CN110943978A - Security policy configuration method and device, electronic equipment and medium - Google Patents
Security policy configuration method and device, electronic equipment and medium Download PDFInfo
- Publication number
- CN110943978A CN110943978A CN201911110683.5A CN201911110683A CN110943978A CN 110943978 A CN110943978 A CN 110943978A CN 201911110683 A CN201911110683 A CN 201911110683A CN 110943978 A CN110943978 A CN 110943978A
- Authority
- CN
- China
- Prior art keywords
- security policy
- task
- side terminal
- user side
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a configuration method of a security policy, which relates to the technical field of communication and is used for solving the problem that a worker needs to manually configure the security policy on CPE; sending safety data to a big data analysis platform; receiving a security policy obtained by a big data analysis platform based on security data; judging whether the security policy meets the issuing condition; and sending the security policy meeting the issuing condition to the corresponding user side terminal. In the method, the user side terminal acquires and configures a corresponding security policy based on the server side and the big data platform, so that the pressure of workers is reduced, and the security performance of the user side terminal is improved. The invention also discloses a configuration device of the security policy, electronic equipment and a computer readable medium.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for configuring a security policy, an electronic device, and a medium.
Background
The composition of a terminal wide area network Management Protocol (CWMP) framework mainly comprises two parts: functions related to an ACS (Auto-Configuration Server) and functions related to a CPE (Customer Premises Equipment).
Under the effect of CWMP, the ACS can carry out remote centralized management on the CPE, namely, one ACS can manage a plurality of CPEs, the CPEs scattered everywhere are centrally managed through the ACS, the remote centralized management on the CPE is realized, and the method has the advantages of saving the maintenance cost and improving the problem solving efficiency.
However, the conventional ACS function mainly focuses on the aspects of service opening, function initialization, system detection, daily operation and maintenance of the CPE, so that the CPE lacks a function related to network security, and in actual operation, in order to improve the security performance of the CPE, a security policy is often manually configured on the CPE.
Disclosure of Invention
In order to overcome the defects of the prior art, an object of the present invention is to provide a method for configuring a security policy, in which a user side terminal obtains and configures a corresponding security policy based on a server and a big data platform, so as to reduce the pressure of a worker and improve the security performance of the user side terminal.
One of the purposes of the invention is realized by adopting the following technical scheme:
a method for configuring security policies, comprising the steps of: acquiring security data of a user side terminal;
sending the security data to a big data analysis platform;
receiving a security policy obtained by the big data analysis platform based on the security data;
judging whether the security policy meets issuing conditions or not;
and sending the security policy meeting the issuing condition to a corresponding user side terminal.
Further, the security policy meeting the issuing condition at least comprises a configuration task, and the configuration method further comprises the following steps: when the security policy meets the issuing condition, adding the configuration task to a task queue corresponding to the user side terminal based on the configuration sequence
Further, the method for sending the security policy meeting the issuing condition to the corresponding user side terminal comprises the following steps:
receiving an empty request sent by the user side terminal;
querying whether there are configuration tasks to be executed in the task queue,
if not, sending null response feedback to the user side terminal;
if yes, sending a first to-be-executed configuration task to a corresponding user side terminal, then receiving task feedback sent by the user side terminal after the configuration task is executed, updating the first to-be-executed task based on the task feedback, and then executing and inquiring whether the task is to-be-executed in the task queue.
Further, the task feedback includes execution success or execution failure,
when the task feedback indicates that the execution is successful, updating the corresponding task to be completed;
and when the task feedback is failure in execution, updating the failure times of the corresponding task, and when the failure times are greater than a preset time a, removing the corresponding task from the task queue.
Further, the method also comprises the following steps: and performing Digest authentication on a configuration request sent by the user side terminal, wherein the configuration request comprises security data, if the authentication is successful, the configuration request is received, and if the authentication is failed, the configuration request is rejected.
Further, the security data comprises ID, IP, flow quintuple data, blacklist IP strategy trigger records and blacklist URL strategy trigger records.
Further, the user side terminal and the server side interact based on TR069 protocol or RPC protocol.
The second objective of the present invention is to provide a security policy configuration device, in which a user side terminal obtains and configures a corresponding security policy based on a server and a big data platform, so as to reduce the pressure of workers and improve the security performance of the user side terminal.
The second purpose of the invention is realized by adopting the following technical scheme: an apparatus for configuring a security policy, comprising: a security data acquisition module: the method comprises the steps of obtaining security data of a user side terminal;
the safety data sending module: the safety data are used for sending the safety data to a big data analysis platform;
a security policy receiving module: the security policy receiving module is used for receiving a security policy obtained by the big data analysis platform based on the security data;
an issuing condition judgment module: the system is used for judging whether the security policy meets the issuing condition or not;
a security policy issuing module: and the safety strategy is used for sending the safety strategy which meets the issuing condition to the corresponding user side terminal.
It is a further object of the present invention to provide an electronic device for performing one of the above objects, comprising a processor, a storage medium, and a computer program, the computer program being stored in the storage medium, the computer program, when executed by the processor, implementing the above method for configuring a security policy.
It is a fourth object of the present invention to provide a computer-readable storage medium storing one of the objects of the invention, having a computer program stored thereon, which, when executed by a processor, implements the method of configuring a security policy described above.
Compared with the prior art, the invention has the beneficial effects that: the safety data of the user side terminal are forwarded to the big data platform through the server, the safety strategy of the big data platform is forwarded to the user side terminal through the server, and the user side terminal is enabled to self-configure the safety strategy to replace manual configuration, so that the pressure of workers is relieved, and the safety performance of the user side terminal is improved; before the security policy server side issues the security policy server side to the user side terminal, whether the security policy server side meets the issue condition is judged, so that unnecessary configuration of the user side terminal is reduced.
Drawings
FIG. 1 is a flow chart of a configuration method according to an embodiment;
FIG. 2 is a flowchart of step S40 in FIG. 1;
FIG. 3 is a flowchart of step S50 in FIG. 1;
FIG. 4 is a flowchart of steps S60, S70, and S80;
FIG. 5 is a block diagram showing a configuration apparatus according to a fourth embodiment;
fig. 6 is a block diagram of an electronic device according to the fifth embodiment.
In the figure: 1. a security data acquisition module; 2. a security data transmission module; 3. a security policy receiving module; 4. a sending condition judgment module; 5. a security policy issuing module; 6. an electronic device; 61. a processor; 62. a memory; 63. an input device; 64. and an output device.
Detailed Description
The present invention will now be described in more detail with reference to the accompanying drawings, in which the description of the invention is given by way of illustration and not of limitation. The various embodiments may be combined with each other to form other embodiments not shown in the following description.
Example one
The embodiment aims to provide a method for configuring a security policy, and aims to automatically configure the security policy for a user side terminal, so that the problem that a worker needs to manually configure the security policy for a CPE is solved, the pressure of the worker is reduced, and the security performance of the user side terminal is improved. Referring to fig. 1, the configuration method specifically includes the following steps.
Step S10, the server obtains the security data of the user side terminal. The security data may include, but is not limited to, ID, IP, traffic quintuple data, blacklist IP policy trigger records, blacklist URL policy trigger records.
It should be noted that the user-side terminal is a CPE (Customer Premises Equipment), the user-side terminal may be, but is not limited to, a government gateway, and the service end is an ACS (Auto-configuration server). One server can be connected with a plurality of user-side terminals.
The user side terminal and the server side may interact through, but are not limited to, a TR069 protocol or an RPC protocol, preferably, the TR069 protocol specifies that the CPE and the ACS communicate through an HTTP/HTTPs request, the request content is a SOAP object with a fixed format, and the request types include Inform, GetParameterValues, SetParameterValues, Reboot, Download, uplad, Factory Reset, AddObject, DeleteObject, and the like.
And step S20, the server side sends the security data to the big data analysis platform. Specifically, the server is in data connection with the big data platform, after the big data platform receives the security data, the security data can be subjected to targeted analysis, so that a corresponding security policy is obtained, and if the corresponding user side terminal is upgraded according to the security policy, the corresponding security defect can be made up and the overall protection capability can be improved.
And step S30, the server receives a security policy obtained by the big data analysis platform based on the security data. Specifically, since the security data includes an ID number, a security policy derived based on the security data is associated with the ID number. After receiving the security policy, the server can determine the corresponding user side terminal through the associated ID number.
And step S40, the server side judges whether the security policy meets the issuing condition. Specifically, the server side prestores a threat library, which may correspond to, but is not limited to, a corresponding user side terminal, and can obtain an issuing condition through the threat library and determine the security policy based on the issuing condition.
And step S50, the server side sends the security policy meeting the issued condition to the corresponding user side terminal. Specifically, when the security policy meets the issuing condition, the server executes corresponding issuing work; and when the security policy does not meet the issuing condition, the security policy can not be used.
It is worth noting that the security policy may include at least one configuration task. When the strategy is issued, the configuration task can be sent to the user side terminal once, and the user side terminal configures according to the configuration sequence; the configuration tasks may also be sequentially sent to the user side terminal according to the configuration sequence, that is, the first configuration task is issued first, and after the user side terminal completes the configuration tasks, the server side sends the next configuration task to the user side terminal.
In summary, in the configuration method, the security data of the user side terminal is forwarded to the big data platform through the server, and the security policy of the big data platform is forwarded to the user side terminal through the server, so that the user side terminal configures the security policy by itself to replace manual configuration, thereby reducing the pressure of workers and improving the security performance of the user side terminal; before the security policy server side issues the security policy server side to the user side terminal, whether the security policy server side meets the issue condition is judged, so that unnecessary configuration of the user side terminal is reduced.
Example two
The embodiment provides a method for configuring a security policy, which is an improvement on the basis of the first embodiment and aims to improve the interaction degree between a user-side terminal and a server in the process of configuring the security policy by the user-side terminal, so that the server can master the configuration condition of the security policy in time.
Specifically, referring to fig. 1 and fig. 2, in step S40 in which the server determines whether the security policy meets the delivery condition, if the security policy meets the delivery condition, step S401 is executed, where step S401 specifically is: and adding the configuration tasks into a task queue corresponding to the user side terminal based on the configuration sequence.
Through the above step S401, the sequencing of the configuration tasks is realized. It should be noted that the task queue is associated with the user side terminal by using the ID number as the identifier, so that the configuration task in the task queue can be sent to the corresponding user side terminal.
As a preferred technical solution, referring to fig. 1, 2 and 3, in step S50 of sending the security policy meeting the issue condition to the corresponding ue, the method specifically includes the following steps.
Step S501, the server receives an idle request sent by the ue. The null request may include, but is not limited to, an ID number.
Step S502, the server side inquires whether the task to be executed exists in the task queue, and if the task to be executed does not exist, the server side executes step S503; if the task is to be executed, the server executes step S504. It is worth noting that the tasks in the task queue include, but are not limited to, configuration tasks, and each task has a task state, which may be, but is not limited to, pending execution and completed.
Step S503, the server generates an empty response feedback corresponding to the empty request, and then sends the empty response feedback to the corresponding user side terminal.
Step S504 includes the following steps;
step S5041, the server sends the first task to be executed to the corresponding ue. And the user side terminal starts to execute corresponding operation after receiving the task, and sends task feedback to the server after executing the task.
Step S5042, the server receives the task feedback sent by the corresponding user side terminal, and updates the first task to be executed based on the task feedback. It should be noted that, after the user-side terminal sends the task feedback to the server, the server continues to perform step S502 and the subsequent operations.
The configuration tasks are classified into the task queue, and then the tasks are sequentially issued to the user side terminal according to the sequence in the task queue, so that the user side terminal is prevented from being interfered to execute the original tasks, and the user side terminal tasks and the original tasks are sequentially executed; the user side terminal sends the task feedback to the server side after executing the task, so that the server side can effectively master the condition of the user side terminal.
As a preferred technical solution, referring to fig. 1, 2 and 3, since the user side terminal has success or failure in executing the task, the task feedback in step S5042 includes success or failure in executing the task. Specifically, in step S5042, the first task to be executed is updated based on the task feedback, which includes the following steps:
the server side judges the task feedback condition; if the task feedback indicates that the execution is successful, the server updates the corresponding task to be completed, that is, the first task to be executed is updated to be completed, and then the server continues to execute step S502 and the subsequent operations. If the task feedback is execution failure, judging whether the failure frequency of the corresponding task is greater than a preset frequency a, if so, removing the corresponding task from the task queue, adding the task to the failure queue, giving an alarm to operation and maintenance personnel, and continuing to execute the step S502 and subsequent operations by the server; if not, updating the failure times of the corresponding task, and then continuing to execute the step S502 and the subsequent operation by the server.
EXAMPLE III
The embodiment provides a configuration method of a security policy, which is an improvement on the basis of the first embodiment and the second embodiment and aims to reduce the probability that a server is attacked by malicious attacks.
Specifically, referring to fig. 1 and 4, the configuration method further includes the following steps.
Step S60, carrying out Digest authentication on the configuration request sent by the user side terminal, and if the Digest authentication is successful, the server side executes step S70; if the Digest authentication fails, the server performs step S80. Notably, the configuration request includes secure data. When the terminal at the user side interacts with the server side through a TR069 protocol, the configuration request is an Inform request.
Step S70, the server receives the configuration request. The server is enabled to acquire corresponding security data through step S70, and performs step S10 after step S70 is completed. It should be noted that, when the ue interacts with the server through the TR069 protocol, the server should send an Inform response to the ue after performing step S40.
Step S80, refusing to receive the corresponding configuration request, judging whether the failure times of Digest authentication are larger than the preset times b, if so, sealing the corresponding user side terminal for a period of time to prevent malicious attack; if not, updating the failure times of Digest authentication, and letting the user side terminal re-initiate the request, performing Digest authentication again, and then performing step S60 and subsequent steps again.
Example four
The embodiment aims to provide the configuration of the security policy, and aims to automatically configure the security policy for the user side terminal, so that the problem that a worker needs to manually configure the security policy for the CPE is solved, the pressure of the worker is reduced, and the security performance of the user side terminal is improved.
Referring to fig. 5, the configuration device specifically includes a security data obtaining module 1, a security data sending module 2, a security policy receiving module 3, an issuing condition determining module 4, and a security policy issuing module 5.
Specifically, the security data obtaining module 1 is configured to obtain security data of a user side terminal; the safety data sending module 2 is used for sending safety data to the big data analysis platform; the security policy receiving module 3 is used for receiving a security policy obtained by the big data analysis platform based on the security data; the issuing condition judging module 4 is used for judging whether the security policy meets the issuing condition; the security policy issuing module 5 is configured to send the security policy meeting the issuing condition to the corresponding user side terminal.
Preferably, the security policy meeting the issue condition at least includes one configuration task, and the configuration device further includes a task adding module, and the task adding module is configured to: and when the security policy meets the issuing condition, adding the configuration tasks to the task queue corresponding to the user side terminal based on the configuration sequence.
Preferably, in the security policy issuing module 5, the sending the security policy meeting the issuing condition to the corresponding user side terminal includes the following steps: receiving an empty request sent by a user side terminal; inquiring whether a task to be executed is in the task queue, if not, sending an empty response feedback to the user side terminal, and the user side terminal responding to the empty response feedback and stopping sending a next empty request to the server side; if so, sending the first task to be executed to the corresponding user side terminal, then receiving task feedback sent by the user side terminal after the task is executed, updating the first task to be executed based on the task feedback, and then executing and inquiring whether the task to be executed is in the task queue.
Preferably, the task feedback includes success or failure of execution, and when the task feedback indicates success of execution, the corresponding task is updated to be completed; and when the task feedback is that the execution fails, updating the failure times of the corresponding task, and when the failure times are greater than the preset times a, removing the corresponding task from the task queue.
Preferably, the apparatus further includes a configuration request receiving module, configured to perform Digest authentication on a configuration request sent by the user side terminal, where the configuration request includes security data, and if the authentication is successful, the configuration request is received, and if the authentication is failed, the configuration request is rejected.
EXAMPLE five
The electronic device 6 may be a desktop computer, a notebook computer, a server (an entity server or a cloud server), and the like, and may even be a mobile phone or a tablet computer, and the like.
Fig. 6 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present invention, and as shown in fig. 5 and fig. 6, the electronic device 6 includes a processor 61, a memory 62, an input device 63, and an output device 64; the number of the processors 61 in the computer device may be one or more, and one processor 61 is taken as an example in fig. 6; the processor 61, the memory 62, the input device 63 and the output device 64 in the electronic apparatus 6 may be connected by a bus or other means, and the bus connection is exemplified in fig. 6.
The memory 62 is used as a computer-readable storage medium, and can be used for storing a software program, a computer-executable program, and modules, such as program instructions/modules corresponding to the security policy configuration method in the embodiment of the present invention, where the program instructions/modules are the security data acquiring module 1, the security data transmitting module 2, the security policy receiving module 3, the issuing condition determining module 4, and the security policy issuing module 5 in the security policy configuration apparatus. The processor 61 executes various functional applications and data processing of the electronic device 6 by running software programs, instructions/modules stored in the memory 62, that is, a configuration method of a security policy of any embodiment or combination of embodiments of the first to third embodiments.
The memory 62 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 62 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. The memory 62 may be further configured to include memory remotely located from the processor 61 and connectable to the electronic device 6 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
It is worth noting that the input device 63 may be used to receive security data, security policies. The output device 64 may include a document or display screen or like display device. Specifically, when the output device is a document, the corresponding information of each security policy can be recorded in the document according to a specific format, and data integration is realized while data storage is realized; when the output device is a display device such as a display screen, the corresponding information of the security policy is directly put on the display device so as to facilitate the real-time viewing of the user.
EXAMPLE six
An embodiment of the present invention further provides a computer-readable storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the above-mentioned method for configuring a security policy, where the method includes:
acquiring security data of a user side terminal;
sending safety data to a big data analysis platform;
receiving a security policy obtained by a big data analysis platform based on security data;
judging whether the security policy meets the issuing condition;
and sending the security policy meeting the issuing condition to the corresponding user side terminal.
Of course, the embodiments of the present invention provide a computer-readable storage medium whose computer-executable instructions are not limited to the above method operations.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solution of the present invention or portions thereof that contribute to the prior art may be embodied in the form of a software product, where the computer software product may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FlASH Memory (FlASH), a hard disk or an optical disk of a computer, and the like, and includes several instructions to enable an electronic device (which may be a mobile phone, a personal computer, a server, or a network device, and the like) to execute the method for configuring the security policy of any embodiment or combination of embodiments of the first to third embodiments of the present invention.
It should be noted that, in the embodiment of the configuration apparatus of the security policy, the included units and modules are merely divided according to the functional logic, but are not limited to the above division, as long as the corresponding functions can be implemented. In addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
The above embodiments are only preferred embodiments of the present invention, and the protection scope of the present invention is not limited thereby, and any insubstantial changes and substitutions made by those skilled in the art based on the present invention are within the protection scope of the present invention.
Claims (10)
1. A method for configuring a security policy, comprising the steps of:
acquiring security data of a user side terminal;
sending the security data to a big data analysis platform;
receiving a security policy obtained by the big data analysis platform based on the security data;
judging whether the security policy meets issuing conditions or not;
and sending the security policy meeting the issuing condition to a corresponding user side terminal.
2. The method for configuring security policy according to claim 1, wherein the security policy complying with the issue condition includes at least one configuration task, and the method further comprises the following steps: and when the security policy meets the issuing condition, adding the configuration tasks to a task queue corresponding to the user side terminal based on the configuration sequence.
3. The method for configuring security policy according to claim 2, wherein the step of sending the security policy meeting the issue condition to the corresponding user side terminal comprises the steps of:
receiving an empty request sent by the user side terminal;
querying whether a task is to be executed in the task queue,
if not, sending null response feedback to the user side terminal;
if yes, sending a first task to be executed to a corresponding user side terminal, then receiving task feedback sent by the user side terminal after the task is executed, updating the first task to be executed based on the task feedback, and then executing and inquiring whether the task to be executed is in the task queue.
4. The method of claim 3, wherein the task feedback comprises execution success or execution failure,
when the task feedback indicates that the execution is successful, updating the corresponding task to be completed;
and when the task feedback is failure in execution, updating the failure times of the corresponding task, and when the failure times are greater than a preset time a, removing the corresponding task from the task queue.
5. The method for configuring security policy according to any one of claims 1 to 4, further comprising the steps of: and performing Digest authentication on a configuration request sent by the user side terminal, wherein the configuration request comprises security data, if the authentication is successful, the configuration request is received, and if the authentication is failed, the configuration request is rejected.
6. The method of configuring security policy according to any one of claims 1 to 4, wherein the security data comprises ID, IP, traffic quintuple data, blacklisted IP policy trigger record, blacklisted URL policy trigger record.
7. The method for configuring the security policy of any one of claims 1 to 4, wherein the user side terminal and the server side terminal interact based on TR069 protocol or RPC protocol.
8. An apparatus for configuring a security policy, comprising:
a security data acquisition module: the method comprises the steps of obtaining security data of a user side terminal;
the safety data sending module: the safety data are used for sending the safety data to a big data analysis platform;
a security policy receiving module: the security policy receiving module is used for receiving a security policy obtained by the big data analysis platform based on the security data;
an issuing condition judgment module: the system is used for judging whether the security policy meets the issuing condition or not;
a security policy issuing module: and the safety strategy is used for sending the safety strategy which meets the issuing condition to the corresponding user side terminal.
9. An electronic device comprising a processor, a storage medium, and a computer program, the computer program being stored in the storage medium, wherein the computer program, when executed by the processor, implements the method of configuring a security policy of any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a method of configuring a security policy according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911110683.5A CN110943978A (en) | 2019-11-14 | 2019-11-14 | Security policy configuration method and device, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911110683.5A CN110943978A (en) | 2019-11-14 | 2019-11-14 | Security policy configuration method and device, electronic equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110943978A true CN110943978A (en) | 2020-03-31 |
Family
ID=69906715
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911110683.5A Pending CN110943978A (en) | 2019-11-14 | 2019-11-14 | Security policy configuration method and device, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110943978A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112149127A (en) * | 2020-08-18 | 2020-12-29 | 杭州安恒信息技术股份有限公司 | Security policy configuration method, device, system, computer equipment and medium |
| CN114726612A (en) * | 2022-04-01 | 2022-07-08 | 北京指掌易科技有限公司 | Method, device, medium and electronic equipment for managing working domain |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127591A (en) * | 2006-08-14 | 2008-02-20 | 华为技术有限公司 | Method and system for secure update of terminals in a large range |
| US20120216240A1 (en) * | 2011-02-17 | 2012-08-23 | Microsoft Corporation | Providing data security through declarative modeling of queries |
| US20130081104A1 (en) * | 2011-09-23 | 2013-03-28 | Samsung Sds Co., Ltd. | Mobile device management apparatus and method based on security policies and management server for mobile device management |
| CN103108302A (en) * | 2011-11-15 | 2013-05-15 | 中兴通讯股份有限公司 | Security policy issuing method, network element and system for achieving the same |
| CN103647785A (en) * | 2013-12-20 | 2014-03-19 | 北京奇虎科技有限公司 | Security control method, device and system for mobile terminal |
| CN104539612A (en) * | 2014-12-26 | 2015-04-22 | 北京奇虎科技有限公司 | Setting method and device for information safety of terminal device |
| CN106485104A (en) * | 2015-08-25 | 2017-03-08 | 腾讯科技(深圳)有限公司 | The self-repairing method of terminal security strategy and device, system |
-
2019
- 2019-11-14 CN CN201911110683.5A patent/CN110943978A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127591A (en) * | 2006-08-14 | 2008-02-20 | 华为技术有限公司 | Method and system for secure update of terminals in a large range |
| US20120216240A1 (en) * | 2011-02-17 | 2012-08-23 | Microsoft Corporation | Providing data security through declarative modeling of queries |
| US20130081104A1 (en) * | 2011-09-23 | 2013-03-28 | Samsung Sds Co., Ltd. | Mobile device management apparatus and method based on security policies and management server for mobile device management |
| CN103108302A (en) * | 2011-11-15 | 2013-05-15 | 中兴通讯股份有限公司 | Security policy issuing method, network element and system for achieving the same |
| CN103647785A (en) * | 2013-12-20 | 2014-03-19 | 北京奇虎科技有限公司 | Security control method, device and system for mobile terminal |
| CN104539612A (en) * | 2014-12-26 | 2015-04-22 | 北京奇虎科技有限公司 | Setting method and device for information safety of terminal device |
| CN106485104A (en) * | 2015-08-25 | 2017-03-08 | 腾讯科技(深圳)有限公司 | The self-repairing method of terminal security strategy and device, system |
Non-Patent Citations (1)
| Title |
|---|
| 李彦迪: "企业移动管理平台的设计与实现", 《中国优秀硕士学位论文全文数据库(电子期刊)》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112149127A (en) * | 2020-08-18 | 2020-12-29 | 杭州安恒信息技术股份有限公司 | Security policy configuration method, device, system, computer equipment and medium |
| CN112149127B (en) * | 2020-08-18 | 2024-03-19 | 杭州安恒信息技术股份有限公司 | Security policy configuration method, device, system, computer equipment and medium |
| CN114726612A (en) * | 2022-04-01 | 2022-07-08 | 北京指掌易科技有限公司 | Method, device, medium and electronic equipment for managing working domain |
| CN114726612B (en) * | 2022-04-01 | 2024-03-26 | 北京指掌易科技有限公司 | Work domain management method, device, medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20160286380A1 (en) | Management method for embedded universal integrated circuit card, related device, and system | |
| EP4027604A1 (en) | Security vulnerability defense method and device | |
| US10623445B2 (en) | Endpoint agent for enterprise security system | |
| US10404558B2 (en) | Adaptive allocation for dynamic reporting rates of log events to a central log management server from distributed nodes in a high volume log management system | |
| US10496397B2 (en) | System and method for providing automatic firmware update management | |
| CN112217771B (en) | Data forwarding method and data forwarding device based on tenant information | |
| CA2761820C (en) | Configuring network devices | |
| CN108028835B (en) | Automatic configuration server and server execution method | |
| CN104639913A (en) | Network video recorder (NVR) and automatic IPC (Internet Protocol Camera) access method thereof | |
| CN101409654B (en) | Method for processing SNMP information in network management system | |
| CN105610883A (en) | Policy file synchronization management method, policy synchronization server and management device | |
| CN110943978A (en) | Security policy configuration method and device, electronic equipment and medium | |
| JP2016511451A (en) | System and method for opening network functions and associated network elements | |
| EP4050859A1 (en) | Network security protection method and protection device | |
| CN113271299A (en) | Login method and server | |
| CN113872933B (en) | Method, system, device, equipment and storage medium for hiding source station | |
| US20240089178A1 (en) | Network service processing method, system, and gateway device | |
| CN107547561B (en) | Method and device for carrying out DDOS attack protection processing | |
| CN109101399B (en) | Monitoring method and device for host | |
| CN103441876A (en) | Network device management method and system based on DHCP and SNMP | |
| WO2016101223A1 (en) | Method and apparatus for snmp set operations | |
| CN107992363B (en) | Data processing method and device | |
| CN106375224B (en) | Router and method for network connection by using same | |
| CN111770077B (en) | Data distribution method, system, medium and device based on edge computing virtual private network | |
| US20220256016A1 (en) | Monitoring of communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20230707 |