CN110868428A - Computer network safety early warning device - Google Patents
Computer network safety early warning device Download PDFInfo
- Publication number
- CN110868428A CN110868428A CN201911240380.5A CN201911240380A CN110868428A CN 110868428 A CN110868428 A CN 110868428A CN 201911240380 A CN201911240380 A CN 201911240380A CN 110868428 A CN110868428 A CN 110868428A
- Authority
- CN
- China
- Prior art keywords
- module
- database
- data
- early warning
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 claims abstract description 31
- 238000012544 monitoring process Methods 0.000 claims abstract description 25
- 238000012545 processing Methods 0.000 claims abstract description 18
- 230000005540 biological transmission Effects 0.000 claims abstract description 14
- 238000012217 deletion Methods 0.000 claims abstract description 11
- 230000037430 deletion Effects 0.000 claims abstract description 11
- 230000015654 memory Effects 0.000 claims description 13
- 238000002402 nanowire electron scattering Methods 0.000 claims description 2
- 238000012360 testing method Methods 0.000 claims description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 abstract description 8
- 241000700605 Viruses Species 0.000 abstract description 5
- 238000011160 research Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Software Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to the technical field of computer network security, in particular to a computer network security early warning device, which comprises a central processing unit, a network port, a network early warning module, an access authority control module, a data transmission monitoring module, an automatic detection module, a deletion module and a database; the central processing unit is respectively connected with a network port, a network early warning module, an access authority control module, a data transmission monitoring module, a deleting module and a database; a network firewall is arranged between the network port and the central processing unit; the deleting module is connected with the database. By connecting the deletion module with the database, when the automatic detection module or the network early warning module detects that the Trojan virus illegally downloads the data in the database, the deletion module deletes all the data in the database, so that the Trojan is deleted together, and information in the database is prevented from being stolen maliciously.
Description
Technical Field
The invention relates to the technical field of computer network safety, in particular to a computer network safety early warning device.
Background
Computer networks are collections of computer systems that connect multiple computers together by communication lines for the purpose of transmitting information, and a computer network is composed of transmission media and communication devices. Network security is an important national strategy in China, and with the implementation of network security laws, colleges and universities must strengthen network security guarantee work.
With the rapid development of computer technology, information networks have become an important guarantee for social development. At present, in campus networks used in colleges and universities, many intellectual property research materials are sensitive information, even highly confidential intellectual property research materials, and once they are stolen and published by Trojan horse virus, the research materials are very loss to teachers who do the subject, and most of the research materials are likely to be invalidated. The campus network is used as a main carrier for generating files in colleges and universities, and a large number of papers and confidential files are published in the campus network, wherein the papers and the confidential files comprise intellectual property right research data with high confidentiality, so that the files are inevitably attracted to various artificial hacker attacks from all over the world.
Disclosure of Invention
The invention aims to provide a computer network safety early warning device to solve the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme:
the invention relates to a computer network safety early warning device which comprises a central processing unit, a network port, a network early warning module, an access authority control module, a data transmission monitoring module, an automatic detection module, a deletion module and a database, wherein the central processing unit is used for processing the data; the central processing unit is respectively connected with a network port, a network early warning module, an access authority control module, a data transmission monitoring module, a deleting module and a database; a network firewall is arranged between the network port and the central processing unit; the deleting module is connected with the database and is used for deleting the data in the database, and the database is connected with a data backup database; the data backup library is used for completely backing up data in the database, the data in the data backup library is copied into the database again after the deleting module deletes the information in the database, the data backup library is connected with the database only after the deleting module deletes the information in the database, and the data backup library is in a state of being disconnected and inaccessible during normal use.
Preferably, the content of the network early warning module includes a data packet detection module, a data splitting module and a data scanning module, and the data split by the data splitting module includes first-level early warning information, second-level early warning information and third-level early warning information.
Preferably, the data transmission monitoring module comprises an upload monitoring unit, a download monitoring unit and a flow monitoring unit.
Preferably, the network ports include an administrator login port, a user login port and a visitor login port.
Preferably, the content of the database comprises a no-access-right area, a primary access-right area, a secondary access-right area and a tertiary access-right area.
Preferably, the data backup library is composed of a plurality of memories, the number of the memories is at least two, all data in the database are stored in a single memory, and the memories are backed up with each other.
Preferably, the automatic detection module includes a NESS detection module, a Strobe detection module, a SATAN detection module and an ISS detection module, and the detection content of the automatic detection module includes configuration file detection, protection mechanism detection and difference test.
Compared with the prior art, the invention has the beneficial effects that: the invention relates to a computer network safety early warning device,
1. through the cooperation of the automatic detection module, the network firewall, the network early warning module and the data transmission monitoring module, the computer network safety is effectively monitored from multiple layers, and the possibility of hacker attack is effectively reduced;
2. by dividing the content in the database into an access right-free area, a primary access right area, a secondary access right area and a tertiary access right area, people with different access rights can only see the content in the access rights, so that the confidential information of schools can be effectively protected from being leaked;
3. by connecting the deletion module with the database, when the automatic detection module or the network early warning module detects that the Trojan virus illegally downloads the data in the database, the deletion module deletes all the data in the database, so that the Trojan is deleted together, and the information in the database is prevented from being maliciously stolen;
4. the risk file is split into first-level early warning information, second-level early warning information and third-level early warning information through the data splitting unit according to a grade protection system of a college network, and the first-level early warning information, the second-level early warning information and the third-level early warning information are sent to managers of corresponding grades to be processed, and safety early warning of permission division and grading directivity is achieved.
Drawings
Fig. 1 is a system frame of a computer network security early warning device according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
Referring to fig. 1, the present invention provides a technical solution:
the invention relates to a computer network safety early warning device which comprises a central processing unit, a network port, a network early warning module, an access authority control module, a data transmission monitoring module, an automatic detection module, a deletion module and a database, wherein the central processing unit is used for processing the data; the central processing unit is respectively connected with a network port, a network early warning module, an access authority control module, a data transmission monitoring module, a deleting module and a database; a network firewall is arranged between the network port and the central processing unit, and the network port is used for reading the state of the computer, reading the storage content of a computer hard disk, reading the IP address, the user name, the password and the network access authority of the computer; the access authority control module is used for modifying the network access authority; the deleting module is connected with the database and is used for deleting the data in the database, and the database is connected with a data backup database; the data backup library is used for completely backing up data in the database, the data in the data backup library is copied into the database again after the deleting module deletes the information in the database, the data backup library is connected with the database only after the deleting module deletes the information in the database, and the data backup library is in a state of being disconnected and inaccessible during normal use.
As an embodiment of the present invention, the content of the network early warning module includes a data packet detection unit, a data splitting unit, and a data scanning unit, where data split by the data splitting unit includes first-level early warning information, second-level early warning information, and third-level early warning information, the data packet detection unit is configured to detect a trojan virus in a data packet, the data scanning unit is configured to scan the data and detect a risk file, and the risk file is split into the first-level early warning information, the second-level early warning information, and the third-level early warning information by the data splitting unit according to a level protection system of a college network, and is sent to a manager of a corresponding level for processing.
As an embodiment of the present invention, the data transmission monitoring module includes an upload monitoring unit, a download monitoring unit, and a traffic monitoring unit, and the upload monitoring unit, the download monitoring unit, and the traffic monitoring unit are respectively configured to monitor and record files uploaded by a user, downloaded data, and used data traffic.
As an implementation manner of the present invention, the network port includes an administrator login port, a user login port, and a visitor login port, the administrator login port is used for the administrator to log in, the administrator can operate the access right control module after logging in, and grant corresponding right to the user logged in from the user login port, and the visitor login port is used for the general public outside the school to log in.
As an implementation mode of the invention, the content of the database comprises a no-access-right area, a primary-level access-right area, a secondary-level access-right area and a tertiary-level access-right area, the content in the database is divided into the no-access-right area, the primary-level access-right area, the secondary-level access-right area and the tertiary-level access-right area, and people with different access rights can only see the content in the access rights, so that the confidential data of schools can be effectively protected from being leaked; the non-access-right area is not provided with a right and is used for storing the information disclosed to the society, and a person who logs in from the visitor login port can only access the non-access-right area; the first-level access right area, the second-level access right area and the third-level access right area can be accessed only after login is performed through a user login port and corresponding right grant of an administrator is obtained.
As an embodiment of the present invention, the data backup library is composed of a plurality of memories, the number of the memories is at least two, all data in the database are stored in a single memory, and the memories are backed up with each other, so as to avoid the problem of data loss when one memory is damaged.
The working principle is as follows: when the device is used, the automatic detection module, the network firewall, the network early warning module and the data transmission monitoring module are matched, so that the computer network safety is effectively monitored from multiple layers, and the possibility of hacker attack is effectively reduced; by dividing the content in the database into an access right-free area, a primary access right area, a secondary access right area and a tertiary access right area, people with different access rights can only see the content in the access rights, so that the confidential information of schools can be effectively protected from being leaked; by connecting the deletion module with the database, when the automatic detection module or the network early warning module detects that the Trojan virus illegally downloads the data in the database, the deletion module deletes all the data in the database, so that the Trojan is deleted together, and the information in the database is prevented from being maliciously stolen; at the moment, the data backup library is connected with the database, data in the data backup library is copied into the database again, the data backup library is connected with the database only after the information in the database is deleted by the deletion module, the data backup library is in a state of being disconnected from a network and being inaccessible during normal use, so that the data backup library is prevented from being invaded by the network, the risk file is split into primary early warning information, secondary early warning information and tertiary early warning information by the data splitting unit according to the level protection system of a college network, and the primary early warning information, the secondary early warning information and the tertiary early warning information are sent to managers of corresponding levels for processing, so that the safety early warning with different authorities and different levels of directivity is realized.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. A computer network safety precaution device which characterized in that: the system comprises a central processing unit, a network port, a network early warning module, an access authority control module, a data transmission monitoring module, an automatic detection module, a deletion module and a database; the central processing unit is respectively connected with a network port, a network early warning module, an access authority control module, a data transmission monitoring module, a deleting module and a database; a network firewall is arranged between the network port and the central processing unit; the deleting module is connected with the database and is used for deleting the data in the database, and the database is connected with a data backup database; the data backup library is used for completely backing up data in the database, the data in the data backup library is copied into the database again after the deleting module deletes the information in the database, the data backup library is connected with the database only after the deleting module deletes the information in the database, and the data backup library is in a state of being disconnected and inaccessible during normal use.
2. The computer network security pre-warning device of claim 1, wherein: the content of the network early warning module comprises a data packet detection module, a data splitting module and a data scanning module, and the data split by the data splitting module comprises primary early warning information, secondary early warning information and tertiary early warning information.
3. The computer network security pre-warning device of claim 1, wherein: the data transmission monitoring module comprises an uploading monitoring unit, a downloading monitoring unit and a flow monitoring unit.
4. The computer network security pre-warning device of claim 1, wherein: the network ports comprise an administrator login port, a user login port and a visitor login port.
5. The computer network security pre-warning device of claim 1, wherein: the content of the database comprises a no access authority area, a primary access authority area, a secondary access authority area and a tertiary access authority area.
6. The computer network security pre-warning device of claim 1, wherein: the data backup library is composed of a plurality of memories, the number of the memories is at least two, all data in the database are stored in the single memory, and the memories are mutually backed up.
7. The computer network security pre-warning device of claim 1, wherein: the automatic detection module comprises an NESS detection module, a Strobe detection module, an SATAN detection module and an ISS detection module, and the detection content of the automatic detection module comprises configuration file detection, protection mechanism detection and difference test.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911240380.5A CN110868428A (en) | 2019-12-06 | 2019-12-06 | Computer network safety early warning device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911240380.5A CN110868428A (en) | 2019-12-06 | 2019-12-06 | Computer network safety early warning device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110868428A true CN110868428A (en) | 2020-03-06 |
Family
ID=69657944
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911240380.5A Pending CN110868428A (en) | 2019-12-06 | 2019-12-06 | Computer network safety early warning device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110868428A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040052569A (en) * | 2004-04-03 | 2004-06-23 | 주식회사 피앤피시큐어 | Method and system for monitoring and securing a database |
| CN101122924A (en) * | 2007-09-30 | 2008-02-13 | 华为技术有限公司 | Logic log generation method, database backup/ restoration method and system |
| CN106055424A (en) * | 2016-05-19 | 2016-10-26 | 青岛海信移动通信技术股份有限公司 | Method and device for exception handling of information database |
| WO2017024956A1 (en) * | 2015-08-10 | 2017-02-16 | 阿里巴巴集团控股有限公司 | Database access right processing method, device, and system |
| CN206164589U (en) * | 2016-11-15 | 2017-05-10 | 滁州市拓海信息科技有限公司 | Computer network safety monitoring device |
| CN109977661A (en) * | 2019-04-09 | 2019-07-05 | 福建奇点时空数字科技有限公司 | A kind of network safety protection method and system based on big data platform |
| CN211089674U (en) * | 2019-12-06 | 2020-07-24 | 吉林建筑大学 | Computer network safety early warning device |
-
2019
- 2019-12-06 CN CN201911240380.5A patent/CN110868428A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040052569A (en) * | 2004-04-03 | 2004-06-23 | 주식회사 피앤피시큐어 | Method and system for monitoring and securing a database |
| CN101122924A (en) * | 2007-09-30 | 2008-02-13 | 华为技术有限公司 | Logic log generation method, database backup/ restoration method and system |
| WO2017024956A1 (en) * | 2015-08-10 | 2017-02-16 | 阿里巴巴集团控股有限公司 | Database access right processing method, device, and system |
| CN106055424A (en) * | 2016-05-19 | 2016-10-26 | 青岛海信移动通信技术股份有限公司 | Method and device for exception handling of information database |
| CN206164589U (en) * | 2016-11-15 | 2017-05-10 | 滁州市拓海信息科技有限公司 | Computer network safety monitoring device |
| CN109977661A (en) * | 2019-04-09 | 2019-07-05 | 福建奇点时空数字科技有限公司 | A kind of network safety protection method and system based on big data platform |
| CN211089674U (en) * | 2019-12-06 | 2020-07-24 | 吉林建筑大学 | Computer network safety early warning device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10079835B1 (en) | Systems and methods for data loss prevention of unidentifiable and unsupported object types | |
| CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| US20170324777A1 (en) | Injecting supplemental data into data queries at network end-points | |
| US20210409446A1 (en) | Leveraging network security scanning to obtain enhanced information regarding an attack chain involving a decoy file | |
| Doshi et al. | A review paper on security concerns in cloud computing and proposed security models | |
| CN111404948A (en) | Security system and method based on computer network monitoring | |
| CN102184371B (en) | Detecting method and system for database operation authority of SQL (Structured Query Language) | |
| CN111914300A (en) | Document encryption device and method for preventing file leakage | |
| CN113411295A (en) | Role-based access control situation awareness defense method and system | |
| Chandramouli et al. | Security guidelines for storage infrastructure | |
| CN101694683A (en) | Method for preventing Trojans ferrying via movable memories to steal files | |
| CN211089674U (en) | Computer network safety early warning device | |
| US7565690B2 (en) | Intrusion detection | |
| CN101408919A (en) | Method and system for monitoring computer espionage behavior | |
| US11895155B2 (en) | Resilient self-detection of malicious exfiltration of sensitive data | |
| CN110868428A (en) | Computer network safety early warning device | |
| Kossakowski et al. | Responding to intrusions | |
| CN108134781B (en) | Important information data secrecy monitoring system | |
| CN102404161B (en) | Method and universal serial bus (USB) equipment for detecting secret leakage | |
| CN106685961A (en) | ATM (automatic teller machine) security defense system and ATM security defense method | |
| US20240106856A1 (en) | Real-Time Anomaly Detection and Rapid Mitigation in a Hybrid Cloud Environment | |
| CN118364521B (en) | Multi-user access data sharing platform based on network module | |
| Yang et al. | Analysis of Computer Network Security and Prevention Technology | |
| US8832842B1 (en) | Storage area network external security device | |
| KR20110070658A (en) | Auto recovery apparatus and method for flight data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |