Disclosure of Invention
Therefore, the embodiment of the invention provides a method, a device and equipment for evaluating the credibility level of a terminal, so as to solve the problem of insecurity caused by not rating the terminal in the prior art.
In order to achieve the above object, the embodiments of the present invention provide the following technical solutions:
according to a first aspect of an embodiment of the present invention, a method for evaluating a trust level of a terminal, applied to the terminal, includes:
determining a safety reference factor influencing the safety of the terminal; and the status of the safety reference factor;
determining a score of contribution of each safety reference factor to the rating according to the state of the safety reference factor;
calculating a total score according to the score of each safety reference factor contributing to the rating;
and determining the corresponding grade according to the total score.
In one embodiment, the safety reference factors include one or more of the following: patches for antivirus software, firewalls, operating systems;
the states of the safety reference factors include: whether antivirus software is installed, whether a firewall is opened, and whether a patch of an operating system is installed.
In one embodiment, the method further comprises:
determining a use reference factor influencing the use of the terminal;
calculating a score corresponding to the use reference factor;
calculating a total score of the secure reference factors and the use reference factors;
and determining the corresponding grade according to the total score.
In one embodiment, the usage reference factors include one or more of the following: whether or not the enterprise specifically requires software to be installed.
In one embodiment, a security reference factor affecting the security of the terminal is determined; and before the status of the safety reference factor, including:
receiving a domain name or an address of a target input by the browser.
In one embodiment, determining the corresponding level according to the total score includes: and sending a data packet carrying the level information to a gateway so that the gateway determines whether the terminal has the authority to access the server according to the level information.
According to a second aspect of the embodiments of the present invention, a terminal trust level evaluation apparatus includes:
the state determining module is used for determining safety reference factors influencing the safety of the terminal; and the status of the safety reference factor;
the score calculation module is used for determining the score of the contribution of each safety reference factor to the rating according to the state of the safety reference factor;
calculating a total score according to the score of each safety reference factor contributing to the rating;
and the level determining module is used for determining the corresponding level according to the total score.
In one embodiment, the state determination module is further configured to:
determining a usage reference factor having an influence on the usage of the terminal;
the score calculating module is also used for calculating the score corresponding to the use reference factor;
calculating a total score of the secure reference factors and the usage reference factors;
the grade determining module is further used for determining the corresponding grade according to the total score.
In one embodiment, the method further comprises: the terminal comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for determining a safety reference factor which influences the safety of the terminal; receiving a domain name or an address of a target input by a browser before the state of the safety reference factor;
in one embodiment, the method further comprises: and the sending module is used for sending a data packet carrying the grade information to a gateway after determining the corresponding grade according to the total score so that the gateway can determine whether the terminal has the authority to access the server according to the grade information.
According to a third aspect of the embodiments of the present invention, a terminal trust level evaluation device includes: at least one processor and at least one memory;
the memory for storing one or more program instructions;
the processor, configured to execute one or more program instructions, is configured to perform the following steps:
determining a safety reference factor influencing the safety of the terminal; and the status of the safety reference factor;
determining a score of contribution of each safety reference factor to the rating according to the state of the safety reference factor;
calculating a total score according to the score of each safety reference factor contributing to the rating;
and determining the corresponding grade according to the total score.
In one embodiment, the processor is further configured to:
determining a use reference factor influencing the use of the terminal;
calculating a score corresponding to the use reference factor;
calculating a total score of the secure reference factors and the use reference factors;
and determining the corresponding grade according to the total score.
In one embodiment, the processor is further configured to: determining a safety reference factor influencing the safety of the terminal; and receiving the domain name or address of the target input by the browser before the state of the safety reference factor.
In one embodiment, the processor is further configured to: and after determining the corresponding grade according to the total score, sending a data packet carrying the grade information to a gateway so that the gateway determines whether the terminal has the right to access a server according to the grade information.
A method for determining whether a terminal has access right is applied to a gateway, and the method comprises the following steps:
receiving a data packet which is sent by a terminal and carries the grade information of the terminal;
comparing the level of the terminal with a preset standard level;
and if the credibility level of the terminal is lower than the preset standard level, determining that the terminal has no authority to access.
An apparatus for determining whether a terminal has access right, applied to a gateway, the method comprising:
the receiving module is used for receiving a data packet which is sent by the terminal and carries the grade information of the terminal;
the judging module is used for comparing the grade of the terminal with a preset standard grade;
and if the credibility level of the terminal is lower than the preset standard level, determining that the terminal has no authority to access.
The embodiment of the invention has the following advantages: when a terminal browser inputs a domain name or an address which is required to be accessed, determining the credibility level of the terminal and informing a gateway; the gateway can determine whether the terminal has the authority to access the server or not through the level of the terminal, and if the terminal does not have the authority to access the server, the terminal is refused to access the server; thereby improving safety.
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The development of network technology has profoundly changed the working mode of human beings. Mobile office is more and more popular at present; the staff is not limited by time and space factors, referring to a scene schematic diagram of a terminal accessing a company intranet server shown in fig. 1, and a user accesses the server through the terminal; the terminal can be a mobile terminal, including a mobile phone; can be a fixed computer; on the mobile terminal, the mobile terminal can be accessed through a browser and also through an APP. The terminal generally sends a requested knock data packet to a gateway of a company intranet; the data packet carries some information of the terminal; the gateway verifies according to the information, if the verification is passed, the default forbidden port is enabled, so that the terminal can access the server of the intranet through the port, and if the verification is not passed, the port of the gateway keeps the forbidden state, and the terminal cannot access the server. In the prior art, the gateway may not know the credibility level of the terminal, and may cause that for an untrusted terminal, the gateway still makes a situation that the terminal is allowed to access, thereby bringing an unsafe risk factor to the intranet of the company.
Based on this, the present application proposes a terminal trust level evaluation method, see a flow chart of the terminal trust level evaluation method shown in fig. 2; the method comprises the following steps:
step S201, determining a safety reference factor influencing the safety of the terminal; and the status of the safety reference factor;
wherein, the safety reference factors comprise one or more of the following: patches for antivirus software, firewalls, operating systems; the states of the safety reference factors include: whether antivirus software is installed, whether a firewall is opened, and whether a patch of an operating system is installed.
Wherein, whether certain software is installed or not can be determined by inquiring the registry; and whether certain software is running; the smallest patch of the operating system may also be queried; because the operating system will often update patches; if the terminal does not have the latest patch of the operating system installed, the security of the terminal is reduced; the firewall is used for protecting the terminal, and if the firewall of the terminal is not started, the identification security is reduced; if the firewall of the terminal is started, the security is improved; the state of the firewall can be determined by querying the configuration file of the firewall, and the state comprises the following steps: on or off.
Step S202, determining the score of the contribution of each safety reference factor to the rating according to the state of the safety reference factor;
step S203, calculating a total score according to the score of each safety reference factor contributing to the rating;
and step S204, determining the corresponding grade according to the total score.
According to the method, the score of the safety reference factor of the terminal is calculated; determining a corresponding level by using the score; the security of the terminal can be expressed quantitatively or qualitatively; thereby laying the foundation for the gateway to determine whether the terminal has access rights.
In addition to the above-mentioned safety factors, there are also factors for using the reference, and in one embodiment, the method further comprises:
determining a usage reference factor having an influence on the usage of the terminal;
wherein the use reference factors include: whether the software required by the enterprise is installed; wherein, the software can be one or more;
calculating a score corresponding to the use reference factor;
wherein, for example, the score corresponding to the software OA is 10; the score corresponding to the software ERP is 10 points; if both pieces of software are installed, determining that the score corresponding to the use reference factor should be 20; if only one piece of software OA is installed and no ERP is installed, the corresponding score is 10; different scores can be set according to different importance of software; for example, if the employee is a financial staff, the financial software is most important, and the corresponding score of the financial software may be set to 30 points, for example; wherein the financial software may be a friend. The financial software also comprises word and excel; for example, word corresponds to 20 points; excel corresponds to 20 points; while general software, such as OA, is not so important for the financial staff, the setting is for 5 points.
In order to better determine the score corresponding to each piece of software, in one embodiment, the method further comprises:
the method comprises the steps that a plurality of software are used for carrying out priority ranking on the work done by the staff or the importance degree of a department to which the staff belongs;
and setting corresponding scores for each software from high to low according to the software priority.
Setting a corresponding score value to be high for software with high priority; setting a corresponding low score for software with low priority;
calculating the score sum corresponding to all the software which is required by the enterprise and must be installed in the terminal; wherein the score is a score using a reference factor.
Finally, calculating the total score of the safety reference factors and the use reference factors as a final score; and determining the corresponding grade according to the total score.
If the score corresponding to the usage factor is 20 points; the score corresponding to the safety reference factor is 40 points; the sum is 60 minutes; pre-establishing a corresponding relation between the scores and the levels; see table 1 for the correspondence of scores and levels:
TABLE 1
According to the table 1, firstly, determining a score interval where the score of the terminal is located; then determining the level corresponding to the interval from a corresponding relation table; if the score of a certain terminal is 75, determining that the score interval is 71-80; further determining that the grade of the terminal is 3 grade; determining a standard threshold level, such as level 4; the terminal is class 3; less than 4; it is determined that the terminal can access the server.
One way is that whether the terminal has the right to access is directly determined according to the score of the terminal;
comparing the score of the terminal with a preset threshold score, and if the score is smaller than the preset threshold score, determining that the terminal has no authority to access; wherein the threshold score may be 60 points; the setting can be flexibly carried out, and the application is not limited;
the other mode is that whether the terminal has the authority to prevent counterfeiting is determined according to the grade of the terminal; and comparing the level of the terminal with a preset threshold level, and if the level of the terminal is smaller than or larger than the preset threshold level, determining that the terminal has no authority to access. The level of the terminal is less than or greater than the preset threshold level, which may be set according to an actual scene, for example, the level of the terminal is 3 levels; the threshold level is 5, if the threshold level is less than the threshold level, the authorized access is determined; and if the set level of the terminal is 6 levels and is more than 5 levels of the threshold value level, determining that the access is authorized. It can also be directly set to qualitative levels, for example, the levels include: high, medium and low; scores greater than 90 are classified as high; the score is intermediate between 60 and 90; the score is low between 10 and 60. Setting is needed according to the scene of the actual security requirement, for example, if the security requirement is high, only high level can be set to access; intermediate or low level cannot. If the safety requirement is not high, the access can be realized by setting the score to be larger than a preset threshold score; the threshold score can be flexibly set, such as 30.
In order to determine the timing to trigger the execution of steps S201-S204, in one embodiment, a security reference factor is determined that has an impact on the security of the terminal; and the state of the safety reference factor, receiving the domain name or address of the target input by the browser. When the domain name or the address of the server to be accessed, which is input by the user, is input in the address bar of the browser, the actions of the steps S201 to S204 are triggered to be executed.
In one embodiment, after determining the corresponding rank based on the total score, the following steps are taken:
and sending a data packet carrying the level information to a gateway so that the gateway determines whether the terminal has the authority to access the server according to the level information.
The data packet is a knock data packet, because the port in the gateway is in a non-enabled state by default, the terminal can access the server through the port only after the port is changed from the disabled state to the enabled state by the gateway; the knock data packet of the terminal carries the level information of the terminal, for example, the level of the terminal is high, medium or low; if the gateway determines that the terminal level is low; the gateway can directly refuse to open the port; the terminal has no authority to access the server; for the level information in digital form, if the predetermined threshold access level in the gateway is level 5; when the level of the terminal is 4 and is less than 5, the terminal is determined to have the authority to access the server, and the gateway changes the port from the disabled state to the enabled state.
Corresponding to the above method, the present application further provides a device for evaluating a trusted level of a terminal, referring to a schematic structural diagram of the device for evaluating a trusted level of a terminal shown in fig. 3, where the device includes:
a state determination module 31 for determining a security reference factor having an influence on the security of the terminal; and the status of the safety reference factor;
a score calculation module 32 for determining a score of each security reference factor contributing to the rating according to a state of the security reference factor;
calculating a total score according to the score of each safety reference factor contributing to the rating;
and a level determining module 33, configured to determine a corresponding level according to the total score.
In one embodiment, the state determination module 31 is further configured to:
determining a usage reference factor having an influence on the usage of the terminal;
the score calculating module 32 is further configured to calculate a score corresponding to the usage reference factor;
calculating a total score of the secure reference factors and the usage reference factors;
the level determining module 33 is further configured to determine a corresponding level according to the total score.
In one embodiment, the method further comprises: the terminal comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for determining a safety reference factor influencing the safety of the terminal; receiving a domain name or an address of a target input by a browser before the state of the safety reference factor;
in one embodiment, the method further comprises: and the sending module is used for sending a data packet carrying the grade information to a gateway after determining the corresponding grade according to the total score so that the gateway can determine whether the terminal has the authority to access the server according to the grade information.
The present application further provides a terminal credibility level assessment device, which refers to the schematic structural diagram of a terminal credibility level assessment device shown in fig. 4; the apparatus comprises: at least one processor 41 and at least one memory 42;
the memory 42 is for storing one or more program instructions;
the processor 41 is configured to execute one or more program instructions to perform the following steps:
determining a safety reference factor influencing the safety of the terminal; and the status of the safety reference factor;
determining a score of contribution of each safety reference factor to the rating according to the state of the safety reference factor;
calculating a total score according to the score of each safety reference factor contributing to the rating;
and determining the corresponding grade according to the total score.
In one embodiment, the processor 41 is further configured to: determining a usage reference factor having an influence on the usage of the terminal;
calculating a score corresponding to the use reference factor;
calculating a total score of the secure reference factors and the use reference factors;
and determining the corresponding grade according to the total score.
In one embodiment, the processor 41 is further configured to: determining a safety reference factor influencing the safety of the terminal; and receiving the domain name or address of the target input by the browser before the state of the safety reference factor.
In one embodiment, the processor 41 is further configured to: and after determining the corresponding grade according to the total score, sending a data packet carrying the grade information to a gateway so that the gateway determines whether the terminal has the authority to access a server according to the grade information.
The application also provides a method for determining whether the terminal has the right to access, which is applied to a gateway and comprises the following steps:
receiving a data packet which is sent by a terminal and carries the grade information of the terminal;
comparing the level of the terminal with a preset standard level;
and if the credibility level of the terminal is lower than the preset standard level, determining that the terminal has no authority to access.
Wherein the port on the gateway is disabled by default; after the terminal is determined not to have access, the port keeps a forbidden state; the terminal cannot access the server. If it is determined that the level of the terminal can access the server, the gateway changes the disabled port to an enabled state, and the terminal can access the server through the enabled port.
The application also provides a device for determining whether the terminal has the right to access, which is applied to a gateway, and the method comprises the following steps:
the receiving module is used for receiving a data packet which is sent by the terminal and carries the grade information of the terminal;
the judging module is used for comparing the grade of the terminal with a preset standard grade;
and if the credibility level of the terminal is lower than the preset standard level, determining that the terminal has no authority to access.
Although the invention has been described in detail above with reference to a general description and specific examples, it will be apparent to one skilled in the art that modifications or improvements may be made thereto based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.