first device; the first device is a device in a first network, the one or more devices are devices in a second network, and except that a firewall between the first device and the one or more devices is in a closed state, a firewall between any one device in the first network and any one device in the second network is in an open state;
a storage unit 402, configured to store, in an analysis component, port information of the first device and port information of one or more devices that establish a communication connection with the first device in an associated manner, where the analysis component is configured to query and analyze the port information;
an obtaining unit 403, configured to obtain an inquiry instruction of device port information associated with the port information of the first device;
an output unit 404, configured to output the port information of the one or more devices, which is queried according to the query instruction and stored in association with the port information of the first device.
In one possible implementation manner, the server 400 further includes a deduplication unit, configured to perform deduplication processing on the port information of the first device and the port information of the one or more devices that establish the communication connection with the first device before the storage unit 402 stores the port information of the first device and the port information of the one or more devices that establish the communication connection with the first device in association in the analysis component after the receiving unit 401 receives the port information of the first device and the port information of the one or more devices that establish the communication connection with the first device, where the port information of the first device and the port information of the one or more devices that establish the communication connection with the first device are sent by the first device.
In one possible implementation manner, the storage unit 402 stores, in the analysis component, port information of the first device and port information of one or more devices that establish a communication connection with the first device in an associated manner, specifically: the port information of the first device is associated and matched with a first preset field, the port information of the one or more devices is associated and matched with a second preset field, the first preset field and the second preset field are correspondingly associated, and the first preset field and the second preset field are fields of preset search keywords;
and storing the port information of the first equipment after being associated and matched with the first preset field and the port information of the one or more equipment after being associated and matched with the second preset field in an analysis component.
In one possible implementation manner, the server 400 further includes a remote control unit, and the output unit 404 is configured to, after outputting the port information of the one or more devices stored in association with the port information of the first device, which is queried according to the query instruction,
an obtaining unit 403, further configured to obtain a firewall closing instruction, where the firewall closing instruction carries port information of a second device and port information of the one or more devices, and is used to close a firewall between the second device and the one or more devices; the second device is a device in the first network;
the remote control unit is used for remotely controlling the second equipment to close the firewall between the second equipment and the one or more equipment according to the firewall closing instruction.
The specific implementation and beneficial effects of each unit in the server 400 shown in fig. 4 may correspond to the corresponding descriptions in the method embodiment shown in fig. 2, and are not described herein again.
Referring to fig. 5, fig. 5 is a device 500 according to an embodiment of the present application, where the device 500 may be the first device described in fig. 1 and fig. 2, the device 500 includes a processor 501, a memory 502, and a communication interface 503, and the processor 501, the memory 502, and the communication interface 503 are connected to each other through a bus 504.
The memory 502 includes, but is not limited to, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM), or a portable read-only memory (CD-ROM), and the memory 502 is used for storing related instructions and data. The communication interface 503 is used to receive and transmit data.
The processor 501 may be one or more Central Processing Units (CPUs), and in the case that the processor 501 is one CPU, the CPU may be a single-core CPU or a multi-core CPU.
The processor 501 in the device 500 is configured to read the program code stored in the memory 502 and perform the following operations:
acquiring port information of the equipment 500 and port information of one or more pieces of equipment which establish communication connection with the equipment 500; wherein the device 500 is a device in a first network, the one or more devices are devices in a second network, and a firewall between any one device in the first network and any one device in the second network is in an open state except that the firewall between the device 500 and the one or more devices is in a closed state;
and sending the port information of the device 500 and the port information of one or more devices establishing communication connection with the device 500 to a server, wherein the port information of the device 500 and the port information of the one or more devices are stored in an analysis component of the server in an associated manner, and the analysis component is used for inquiring and analyzing the port information.
In one possible implementation, after the processor 501 collects port information of the device 500 and port information of one or more devices that establish a communication connection with the device 500, before the processor 501 sends the port information of the device 500 and the port information of the one or more devices that establish a communication connection with the device 500 to the server through the communication interface 503, the method further includes:
the port information of the device 500 and the port information of one or more devices that establish a communication connection with the device 500 are deduplicated.
In one possible implementation, after the processor 501 collects port information of the device 500 and port information of one or more devices that establish a communication connection with the device 500, before the processor 501 sends the port information of the device 500 and the port information of the one or more devices that establish a communication connection with the device 500 to the server through the communication interface 503, the method further includes:
the port information of the device 500 and the port information of the one or more devices establishing communication connection with the device 500 are stored in a buffer component, which is a storage component that stores the port information of the device 500 and the port information of the one or more devices establishing communication connection with the device 500 in the form of message queues.
In one possible implementation, the acquiring, by the processor 501, port information of the device 500 and port information of one or more devices that establish a communication connection with the device 500 includes:
port information of the device which establishes communication connection with the device 500 is collected cyclically within a preset time.
It should be noted that implementation of each operation of the apparatus 500 in fig. 5 may also correspond to corresponding description of the method embodiment shown in fig. 2, and is not described herein again.
Referring to fig. 6, fig. 6 is a server 600 according to an embodiment of the present application, where the server 600 may be the server described in fig. 1 and fig. 2, the server 600 includes a processor 601, a memory 602, and a communication interface 603, and the processor 601, the memory 602, and the communication interface 603 are connected to each other through a bus 604.
The memory 602 includes, but is not limited to, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM), or a portable read-only memory (CD-ROM), and the memory 602 is used for storing related instructions and data. The communication interface 603 is used for receiving and transmitting data.
The processor 601 may be one or more Central Processing Units (CPUs), and in the case that the processor 601 is one CPU, the CPU may be a single-core CPU or a multi-core CPU.
The processor 601 in the server 600 is configured to read the program code stored in the memory 602, and perform the following operations:
receiving port information of a first device and port information of one or more devices establishing communication connection with the first device, which are sent by the first device, through a communication interface 603; the first device is a device in a first network, the one or more devices are devices in a second network, and except that a firewall between the first device and the one or more devices is in a closed state, a firewall between any one device in the first network and any one device in the second network is in an open state;
storing the port information of the first device and the port information of one or more devices establishing communication connection with the first device in an analysis component in an associated manner, wherein the analysis component is used for inquiring and analyzing the port information;
acquiring a query instruction of the device port information associated with the port information of the first device;
and outputting the port information of the one or more devices which is inquired according to the inquiry instruction and is stored in association with the port information of the first device.
In one possible implementation manner, after the processor 601 receives, through the communication interface 603, the port information of the first device and the port information of the one or more devices that establish a communication connection with the first device, sent by the first device, and before the processor 601 stores, in the analysis component, the port information of the first device and the port information association of the one or more devices that establish a communication connection with the first device, the method further includes: and carrying out deduplication processing on the port information of the first equipment and the port information of one or more pieces of equipment which establish communication connection with the first equipment.
In one possible implementation, the processor 601 stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in association in the analysis component, and includes: the port information of the first device is associated and matched with a first preset field, the port information of the one or more devices is associated and matched with a second preset field, the first preset field and the second preset field are correspondingly associated, and the first preset field and the second preset field are fields of preset search keywords;
and storing the port information of the first equipment after being associated and matched with the first preset field and the port information of the one or more equipment after being associated and matched with the second preset field in an analysis component.
In one possible implementation manner, after the processor 601 outputs the port information of the one or more devices stored in association with the port information of the first device, which is queried according to the query instruction, the method further includes:
obtaining a firewall closing instruction, wherein the firewall closing instruction carries port information of second equipment and port information of the one or more equipment and is used for closing a firewall between the second equipment and the one or more equipment; the second device is a device in the first network;
and remotely controlling the second equipment to close the firewall between the second equipment and the one or more equipment according to the firewall closing instruction.
It should be noted that, implementation of each operation of the server 600 in fig. 6 may also correspond to corresponding description of the method embodiment shown in fig. 2, and details are not described here again.
An embodiment of the present invention further provides a computer-readable storage medium, in which a computer program is stored, where the computer program includes program instructions, and when the program instructions are executed by a processor, the method flow shown in fig. 2 is implemented.
To sum up, the embodiment of the application realizes the combing of the port information between the devices with closed firewall, avoids the complexity of manual combing, reduces the error rate of combing, improves the combing efficiency and saves the labor cost.
One of ordinary skill in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by hardware related to instructions of a computer program, which may be stored in a computer-readable storage medium, and when executed, may include the processes of the above method embodiments.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; those of ordinary skill in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A port information combing method is characterized by comprising the following steps:
the method comprises the steps that a server receives port information of first equipment and port information of one or more devices which establish communication connection with the first equipment, wherein the port information of the first equipment is sent by the first equipment; wherein the first device is a device in a first network and the one or more devices are devices in a second network; a firewall between any one of the devices in the first network and any one of the devices in the second network is in an open state, except that the firewall between the first device and the one or more devices is in a closed state;
the server stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in an analysis component in an associated mode, and the analysis component is used for inquiring and analyzing the port information;
the server acquires a query instruction of the device port information associated with the port information of the first device;
and the server outputs the port information of the one or more devices which is inquired according to the inquiry instruction and is stored in association with the port information of the first device.
2. The method of claim 1, wherein after the server receives the port information of the first device and the port information of the one or more devices that establish the communication connection with the first device, the server stores the port information of the first device and the port information of the one or more devices that establish the communication connection with the first device in association in an analysis component, and further comprising:
and the server performs deduplication processing on the port information of the first device and the port information of one or more devices establishing communication connection with the first device.
3. The method of claim 1 or 2, wherein the server stores port information of the first device and port information of one or more devices establishing communication connection with the first device in association in an analysis component, and comprises:
the server matches the port information of the first device with a first preset field in an associated mode, matches the port information of the one or more devices with a second preset field in an associated mode, the first preset field and the second preset field are correspondingly correlated, and the first preset field and the second preset field are fields of preset search keywords;
and the server stores the port information of the first equipment after being associated and matched with the first preset field and the port information of the one or more equipment after being associated and matched with the second preset field in an analysis component.
4. The method according to claim 3, wherein after the server outputs the port information of the one or more devices stored in association with the port information of the first device, which is queried according to the query instruction, the method further comprises:
the server acquires a firewall closing instruction, wherein the firewall closing instruction carries port information of second equipment and port information of the one or more equipment and is used for closing a firewall between the second equipment and the one or more equipment; the second device is a device in the first network;
and the server remotely controls the second equipment to close the firewall between the second equipment and the one or more equipment according to the firewall closing instruction.
5. A port information combing method is characterized by comprising the following steps:
the method comprises the steps that a first device collects port information of the first device and port information of one or more devices which establish communication connection with the first device; wherein the first device is a device in a first network and the one or more devices are devices in a second network; a firewall between any one of the devices in the first network and any one of the devices in the second network is in an open state, except that the firewall between the first device and the one or more devices is in a closed state;
the first device sends port information of the first device and port information of one or more devices establishing communication connection with the first device to a server, the port information of the first device and the port information of the one or more devices are stored in an analysis component of the server in an associated mode, and the analysis component is used for inquiring and analyzing the port information.
6. The method of claim 5, wherein after the first device collects port information of the first device and port information of one or more devices that establish communication connections with the first device, before the first device sends the port information of the first device and the port information of the one or more devices that establish communication connections with the first device to a server, the method further comprises:
the first device performs deduplication processing on the port information of the first device and the port information of one or more devices establishing communication connection with the first device.
7. The method of claim 5, wherein after the first device collects port information of the first device and port information of one or more devices that establish communication connections with the first device, before the first device sends the port information of the first device and the port information of the one or more devices that establish communication connections with the first device to a server, the method further comprises:
the first device stores the port information of the first device and the port information of one or more devices establishing communication connection with the first device in a cache component, and the cache component is a storage component for storing the port information of the first device and the port information of one or more devices establishing communication connection with the first device in a message queue mode.
8. The method according to any one of claims 5 to 7, wherein the acquiring, by the first device, port information of the first device and port information of one or more devices that establish communication connection with the first device comprises:
the first equipment circularly collects port information of equipment which establishes communication connection with the first equipment within preset time.
9. A port information grooming device characterized by comprising means for carrying out the method according to any one of claims 5 to 8.
10. A port information grooming server characterized in that it comprises means for carrying out the method according to any one of claims 1 to 4.
CN201910961589.4A 2019-10-10 2019-10-10 Port information combing method, device and server Active CN110798340B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910961589.4A CN110798340B (en) 2019-10-10 2019-10-10 Port information combing method, device and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910961589.4A CN110798340B (en) 2019-10-10 2019-10-10 Port information combing method, device and server

Publications (2)

Publication Number Publication Date
CN110798340A CN110798340A (en) 2020-02-14
CN110798340B true CN110798340B (en) 2022-11-25

Family

ID=69439125

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910961589.4A Active CN110798340B (en) 2019-10-10 2019-10-10 Port information combing method, device and server

Country Status (1)

Country Link
CN (1) CN110798340B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753426A (en) * 2008-12-03 2010-06-23 北京天融信网络安全技术有限公司 Firewall multi-outlet intelligent route selection method
CN205407853U (en) * 2016-03-07 2016-07-27 国家电网公司 Double -link data transmission system
CN107819874A (en) * 2017-11-27 2018-03-20 南京城市职业学院 A kind of method of remote control fire wall terminal
CN108494771A (en) * 2018-03-23 2018-09-04 平安科技(深圳)有限公司 Electronic device, fire wall open verification method and storage medium
CN109639630A (en) * 2018-10-30 2019-04-16 国网陕西省电力公司信息通信公司 A kind of terminal prot managing and control system and management-control method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070255861A1 (en) * 2006-04-27 2007-11-01 Kain Michael T System and method for providing dynamic network firewall with default deny

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753426A (en) * 2008-12-03 2010-06-23 北京天融信网络安全技术有限公司 Firewall multi-outlet intelligent route selection method
CN205407853U (en) * 2016-03-07 2016-07-27 国家电网公司 Double -link data transmission system
CN107819874A (en) * 2017-11-27 2018-03-20 南京城市职业学院 A kind of method of remote control fire wall terminal
CN108494771A (en) * 2018-03-23 2018-09-04 平安科技(深圳)有限公司 Electronic device, fire wall open verification method and storage medium
CN109639630A (en) * 2018-10-30 2019-04-16 国网陕西省电力公司信息通信公司 A kind of terminal prot managing and control system and management-control method

Also Published As

Publication number Publication date
CN110798340A (en) 2020-02-14

Similar Documents

Publication Publication Date Title
CN106657213B (en) File transmission method and device
EP4099170B1 (en) Method and apparatus of auditing log, electronic device, and medium
CN107391770B (en) Method, device and equipment for processing data and storage medium
CN113360554B (en) Method and equipment for extracting, converting and loading ETL (extract transform load) data
US11132362B2 (en) Method and system of optimizing database system, electronic device and storage medium
KR102267441B1 (en) Method and system for archiving data using hybrid storage of data
CN109710767B (en) Multilingual big data service platform
CN104584524A (en) Aggregating data in a mediation system
WO2020237878A1 (en) Data deduplication method and apparatus, computer device, and storage medium
CN111475705A (en) SQ L query-based network service monitoring method, device, equipment and storage medium
CN111740868A (en) Alarm data processing method and device and storage medium
CN110618999A (en) Data query method and device, computer storage medium and electronic equipment
JP2016521402A (en) Data organization and high-speed search
CN113282611A (en) Method and device for synchronizing stream data, computer equipment and storage medium
CN112732647A (en) Log searching method, device, equipment and storage medium
CN110798340B (en) Port information combing method, device and server
CN112732663A (en) Log information processing method and device
CN113010542A (en) Service data processing method and device, computer equipment and storage medium
CN112612832A (en) Node analysis method, device, equipment and storage medium
CN112417050A (en) Data synchronization method and device, system, storage medium and electronic device
CN109117426A (en) Distributed networks database query method, apparatus, equipment and storage medium
CN111881086B (en) Big data storage method, query method, electronic device and storage medium
CN110798222B (en) Data compression method and device
CN111444223A (en) Double-cache method, device, equipment and storage medium based on asynchronous decorator
US11835989B1 (en) FPGA search in a cloud compute node

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant