CN111224947A - Network security defense system and method thereof - Google Patents

Network security defense system and method thereof Download PDF

Info

Publication number
CN111224947A
CN111224947A CN201911184171.3A CN201911184171A CN111224947A CN 111224947 A CN111224947 A CN 111224947A CN 201911184171 A CN201911184171 A CN 201911184171A CN 111224947 A CN111224947 A CN 111224947A
Authority
CN
China
Prior art keywords
level
client
data
server
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911184171.3A
Other languages
Chinese (zh)
Inventor
郭盛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wangpin Consulting Co ltd
Original Assignee
Beijing Wangpin Consulting Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wangpin Consulting Co ltd filed Critical Beijing Wangpin Consulting Co ltd
Priority to CN201911184171.3A priority Critical patent/CN111224947A/en
Publication of CN111224947A publication Critical patent/CN111224947A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a network security defense system, which comprises: the data confidentiality classification module is used for classifying the data into first-grade data, second-grade data and third-grade data according to the data confidentiality degree and storing the first-grade data, the second-grade data and the third-grade data to corresponding servers; the first detection module is used for detecting the security level of the client, if the security level is high, the first detection module is connected with the first route and accesses the first level server, the second level server and the third level server; if the number of the first route is equal to the number of the second route, establishing connection with the second route, and accessing the first level server and the second level server; if the client is dangerous, connecting the client with a password endless loop module; the second detection module is used for detecting whether the third-level server is illegally accessed; and if illegal access is detected, starting an automatic encryption module to automatically encrypt the database in the third-level server. The invention also provides a network security defense method. The system and the method can ensure the safety of the data of the server side and can also avoid the potentially dangerous client side.

Description

Network security defense system and method thereof
Technical Field
The invention relates to the technical field of network security. More particularly, the present invention relates to a network security defense system and a method thereof.
Background
Computer networks are now an integral part of various industries. With the rapid development of computer internet technology, more and more security problems are gradually appearing in front of people. Computer networks also become targets of hackers, trojans or virus attacks, and problems of data loss, information leakage and the like occur from time to time, so that troubles are brought to network companies and users. Therefore, the network security protection problem has become the most important problem in the internet era, and is receiving attention from various aspects. The existing network security defense system has slow development speed, and some key technologies can not be solved all the time, so that the security protection becomes a nominal one. Certain network security defense systems with tighter protection can cause the access process to become abnormally difficult.
Disclosure of Invention
An object of the present invention is to solve at least the above problems and/or disadvantages and to provide at least the advantages described hereinafter.
It is still another object of the present invention to provide a network security defense system, which can ensure the security of important data at the server side and also can avoid potentially dangerous clients.
To achieve these objects and other advantages in accordance with the purpose of the invention, a network security defense system is provided, comprising:
the data confidentiality classification module is used for classifying the data into first-level data, second-level data and third-level data according to the confidentiality degree of the data, and storing the first-level data, the second-level data and the third-level data into corresponding first-level servers, second-level servers and third-level servers;
the first detection module is connected with the client and used for detecting the security level of the client, if the security level of the client is high, the client is connected with the first router, and the first level server, the second level server and the third level server are accessed; if the security level of the client is medium and low, establishing connection between the client and a second router, and accessing the first level server and the second level server; if the security level of the client is detected to be dangerous, connecting the client to a password endless loop module to enable the client not to access the server, wherein the password endless loop module is a module for allowing a user to input a password in an infinite loop manner;
the second detection module is connected with the third-level server with the highest confidentiality degree and used for detecting whether illegal access to the third-level server exists or not;
the automatic encryption module is connected with the database in the third-level server and the second detection module, and if the second detection module detects that illegal access exists, the automatic encryption module is started to automatically encrypt the database in the third-level server;
and the response module is connected with the second detection module and used for recording the attack behavior in the network and giving an alarm.
Preferably, in the network security defense system, the first detection module further includes a multiple identity authentication module, and if the first detection module detects that the security level of the client is low, the client needs to be connected to the multiple identity authentication module for multiple identity authentication.
Preferably, the network security defense system further includes an automatic network disconnection module, which is connected to the first route and the second detection module, and if the second detection module detects that there is an illegal access, the automatic network disconnection module is started to disconnect the first route from the third hierarchical server.
Preferably, the network security defense system further includes a traffic monitoring module, configured to monitor data traffic between the client and the server; and if the data flow is higher than a preset threshold value, the flow monitoring module sends out early warning.
Preferably, in the network security defense system, the multiple identity authentication modules need to select two or more combined authentication methods for identity authentication for the same user.
Preferably, in the network security defense system, the illegal attack behavior detected by the second detection module includes: port attack, brute force attack, trojan backdoor attack or network worm attack.
Preferably, the network security defense system is configured to record an attack behavior in a network, and specifically includes: and recording an attack source IP, an attack type, an attack purpose and attack time.
Preferably, the network security defense system further includes a repair module, which, together with the response module, repairs according to the attack behavior.
The invention also provides a network security defense method, which comprises the following steps:
dividing the data into first-level data, second-level data and third-level data according to the confidentiality degree of the data, and storing the first-level data, the second-level data and the third-level data into corresponding first-level servers, second-level servers and third-level servers;
detecting the security level of the client, if the security level of the client is high, establishing connection between the client and the first route, and accessing the first level server, the second level server and the third level server; if the security level of the client is medium and low, establishing connection between the client and the second route, and accessing the first level server and the second level server; if the security level of the client is detected to be dangerous, connecting the client to the password endless loop module to enable the client not to access the service;
detecting whether a third-level server with highest illegal access confidentiality degree exists, and if the third-level server with highest illegal access confidentiality degree exists, starting an automatic encryption module to automatically encrypt a database in the third-level server;
and recording the attack behavior in the network and alarming.
The invention at least comprises the following beneficial effects: firstly, the data confidentiality classification module can classify the data into first-level data, second-level data and third-level data according to the confidentiality degree of the data, and store the first-level data, the second-level data and the third-level data into corresponding first-level servers, second-level servers and third-level servers. That is, data with different importance levels or confidentiality levels are respectively placed in different servers, the servers with higher levels are specially protected, data with less importance levels can be not specially protected, and the cost can be reduced as a whole. The set first detection module can detect the security level of the client, if the security level of the client is high, the client is connected with the first route, the first level server, the second level server and the third level server can be accessed, and the higher the security level of the client is, the more data can be accessed; if the security level of the client is medium or low, establishing connection between the client and a second route, and accessing the first level server and the second level server, namely, the client with the medium or low data security level which is the most important cannot be accessed, and the clients with different security levels are accessed through different routers, so that the security of the server with the high level is further ensured; and if the security level of the client is detected to be dangerous, connecting the client to the password endless loop module, so that the client cannot access the server. And the second detection module is connected with the third-level server with the highest confidentiality degree and used for detecting whether the third-level server is illegally accessed. The automatic encryption module is connected with a database in a third-level server and the second detection module, if the second detection module detects that illegal access exists, the automatic encryption module is started to automatically encrypt the database in the third-level server, the automatic encryption module further protects high-confidentiality data, and the data cannot be directly obtained even entering the server through an illegal means.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention.
Drawings
Fig. 1 is a schematic diagram of a network security defense system according to an embodiment of the present invention.
Detailed Description
The present invention is further described in detail below with reference to the attached drawings so that those skilled in the art can implement the invention by referring to the description text.
It will be understood that terms such as "having," "including," and "comprising," as used herein, do not preclude the presence or addition of one or more other elements or groups thereof.
As shown in fig. 1, a network security defense system provided in an embodiment of the present invention includes: the data confidentiality classification module divides the data into first-level data, second-level data and third-level data according to the confidentiality degree of the data, the higher the confidentiality is, the higher the level is, and the data are stored in the corresponding first-level server, second-level server and third-level server; the first detection module is connected with the client and used for detecting the security level of the client, if the security level of the client is high, the client is connected with the first router, and the first level server, the second level server and the third level server are accessed; if the security level of the client is medium and low, establishing connection between the client and a second router, and accessing the first level server and the second level server; if the security level of the client is detected to be dangerous, connecting the client to a password endless loop module to enable the client not to access the server, wherein the password endless loop module is a module for allowing a user to input a password in an infinite loop manner; the second detection module is connected with the third-level server with the highest confidentiality degree and used for detecting whether illegal access to the third-level server exists or not; the automatic encryption module is connected with the database in the third-level server and the second detection module, and if the second detection module detects that illegal access exists, the automatic encryption module is started to automatically encrypt the database in the third-level server; and the response module is connected with the second detection module and used for recording the attack behavior in the network and giving an alarm.
The embodiment of the invention respectively places the data with different importance degrees or confidentiality in different servers, the server with higher grade is specially protected, the data which is not very important can not be specially protected, and the cost can be reduced on the whole. The set first detection module can detect the security level of the client, if the security level of the client is high, the client is connected with the first route, the first level server, the second level server and the third level server can be accessed, and the higher the security level of the client is, the more data can be accessed; if the security level of the client is medium or low, establishing connection between the client and a second route, and accessing the first level server and the second level server, namely, the client with the medium or low data security level which is the most important cannot be accessed, and the clients with different security levels are accessed through different routers, so that the security of the server with the high level is further ensured; and if the security level of the client is detected to be dangerous, connecting the client to the password endless loop module, so that the client cannot access the server. And the second detection module is used for detecting whether the third-level server is illegally accessed. And if the second detection module detects that the illegal access exists, the automatic encryption module is started to automatically encrypt the database in the third-level server, the automatic encryption module further protects the data with high confidentiality, and the data cannot be directly acquired even entering the server by an illegal means.
In one embodiment, the network security defense system further includes a multiple identity authentication module in the first detection module, and if the first detection module detects that the security level of the client is low, the client needs to be connected to the multiple identity authentication module for multiple identity authentication. The multiple identity authentication module needs to select two or more combined authentication modes for identity authentication for the same user. The security of the client side accessing the server side can be further ensured, and the possibility that the server is attacked is reduced.
In one specific embodiment, the network security defense system further includes an automatic network disconnection module, which is connected to the first route and the second detection module, and if the second detection module detects that there is an illegal access, the automatic network disconnection module is started to disconnect the first route from the third hierarchical server. When illegal access exists, the connection with the server is automatically cut off, and the data are prevented from being stolen.
In one embodiment, the network security defense system further includes a traffic monitoring module, configured to monitor data traffic between the client and the server; and if the data flow is higher than a preset threshold value, the flow monitoring module sends out early warning. The abnormal traffic does not exclude the abnormal traffic of the server, so that when the abnormal traffic occurs, early warning can be timely obtained to find out the problem of the traffic. The device comprises a first detection module, a server end and a flow monitoring module, and is characterized by further comprising a control server in the specific setting process, wherein the first detection module, the server end and the flow monitoring module are all connected with the control server and used for control and service.
In one embodiment, in the network security defense system, the illegal attack behavior detected by the second detection module includes: port attack, brute force attack, trojan backdoor attack or network worm attack.
In one embodiment, the network security defense system is configured to record an attack behavior in a network, and specifically includes: and recording an attack source IP, an attack type, an attack purpose and attack time.
In one embodiment, the network security defense system further includes a repair module, which, together with the response module, repairs according to an attack behavior.
The embodiment of the invention also provides a network security defense method, which comprises the following steps:
dividing the data into first-level data, second-level data and third-level data according to the confidentiality degree of the data, and storing the first-level data, the second-level data and the third-level data into corresponding first-level servers, second-level servers and third-level servers;
detecting the security level of the client, if the security level of the client is high, establishing connection between the client and the first route, and accessing the first level server, the second level server and the third level server; if the security level of the client is medium and low, establishing connection between the client and the second route, and accessing the first level server and the second level server; if the security level of the client is detected to be dangerous, connecting the client to the password endless loop module to enable the client not to access the service;
detecting whether a third-level server with highest illegal access confidentiality degree exists, and if the third-level server with highest illegal access confidentiality degree exists, starting an automatic encryption module to automatically encrypt a database in the third-level server;
and recording the attack behavior in the network and alarming.
As described above, the network security defense system provided in the embodiments of the present invention can ensure the security of important data at the server side and can also avoid potentially dangerous clients.
While embodiments of the invention have been described above, it is not limited to the applications set forth in the description and the embodiments, which are fully applicable in various fields of endeavor to which the invention pertains, and further modifications may readily be made by those skilled in the art, it being understood that the invention is not limited to the details shown and described herein without departing from the general concept defined by the appended claims and their equivalents.

Claims (9)

1. A network security defense system, comprising:
the data confidentiality classification module is used for classifying the data into first-level data, second-level data and third-level data according to the confidentiality degree of the data, and storing the first-level data, the second-level data and the third-level data into corresponding first-level servers, second-level servers and third-level servers;
the first detection module is connected with the client and used for detecting the security level of the client, if the security level of the client is high, the client is connected with the first router, and the first level server, the second level server and the third level server are accessed; if the security level of the client is medium and low, establishing connection between the client and a second router, and accessing the first level server and the second level server; if the security level of the client is detected to be dangerous, connecting the client to a password endless loop module to enable the client not to access the server, wherein the password endless loop module is a module for allowing a user to input a password in an infinite loop manner;
the second detection module is connected with the third-level server with the highest confidentiality degree and used for detecting whether illegal access to the third-level server exists or not;
the automatic encryption module is connected with the database in the third-level server and the second detection module, and if the second detection module detects that illegal access exists, the automatic encryption module is started to automatically encrypt the database in the third-level server;
and the response module is connected with the second detection module and used for recording the attack behavior in the network and giving an alarm.
2. The system of claim 1, wherein the first detection module further comprises a multiple identity authentication module, and if the first detection module detects that the security level of the client is low, the client needs to be connected to the multiple identity authentication module for multiple identity authentication.
3. The system of claim 2, further comprising an automatic logoff module coupled to the first router and the second detection module, wherein the automatic logoff module is enabled to disconnect the first router from the third hierarchical server if the second detection module detects that there is an unauthorized access.
4. The network security defense system of claim 3, further comprising a traffic monitoring module for monitoring data traffic between the client and the server; and if the data flow is higher than a preset threshold value, the flow monitoring module sends out early warning.
5. The system of claim 2, wherein the multiple authentication modules select two or more combined authentication methods for identity authentication for the same user.
6. The network security defense system of claim 3, wherein the illegal attack behavior detected by the second detection module is: port attack, brute force attack, trojan backdoor attack or network worm attack.
7. The system of claim 1, wherein the means for recording the attack behavior in the network comprises: and recording an attack source IP, an attack type, an attack purpose and attack time.
8. The network security defense system of claim 1, further comprising a repair module that, in conjunction with the response module, repairs in accordance with an attack behavior.
9. A network security defense method applied to the network security defense system of claims 1 to 8, characterized by comprising the steps of:
dividing the data into first-level data, second-level data and third-level data according to the confidentiality degree of the data, and storing the first-level data, the second-level data and the third-level data into corresponding first-level servers, second-level servers and third-level servers;
detecting the security level of the client, if the security level of the client is high, establishing connection between the client and the first route, and accessing the first level server, the second level server and the third level server; if the security level of the client is medium and low, establishing connection between the client and the second route, and accessing the first level server and the second level server; if the security level of the client is detected to be dangerous, connecting the client to the password endless loop module to enable the client not to access the service;
detecting whether a third-level server with highest illegal access confidentiality degree exists, and if the third-level server with highest illegal access confidentiality degree exists, starting an automatic encryption module to automatically encrypt a database in the third-level server;
and recording the attack behavior in the network and alarming.
CN201911184171.3A 2019-11-27 2019-11-27 Network security defense system and method thereof Pending CN111224947A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911184171.3A CN111224947A (en) 2019-11-27 2019-11-27 Network security defense system and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911184171.3A CN111224947A (en) 2019-11-27 2019-11-27 Network security defense system and method thereof

Publications (1)

Publication Number Publication Date
CN111224947A true CN111224947A (en) 2020-06-02

Family

ID=70830798

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911184171.3A Pending CN111224947A (en) 2019-11-27 2019-11-27 Network security defense system and method thereof

Country Status (1)

Country Link
CN (1) CN111224947A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8286239B1 (en) * 2008-07-24 2012-10-09 Zscaler, Inc. Identifying and managing web risks
CN105577706A (en) * 2016-03-23 2016-05-11 绵阳博凡科技有限公司 Network safety defense system and method thereof
CN108959966A (en) * 2018-07-16 2018-12-07 九江学院 Cloud platform auditing system based on big data administrative analysis
CN109347830A (en) * 2018-10-23 2019-02-15 中国人民解放军战略支援部队信息工程大学 A kind of network dynamic system of defense and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8286239B1 (en) * 2008-07-24 2012-10-09 Zscaler, Inc. Identifying and managing web risks
CN105577706A (en) * 2016-03-23 2016-05-11 绵阳博凡科技有限公司 Network safety defense system and method thereof
CN108959966A (en) * 2018-07-16 2018-12-07 九江学院 Cloud platform auditing system based on big data administrative analysis
CN109347830A (en) * 2018-10-23 2019-02-15 中国人民解放军战略支援部队信息工程大学 A kind of network dynamic system of defense and method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
周英红 等: "局域网集中管控安全防护系统的实现探究", 《计算机安全》 *
韦安明 等: "广播电视播控系统安全分析与对策研究", 《广播电视与技术》 *

Similar Documents

Publication Publication Date Title
US20210328969A1 (en) Systems and methods to secure api platforms
US8880893B2 (en) Enterprise information asset protection through insider attack specification, monitoring and mitigation
Sandhu et al. A survey of intrusion detection & prevention techniques
EP2347365B1 (en) Method for securely communicating information about the location of a compromised computing device
US7415719B2 (en) Policy specification framework for insider intrusions
US7673147B2 (en) Real-time mitigation of data access insider intrusions
US20090228698A1 (en) Method and Apparatus for Detecting Unauthorized Access to a Computing Device and Securely Communicating Information about such Unauthorized Access
CN113660224A (en) Situation awareness defense method, device and system based on network vulnerability scanning
CN115277490B (en) Network target range evaluation method, system, equipment and storage medium
Kizza System intrusion detection and prevention
Adeleke Intrusion detection: issues, problems and solutions
Agrawal et al. A SURVEY ON ATTACKS AND APPROACHES OF INTRUSION DETECTION SYSTEMS.
KR100825726B1 (en) Apparatus and method for user's privacy ? intellectual property protection of enterprise against denial of information
CN110086812B (en) Safe and controllable internal network safety patrol system and method
CN111556040A (en) Operator data safety sharing method
CN111224947A (en) Network security defense system and method thereof
Brindha et al. An analysis of data leakage and prevention techniques in cloud environment
Lal et al. Data Exfiltration: Preventive and detective countermeasures
CN112000953A (en) Big data terminal safety protection system
KR100447896B1 (en) network security system based on black-board, and method for as the same
CN114844667B (en) Intelligent security analysis management decision system and method based on network equipment
Suroso et al. Cyber Security System With SIEM And Honeypot In Higher Education
Mahalle et al. Trust attacks in internet of things: A new data-centric cybercrime on enterprise use case
KR102671718B1 (en) Weblog new threat detection security system that predicts new intrusions through machine learning
Barhate et al. Automated digital forensic technique with intrusion detection systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200602

RJ01 Rejection of invention patent application after publication