CN111030997A - Method and device for monitoring and filtering internal and external network flow, electronic equipment and storage medium - Google Patents
Method and device for monitoring and filtering internal and external network flow, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111030997A CN111030997A CN201911100622.0A CN201911100622A CN111030997A CN 111030997 A CN111030997 A CN 111030997A CN 201911100622 A CN201911100622 A CN 201911100622A CN 111030997 A CN111030997 A CN 111030997A
- Authority
- CN
- China
- Prior art keywords
- gateway
- sent
- flow
- flow data
- external network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000001914 filtration Methods 0.000 title claims abstract description 24
- 238000012544 monitoring process Methods 0.000 title claims abstract description 24
- 238000004422 calculation algorithm Methods 0.000 claims description 11
- 230000008439 repair process Effects 0.000 claims description 3
- 238000012546 transfer Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 230000009471 action Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000001627 detrimental effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention provides an internal and external network flow monitoring and filtering method, device, electronic equipment and storage medium, which are used for solving the problem that sensitive information is possibly leaked when an internal network terminal user accesses an external network. The method comprises the following steps: a gateway is arranged between an internal network and an external network, and the gateway receives a flow request and stores related flow data; if the flow request is sent to the outer network by the inner network, the gateway judges whether the flow data requested to be sent contains sensitive information, if so, the sensitive information is replaced by a placeholder, and the replaced flow data is sent; if the flow request is sent to the intranet from the extranet, the gateway judges whether the flow data requested to be sent contains sensitive information, and if the flow request contains the sensitive information, the gateway authenticates the authority of the target terminal; and if the target user has the authority to check the flow data, the gateway deletes the placeholder according to the stored flow data to restore the flow data and sends the flow data to the target user for checking.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method and a device for monitoring and filtering internal and external network flow, electronic equipment and a storage medium.
Background
With the development and popularization of computer technology, computer applications have fully penetrated into the work and life of people and become indispensable important tools and home entertainment equipment for people. Computer technology has changed the mode that people exchanged and shared the information, has also provided a platform for the development of outer net, and some enterprises and government departments also seize the characteristics of low cost and high efficiency of outer net, utilize the outer net to develop the business, but this is not suitable for all enterprises and government departments, therefore, for some enterprises and government departments, the staff utilizes the convenience of work, can have the following hidden danger when the internal environment visits the outer net:
1. what did the staff access the extranet?
2. What information is disclosed on the extranet by the staff?
3. Who is a worker exposed to information on accessing an external network?
4. Is certain activities of a worker accessing the extranet detrimental to the work terminal?
The prior art is not mature in limiting staff to access the extranet, and mostly adopts a mode of limiting the flow of the staff entering and exiting the extranet (limiting the flow or directly not allowing the staff to access certain websites), which may affect some really needed staff.
There are other enterprises and government agencies that employ trust in the form of a worker who is expected to be in the interest of the company when accessing the foreign network, which is highly uncertain and without limitation and may not achieve the desired results for the enterprises and government agencies.
Even if the business and government staff consciously have access to some extranets for job purposes, the channel of the social network that they supervise access cannot be guaranteed and may not be aware that they have delivered confidential information to the extranet.
Disclosure of Invention
The embodiment of the invention provides an internal and external network flow monitoring and filtering method, device, electronic equipment and storage medium, which are used for solving the problem that sensitive information is possibly leaked when an internal network terminal user accesses an external network.
Based on the above problem, an embodiment of the present invention provides an internal and external network traffic monitoring and filtering method, including:
a gateway is set between the internal network and the external network, and the gateway receives the flow request, stores the related flow data and generates a report; if the flow request is sent to an external network by an internal network, the gateway judges whether the flow data requested to be sent contains sensitive information, if so, the sensitive information is replaced by a placeholder, the replaced flow data is sent, and if not, the flow data is directly sent; if the flow request is sent to the intranet from the extranet, the gateway judges whether the flow data requested to be sent contains sensitive information, if so, the gateway authenticates the authority of the target terminal, otherwise, the target terminal checks the replaced flow data; if the target user has the authority to check the flow data, the gateway deletes the placeholder according to the stored flow data to restore the flow data and sends the flow data to the target user for checking, otherwise, the flow data after replacement is checked by the terminal user; wherein the related traffic data comprises: originating IP, destination IP, originating service, content, time.
Further, after receiving the traffic request, the gateway also identifies the application layer protocol.
Further, if the flow request is sent to the external network by the internal network, whether the terminal has the authority to access the external network is judged; and if the terminal has the authority to access the external network and the gateway judges that the flow data requested to be sent contains sensitive information, the gateway sends a notification to the terminal.
Furthermore, the placeholder is replaced by adopting a dynamic conversion mode of an encryption algorithm.
Further, if the flow request is sent to the intranet from the extranet, the gateway scans and judges malicious content, and if the flow request contains the malicious content, the malicious content is added into the database, and the access to the malicious content is refused.
And further, detecting the gateway at regular time to enable the detected flow to pass through the gateway, and if the gateway does not output a correct result, the gateway breaks down, analyzes the failure reason and repairs the gateway.
The embodiment of the invention provides an internal and external network flow monitoring and filtering device, which comprises the following components:
a gateway is set between an internal network and an external network, and a flow request is received, wherein the gateway comprises:
a data archiving filter: the system is used for storing the related flow data;
a data security filter: the system is used for judging whether the flow data requested to be sent contains sensitive information or not;
a data transfer filter: the traffic request is sent to the external network from the internal network, and if the traffic data requested to be sent contains sensitive information, the sensitive information is replaced by a placeholder; if the flow request is sent to the intranet from the extranet and the target user has the authority to check the flow data, the gateway deletes the placeholder according to the stored flow data to restore the flow data;
an access control filter: the traffic request is sent to the intranet by the extranet, and if the traffic data requested to be sent contains sensitive information, authority authentication is carried out on the target terminal; wherein the relevant traffic data stored in the data archive filter comprises: originating IP, destination IP, originating service, content, time.
Further, the system also comprises a protocol identification module: the method is used for identifying the application layer protocol after the gateway receives the flow request.
Further, the access control filter: the terminal is also used for judging whether the terminal has the authority to access the external network or not if the flow request is sent to the external network by the internal network;
the gateway further comprises a notification filter: and the gateway is used for sending a notification to the terminal if the terminal has the authority to access the external network and the gateway judges that the traffic data requested to be sent contains sensitive information.
Furthermore, the placeholder is replaced by adopting a dynamic conversion mode of an encryption algorithm.
And the data processing device further comprises a data logger, which is used for scanning and judging malicious content if the flow request is sent to an intranet from an extranet, and adding the malicious content into a database to refuse to access the malicious content if the flow request is confirmed to contain the malicious content.
And the gateway fault detection device further comprises a detector which is used for detecting the gateway at regular time to enable the detected flow to pass through the gateway, and if the gateway does not output a correct result, the gateway is in fault, the fault reason is analyzed, and the gateway is repaired.
The embodiment of the invention also discloses an electronic device for monitoring and filtering the flow of the internal and external networks, which comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor reads the executable program code stored in the memory to run the program corresponding to the executable program code, so as to execute any one of the intranet and extranet traffic monitoring and filtering methods.
An embodiment of the present invention provides a computer-readable storage medium, wherein the computer-readable storage medium stores one or more programs, and the one or more programs are executable by one or more processors to implement an intranet and extranet traffic monitoring and filtering method according to any one of the preceding claims.
Compared with the prior art, the internal and external network flow monitoring and filtering method, the internal and external network flow monitoring and filtering device, the electronic equipment and the storage medium provided by the embodiment of the invention at least realize the following beneficial effects:
a gateway is set between the internal network and the external network, and the gateway receives the flow request, stores the related flow data and generates a report; if the flow request is sent to an external network by an internal network, the gateway judges whether the flow data requested to be sent contains sensitive information, if so, the sensitive information is replaced by a placeholder, the replaced flow data is sent, and if not, the flow data is directly sent; if the flow request is sent to the intranet from the extranet, the gateway judges whether the flow data requested to be sent contains sensitive information, if so, the gateway authenticates the authority of the target terminal, otherwise, the target terminal checks the replaced flow data; if the target user has the authority to check the flow data, the gateway deletes the placeholder according to the stored flow data to restore the flow data and sends the flow data to the target user for checking, otherwise, the flow data which is checked by the terminal user is replaced. The embodiment of the invention controls the content released by the user accessing the external network, thereby limiting the behavior of the user in the external network; the method has the advantages that the content published by the user on the external network is encrypted when the sensitive information is involved, so that the sensitive information is prevented from being leaked; when other users request to view the message, the problem of content leakage caused by viewing sensitive messages by irrelevant people is avoided by viewing whether the other users have viewing permission; furthermore, by generating detailed tracking records of the user behavior on the external network, the method is more beneficial to the proper management of external network access of the employee by enterprises or government departments.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of an internal and external network traffic monitoring and filtering method according to an embodiment of the present invention;
fig. 2 is a flowchart of another method for monitoring and filtering traffic of an intranet and an extranet according to an embodiment of the present invention;
FIG. 3 is a block diagram of an internal and external network flow monitoring and filtering apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following describes specific embodiments of an intranet and extranet traffic monitoring and filtering method, an intranet and extranet traffic monitoring and filtering device, an electronic device, and a storage medium according to embodiments of the present invention with reference to the accompanying drawings.
The method for monitoring and filtering the internal and external network flow, provided by the embodiment of the invention, as shown in fig. 1, specifically comprises the following steps:
s101, establishing a gateway between an internal network and an external network;
a gateway may be installed between the intranet and the extranet, or a social gateway may be integrated with an end user, such as an enterprise, a school, a hospital, a government agency, an office, or a home.
S102, the gateway receives the flow request, stores the related flow data and generates a report;
the relevant traffic data includes: originating IP, destination IP, originating service, content, time, etc. based on these data stores and generates a report in which it can be reflected which terminals have accessed the foreign network, which network has accessed, how to use the network, what the most frequently used network services are, etc.
S103, if the flow request is sent to an external network by an internal network, the gateway judges whether the flow data requested to be sent contains sensitive information, if yes, the sensitive information is replaced by a placeholder, the replaced flow data is sent, and if not, the flow data is directly sent;
the placeholder is replaced by adopting a dynamic transformation mode of an encryption algorithm, wherein the encryption algorithm can be a Kaiser encryption algorithm, a Virginia encryption algorithm or other algorithms, and the dynamic transformation mode is that the encryption algorithm adopted by the flow data containing sensitive information is random every time.
S104, if the flow request is sent to an internal network from an external network, the gateway judges whether the flow data requested to be sent contains sensitive information, if so, the gateway authenticates the authority of the target terminal, otherwise, the target terminal checks the replaced flow data; if the target user has the authority to check the flow data, the gateway deletes the placeholder according to the stored flow data to restore the flow data and sends the flow data to the target user for checking, otherwise, the flow data after replacement is checked by the terminal user;
and if the flow request is sent to the other terminal of the intranet from the intranet, the flow data is directly sent.
The embodiment of the invention controls the content released by the user accessing the external network, thereby limiting the behavior of the user in the external network; the method has the advantages that the content published by the user on the external network is encrypted when the sensitive information is involved, so that the sensitive information is prevented from being leaked; when other users request to view the message, the problem of content leakage caused by viewing sensitive messages by irrelevant people is avoided by viewing whether the other users have viewing permission; furthermore, by generating detailed tracking records of each behavior of the user in the extranet, the method is more beneficial to the enterprise or government departments to properly manage the extranet access of the employees.
As shown in fig. 2, another method for monitoring and filtering the flows of the internal and external networks provided by the embodiment of the present invention specifically includes the following steps:
s201, a gateway is set up between an internal network and an external network;
s202, the gateway receives the flow request and identifies an application layer protocol;
a code is included in the gateway to identify the application layer protocol because the application layer protocol may change dynamically over time in the extranet.
S203, storing the related flow data to generate a report;
the storage method can be classified and stored according to the storage time or the protocol type, and the storage mode can be set according to the actual requirement.
S204, if the flow request is sent to an external network by an internal network, judging whether the terminal has the authority to access the external network; if the terminal has the right to access the external network, step S205 is executed, otherwise, the terminal user cannot access the external network.
S205, judging whether the traffic data requested to be sent contains sensitive information, if so, executing a step 206, otherwise, directly sending the traffic data.
S206, replacing the sensitive information by a placeholder, and sending a notice to the terminal; the notification sent to the terminal is to confirm whether the information is sent to the external network or not to the user, if so, the step S207 is executed, otherwise, the information is not sent;
the flow data is not only text content, but also content such as voice, word document, PDF document, picture and the like; the notification sent to the terminal also supports sending to a designated person, and reports can also be sent according to a certain keyword, and the definition of the keyword can be defined according to the actual requirement.
S207, sending the replaced flow data;
s208, if the flow request is sent to the intranet from the extranet, scanning the flow and judging malicious content; if the traffic flow is confirmed to contain malicious content, step S209 is executed, otherwise step S210 is executed.
S209, adding the malicious content into a database, and refusing to access the malicious content;
the method comprises the steps of scanning traffic to find potential malicious content, firstly analyzing whether the potential malicious content is malicious or not (manually confirming or confirming according to a general virus scanning rule), if so, considering that the content has no malicious information, then taking no action, if the content has the malicious information, then reporting the potential malicious content to a user, and providing a means for preventing the malicious content. Once the malicious content is confirmed, the connection between the malicious content and the intranet environment is blocked, namely the malicious content is not sent to the intranet environment, even if an end user requests the malicious content, a warning message is sent to the end user, and the user is reminded that the accessed content contains malicious information.
S210, judging whether the traffic data requested to be sent contains sensitive information, if so, executing a step S211, otherwise, the target terminal looks up the traffic data after replacement;
s211, the gateway authenticates the authority of the target terminal; if the target user has the authority to view the traffic data, executing step S212, otherwise, the terminal user views the traffic data after replacement;
the setting of each authority in the present embodiment can be realized by a setting administrator. Setting a manager, setting roles of managing each person and a work group in a database by the manager, setting the access authority of each person and the work group extranet, and the allowed or limited behaviors on the extranet, so that each role has the capability of accessing a specific extranet, and the accessible contents of the personnel of a research and development department and the personnel of a market department are different.
S212, the gateway deletes the placeholder according to the stored traffic data to restore the traffic data, and sends the traffic data to the target user for viewing.
And simultaneously, detecting the gateway at regular time to enable the detected flow to pass through the gateway, if the gateway does not output a correct result, the gateway breaks down, analyzing the detected flow, determining the reason causing the gateway failure, and repairing the gateway.
The embodiment of the invention controls the content released by the user accessing the external network, thereby limiting the behavior of the user in the external network; the method has the advantages that the content published by the user on the external network is encrypted when the sensitive information is involved, so that the sensitive information is prevented from being leaked; when other users request to view the message, the problem of content leakage caused by viewing sensitive messages by irrelevant people is avoided by viewing whether the other users have viewing permission; furthermore, by generating detailed tracking records of the user on the external network behaviors, the method is more beneficial to the proper management of external network access of the enterprise or government departments to the employees; meanwhile, the method can help an intranet terminal user to identify potential malicious information from an extranet and report the potential malicious information to the user, and further provides a means for preventing the potential malicious information, so that the identification of the potential malicious information is realized; the testing function can update the gateway in real time, and the availability of the gateway is ensured.
An embodiment of the present invention further provides an internal and external network traffic monitoring and filtering apparatus, as shown in fig. 3, including:
a gateway 30 is established between the internal network 10 and the external network 20, and receives a traffic request, the gateway includes:
data archive filter 301: the system is used for storing the related flow data;
data security filter 302: the system is used for judging whether the flow data requested to be sent contains sensitive information or not;
data transfer filter 303: the traffic request is sent to the external network from the internal network, and if the traffic data requested to be sent contains sensitive information, the sensitive information is replaced by a placeholder; if the flow request is sent to the intranet from the extranet and the target user has the authority to check the flow data, the gateway deletes the placeholder according to the stored flow data to restore the flow data;
access control filter 304: the traffic request is sent to the intranet by the extranet, and if the traffic data requested to be sent contains sensitive information, authority authentication is carried out on the target terminal; wherein the relevant traffic data stored in the data archive filter comprises: originating IP, destination IP, originating service, content, time.
Further, the protocol identification module 305 is further included: the method is used for identifying the application layer protocol after the gateway receives the flow request.
Further, the access control filter: the terminal is also used for judging whether the terminal has the authority to access the external network or not if the flow request is sent to the external network by the internal network;
the gateway also includes a notification filter 306: and the gateway is used for sending a notification to the terminal if the terminal has the authority to access the external network and the gateway judges that the traffic data requested to be sent contains sensitive information.
Furthermore, the placeholder is replaced by adopting a dynamic conversion mode of an encryption algorithm.
Further, the system further includes an inspector 307, configured to scan and judge malicious content by the gateway if the traffic request is sent from the external network to the internal network, and add the malicious content to the database if it is determined that the traffic includes the malicious content, so as to deny access to the malicious content.
Further, a detector 308 is included, which is configured to detect the gateway at regular time, so that the detected traffic passes through the gateway, and if the gateway does not output a correct result, the gateway fails, analyzes the cause of the failure, and repairs the gateway.
An embodiment of the present invention further provides an electronic device, fig. 4 is a schematic structural diagram of an embodiment of the electronic device of the present invention, and a flow of the embodiment shown in fig. 1-2 of the present invention can be implemented, as shown in fig. 4, where the electronic device may include: the device comprises a shell 41, a processor 42, a memory 43, a circuit board 44 and a power circuit 45, wherein the circuit board 44 is arranged inside a space enclosed by the shell 41, and the processor 42 and the memory 43 are arranged on the circuit board 44; a power supply circuit 45 for supplying power to each circuit or device of the electronic apparatus; the memory 43 is used for storing executable program code; the processor 42 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 43, and is configured to execute the program starting method according to any of the foregoing embodiments.
The specific execution process of the above steps by the processor 42 and the steps further executed by the processor 42 by running the executable program code may refer to the description of the embodiment shown in fig. 1-2 of the present invention, and are not described herein again.
The electronic device exists in a variety of forms, including but not limited to:
(1) a mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice, data communications. Such terminals include: smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) Ultra mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.
(3) A portable entertainment device: such devices can display and play multimedia content. This type of device comprises: audio, video players (e.g., ipods), handheld game consoles, electronic books, and smart toys and portable car navigation devices.
(4) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service.
(5) And other electronic equipment with data interaction function.
An embodiment of the present invention also provides a computer-readable storage medium, wherein the computer-readable storage medium stores one or more programs, and the one or more programs are executable by one or more processors to implement the aforementioned program starting method.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (14)
1. An internal and external network flow monitoring and filtering method is characterized by comprising the following steps:
a gateway is set between the internal network and the external network, and the gateway receives the flow request, stores the related flow data and generates a report;
if the flow request is sent to an external network by an internal network, the gateway judges whether the flow data requested to be sent contains sensitive information, if so, the sensitive information is replaced by a placeholder, the replaced flow data is sent, and if not, the flow data is directly sent;
if the flow request is sent to the intranet from the extranet, the gateway judges whether the flow data requested to be sent contains sensitive information, if so, the gateway authenticates the authority of the target terminal, otherwise, the target terminal checks the replaced flow data;
if the target user has the authority to check the flow data, the gateway deletes the placeholder according to the stored flow data to restore the flow data and sends the flow data to the target user for checking, otherwise, the flow data after replacement is checked by the terminal user;
wherein the related traffic data comprises: originating IP, destination IP, originating service, content, time.
2. The method of claim 1, wherein the gateway, upon receiving the traffic request, further comprises identifying an application layer protocol.
3. The method according to claim 1, wherein if the traffic request is sent from an intranet to an extranet, the method further comprises determining whether the terminal has permission to access the extranet;
and if the terminal has the authority to access the external network and the gateway judges that the flow data requested to be sent contains sensitive information, the gateway sends a notification to the terminal.
4. The method of claim 1, wherein the placeholder replacement is performed in a manner dynamically transformed by a cryptographic algorithm.
5. The method according to claim 1, wherein if the traffic request is sent from an external network to an internal network, the gateway scans and judges malicious content, and if it is determined that the traffic contains the malicious content, the malicious content is added to a database, and access to the malicious content is denied.
6. The method of claim 1, wherein the gateway is periodically detected to allow the detected traffic to pass through the gateway, and if the gateway does not output a correct result, the gateway fails, and the gateway is repaired by analyzing the cause of the failure.
7. An internal and external network flow monitoring and filtering device is characterized in that,
a gateway is set between an internal network and an external network, and a flow request is received, wherein the gateway comprises:
a data archiving filter: the system is used for storing the related flow data;
a data security filter: the system is used for judging whether the flow data requested to be sent contains sensitive information or not;
a data transfer filter: the traffic request is sent to the external network from the internal network, and if the traffic data requested to be sent contains sensitive information, the sensitive information is replaced by a placeholder; if the flow request is sent to the intranet from the extranet and the target user has the authority to check the flow data, the gateway deletes the placeholder according to the stored flow data to restore the flow data;
an access control filter: the traffic request is sent to the intranet by the extranet, and if the traffic data requested to be sent contains sensitive information, authority authentication is carried out on the target terminal;
wherein the relevant traffic data stored in the data archive filter comprises: originating IP, destination IP, originating service, content, time.
8. The apparatus of claim 7, further comprising a protocol identification module: the method is used for identifying the application layer protocol after the gateway receives the flow request.
9. The apparatus of claim 7, wherein an access control filter: the terminal is also used for judging whether the terminal has the authority to access the external network or not if the flow request is sent to the external network by the internal network;
the gateway further comprises a notification filter: and the gateway is used for sending a notification to the terminal if the terminal has the authority to access the external network and the gateway judges that the traffic data requested to be sent contains sensitive information.
10. The apparatus of claim 7, wherein the placeholder replacement is performed in a manner dynamically transformed by an encryption algorithm.
11. The apparatus according to claim 7, further comprising a data logger, configured to scan and perform malicious content judgment by a gateway if the traffic request is sent from an external network to an internal network, and add the malicious content to a database if it is determined that the traffic includes the malicious content, so as to deny access to the malicious content.
12. The apparatus of claim 7, further comprising a detector for detecting the gateway periodically to allow the detected traffic to pass through the gateway, and if the gateway does not output the correct result, the gateway is failed, and the cause of the failure is analyzed to repair the gateway.
13. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing the intranet and extranet traffic monitoring and filtering method of any one of the preceding claims 1 to 6.
14. A computer readable storage medium, characterized in that the computer readable storage medium stores one or more programs executable by one or more processors to implement the intranet and extranet traffic monitoring and filtering method of any one of the preceding claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911100622.0A CN111030997A (en) | 2019-11-12 | 2019-11-12 | Method and device for monitoring and filtering internal and external network flow, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911100622.0A CN111030997A (en) | 2019-11-12 | 2019-11-12 | Method and device for monitoring and filtering internal and external network flow, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111030997A true CN111030997A (en) | 2020-04-17 |
Family
ID=70201227
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911100622.0A Pending CN111030997A (en) | 2019-11-12 | 2019-11-12 | Method and device for monitoring and filtering internal and external network flow, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111030997A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114710360A (en) * | 2022-04-15 | 2022-07-05 | 北京全路通信信号研究设计院集团有限公司 | Audit-based inside-out data secure transmission method and system and electronic equipment |
| CN116244757A (en) * | 2023-03-15 | 2023-06-09 | 武汉天楚云计算有限公司 | Computer equipment monitoring alarm method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302328A (en) * | 2015-05-20 | 2017-01-04 | 腾讯科技(深圳)有限公司 | Sensitive user data processing system and method |
| CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
| CN107770163A (en) * | 2017-10-10 | 2018-03-06 | 贵州华城高新科技有限公司 | A kind of Information Security Management System |
| CN108052833A (en) * | 2017-12-11 | 2018-05-18 | 北京明朝万达科技股份有限公司 | A kind of executable file anti-data-leakage scan method, system and gateway |
| CN108809990A (en) * | 2018-06-14 | 2018-11-13 | 北京中飞艾维航空科技有限公司 | A kind of crowdsourcing data safety encryption method, server and storage medium |
| CN109522704A (en) * | 2018-10-17 | 2019-03-26 | 视联动力信息技术股份有限公司 | A kind of method and device of processing sensitivity monitoring access authorization for resource |
-
2019
- 2019-11-12 CN CN201911100622.0A patent/CN111030997A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302328A (en) * | 2015-05-20 | 2017-01-04 | 腾讯科技(深圳)有限公司 | Sensitive user data processing system and method |
| CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
| CN107770163A (en) * | 2017-10-10 | 2018-03-06 | 贵州华城高新科技有限公司 | A kind of Information Security Management System |
| CN108052833A (en) * | 2017-12-11 | 2018-05-18 | 北京明朝万达科技股份有限公司 | A kind of executable file anti-data-leakage scan method, system and gateway |
| CN108809990A (en) * | 2018-06-14 | 2018-11-13 | 北京中飞艾维航空科技有限公司 | A kind of crowdsourcing data safety encryption method, server and storage medium |
| CN109522704A (en) * | 2018-10-17 | 2019-03-26 | 视联动力信息技术股份有限公司 | A kind of method and device of processing sensitivity monitoring access authorization for resource |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114710360A (en) * | 2022-04-15 | 2022-07-05 | 北京全路通信信号研究设计院集团有限公司 | Audit-based inside-out data secure transmission method and system and electronic equipment |
| CN114710360B (en) * | 2022-04-15 | 2024-01-19 | 北京全路通信信号研究设计院集团有限公司 | Audit-based inside-to-outside data security transmission method and system and electronic equipment |
| CN116244757A (en) * | 2023-03-15 | 2023-06-09 | 武汉天楚云计算有限公司 | Computer equipment monitoring alarm method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11411980B2 (en) | Insider threat management | |
| US9282114B1 (en) | Generation of alerts in an event management system based upon risk | |
| US9667657B2 (en) | System and method of utilizing a dedicated computer security service | |
| US8832840B2 (en) | Mobile application security and management service | |
| CN101513008B (en) | System for implementing safety of telecommunication terminal | |
| CN111416811B (en) | Unauthorized vulnerability detection method, system, equipment and storage medium | |
| Furfaro et al. | Towards security as a service (secaas): On the modeling of security services for cloud computing | |
| US20110276604A1 (en) | Reputation based access control | |
| US20150281239A1 (en) | Provision of access privileges to a user | |
| CN111343168B (en) | Identity authentication method and device, computer equipment and readable storage medium | |
| CN104246785A (en) | System and method for crowdsourcing of mobile application reputations | |
| CN110851872B (en) | Risk assessment method and device for private data leakage | |
| CN103414585A (en) | Method and device for building safety baselines of service system | |
| US11727101B2 (en) | Methods and systems for verifying applications | |
| US9635017B2 (en) | Computer network security management system and method | |
| KR101731312B1 (en) | Method, device and computer readable recording medium for searching permission change of application installed in user's terminal | |
| CN111030997A (en) | Method and device for monitoring and filtering internal and external network flow, electronic equipment and storage medium | |
| US20180227298A1 (en) | Selectively permitting a receiver device to access a message based on authenticating the receiver device | |
| CN117768236A (en) | Safety control and data desensitization platform and method based on API gateway | |
| JP6636605B1 (en) | History monitoring method, monitoring processing device, and monitoring processing program | |
| CN114039779A (en) | Method and device for safely accessing network, electronic equipment and storage medium | |
| KR101294940B1 (en) | System for protecting information on mobile platform and method for the same | |
| US20200167500A1 (en) | Providing transparency in private-user-data access | |
| CN115021951B (en) | Business application management method and system | |
| KR101498647B1 (en) | Security Management System And Security Management Method Using The Same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200417 |