CN111339526A - USB disk encryption method for enterprise information security - Google Patents
USB disk encryption method for enterprise information security Download PDFInfo
- Publication number
- CN111339526A CN111339526A CN202010098047.1A CN202010098047A CN111339526A CN 111339526 A CN111339526 A CN 111339526A CN 202010098047 A CN202010098047 A CN 202010098047A CN 111339526 A CN111339526 A CN 111339526A
- Authority
- CN
- China
- Prior art keywords
- usb
- installation
- client
- log
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000009434 installation Methods 0.000 claims abstract description 33
- 238000012423 maintenance Methods 0.000 claims abstract description 7
- 238000007726 management method Methods 0.000 claims description 28
- 238000013475 authorization Methods 0.000 claims description 4
- 230000006978 adaptation Effects 0.000 claims description 3
- 230000002155 anti-virotic effect Effects 0.000 claims description 3
- 238000012550 audit Methods 0.000 claims description 3
- 238000013461 design Methods 0.000 claims description 3
- 238000012216 screening Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a USB disk encryption method for enterprise information security, which comprises the following steps of S1, installation approach, the USB port management and control system provides a plurality of installation modes to facilitate the installation and maintenance of users, namely: local installation, Web installation, remote push installation and Windows-based shared installation, and client installation is carried out according to the optimal installation mode adapted by enterprises. In the client performance, the CPU occupancy rate is less than 0.1%, the memory occupancy rate is less than 3M, the network bandwidth occupancy rate of the network performance is less than 1%, the network management can be simplified for users, the performance bottleneck caused by gateway equipment is avoided, the security mode can also be used for supervision, the supervision capability of the system cannot be damaged no matter illegal operations such as closing the process, forbidding/starting the equipment, stopping service, clearing a registry, deleting related files and the like, the system is completely hidden after self-encryption, and people trying to attack the system lose the attack target.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a USB disk encryption method for enterprise information security.
Background
In recent years, the frequency of information leakage events is increasing, and the loss and influence on governments and enterprises are expanding, and firewalls, IDS, intranet and extranet isolation and other access control systems aiming at external networks can effectively prevent attacks from the outside of the network, but no good precaution measures are provided for the information confidentiality problem inside the enterprise, because insiders can easily leak confidential information in computers out through the network, a storage medium or a printing mode.
With the recent prevalence of portable devices (such as a USB disk, a mobile hard disk, a mobile recorder, and other storage devices using USB ports) mainly using USB ports, disclosure of secret through the USB ports is an important way for information leakage in the internal network of a computer, and many experts believe that the potential safety hazards of these devices exceed the convenience of their work.
Disclosure of Invention
Based on the technical problems in the background art, the invention provides a USB disk encryption method for enterprise information security.
The invention provides a USB disk encryption method for enterprise information security, which comprises the following steps:
s1: the installation method comprises the following steps: this USB port management and control system provides multiple mounting means to make things convenient for user's installation and maintenance, promptly: local installation, Web installation, remote push installation and Windows-based shared installation, and client installation is carried out according to the optimal installation mode adapted by enterprises;
s2: and (3) registration and authorization: the USB port management and control system can register and authorize the office USB flash disk, the authorized office USB flash disk can be used under the condition that the USB default authority is blocked, the unauthorized USB flash disk cannot be used, and the registered identification is divided into four authorities: release, read only, write only, block;
s3: and (3) permission setting: all clients are remotely controlled by a server, the read-write permission of USB ports of all clients can be remotely set through a console, a system administrator can add an administrator, set users and computers to be managed and configure specific permission, so that the division of labor is clear, and the management part of the computer can realize management through grouping and independent setting of the clients;
s4: log audit: the log record is used for recording the operation log of the administrator console and the log of the USB storage device used by the end user in detail, and comprises the following steps: the system comprises a system user log, a client USB plug log, a client file operation log and a client online and offline log;
s5: file backup: after the file backup function is started, the terminal automatically uploads and backs up files copied from the terminal to the USB mobile storage to a server machine (a backup path can be checked on a console), so that an administrator can not only see file names copied by employees, but also copy file contents;
s6: maintaining a database: 1. all log information operated by the console and the client is written into a database, and a lot of data can be accumulated by the data in the database day by day and month, and management and maintenance are performed; 2. the backed-up files are backed up on the server, and are accumulated to a certain amount and pushed to a management end for screening treatment;
s7: the system adaptation range is as follows: the USSE can control equipment such as a U disk, a USB card reader, an SD card, a mobile hard disk, a recorder and a WINCE mobile phone which are accessed to a client machine, can control equipment such as infrared, Bluetooth, 1394, 3G network cards, printers and wireless network cards which are arranged outside the client, and thoroughly avoids leakage of information data of the client machine.
Preferably, the definitions of the four rights in S2 are, respectively, pass: the mobile equipment of the client is not limited, and can be randomly read and written as the case when the USSE is not installed, but all operations are recorded by the server log; reading only: the client cannot write any file into the mobile storage device, but allows the file to be viewed and read; write only: the method can only write the personal file into the mobile storage device, does not allow the personal file to be copied out, and does not allow the content of the file in the mobile storage device to be viewed; stopping: the client cannot read and write any files, and the USSE prohibits the mobile storage device from accessing the computer.
Preferably, the USB port management and control system is compatible with an operating system such as Windows10/8/7/Vista/XP/2003/2000, and the operating system supports simplified Chinese, traditional Chinese and English versions.
Preferably, the USB port control system is compatible with antivirus software such as Norton, Trends, Anboshi, Switzerland, Kabaski, Jinshan and the like.
Preferably, the USB port management and control system is compatible with various financial software, ERP software, engineering software, and design tool software.
The beneficial effects of the invention are as follows:
1. in the USB disk encryption method for enterprise information security, the software interface function is embodied in that an administrator can manage all host USB ports in the whole network to support remote cross-wide area network management, the CPU occupancy rate in the client performance is less than 0.1 percent, the memory occupancy rate is less than 3M, the network bandwidth occupancy rate in the network performance is less than 1 percent, the network management can be simplified for users, and the performance bottleneck caused by gateway equipment is avoided;
2. in the USB disk encryption method for enterprise information security, the security mode can be supervised, the system supervision capability cannot be damaged no matter illegal operations such as process closing, equipment forbidding/starting, service stopping, registry clearing, relevant file deleting and the like, the system is completely hidden after self encryption, a person trying to attack the system loses an attack target, and the system can self repair even if a module of the system is damaged.
Drawings
FIG. 1 is a user authentication topology diagram of a USB disk encryption method for enterprise information security according to the present invention;
fig. 2 is a topological diagram of the registration authorization of the USB disk encryption method for enterprise information security according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1, a method for encrypting enterprise information security by using a USB disk includes the following steps:
s1: the installation method comprises the following steps: this USB port management and control system provides multiple mounting means to make things convenient for user's installation and maintenance, promptly: local installation, Web installation, remote push installation and Windows-based shared installation, and client installation is carried out according to the optimal installation mode adapted by enterprises;
s2: and (3) registration and authorization: the USB port management and control system can register and authorize the office USB flash disk, the authorized office USB flash disk can be used under the condition that the USB default authority is blocked, the unauthorized USB flash disk cannot be used, and the registered identification is divided into four authorities: release, read only, write only, block;
s3: and (3) permission setting: all clients are remotely controlled by a server, the read-write permission of USB ports of all clients can be remotely set through a console, a system administrator can add an administrator, set users and computers to be managed and configure specific permission, so that the division of labor is clear, and the management part of the computer can realize management through grouping and independent setting of the clients;
s4: log audit: the log record is used for recording the operation log of the administrator console and the log of the USB storage device used by the end user in detail, and comprises the following steps: the system comprises a system user log, a client USB plug log, a client file operation log and a client online and offline log;
s5: file backup: after the file backup function is started, the terminal automatically uploads and backs up files copied from the terminal to the USB mobile storage to a server machine (a backup path can be checked on a console), so that an administrator can not only see file names copied by employees, but also copy file contents;
s6: maintaining a database: 1. all log information operated by the console and the client is written into a database, and a lot of data can be accumulated by the data in the database day by day and month, and management and maintenance are performed; 2. the backed-up files are backed up on the server, and are accumulated to a certain amount and pushed to a management end for screening treatment;
s7: the system adaptation range is as follows: the USSE can control equipment such as a U disk, a USB card reader, an SD card, a mobile hard disk, a recorder and a WINCE mobile phone which are accessed to a client machine, can control equipment such as infrared, Bluetooth, 1394, 3G network cards, printers and wireless network cards which are arranged outside the client, and thoroughly avoids leakage of information data of the client machine.
In the present invention, the definitions of the four rights in S2 are, respectively, release: the mobile equipment of the client is not limited, and can be randomly read and written as the case when the USSE is not installed, but all operations are recorded by the server log; reading only: the client cannot write any file into the mobile storage device, but allows the file to be viewed and read; write only: the method can only write the personal file into the mobile storage device, does not allow the personal file to be copied out, and does not allow the content of the file in the mobile storage device to be viewed; stopping: the client cannot read and write any files, and the USSE prohibits the mobile storage device from accessing the computer. In the client performance, the occupancy rate of a CPU is less than 0.1%, the occupancy rate of a memory is less than 3M, the occupancy rate of the network bandwidth of the network performance is less than 1%, the network management can be simplified for a user, and the performance bottleneck caused by gateway equipment is avoided; the USB port management and control system can be compatible with an operating system such as Windows10/8/7/Vista/XP/2003/2000, and the operating system supports simplified Chinese, traditional Chinese and English versions. The USB port control system can be compatible with anti-virus software such as Norton, Trends, Anboshi, Switzerland, Kabaski, Jinshan and the like. The USB port management and control system can be compatible with application engineering software including various financial software, ERP software, engineering class and design class tool software.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (5)
1. A USB disk encryption method for enterprise information security is characterized by comprising the following steps:
s1: the installation method comprises the following steps: this USB port management and control system provides multiple mounting means to make things convenient for user's installation and maintenance, promptly: local installation, Web installation, remote push installation and Windows-based shared installation, and client installation is carried out according to the optimal installation mode adapted by enterprises;
s2: and (3) registration and authorization: the USB port management and control system can register and authorize the office USB flash disk, the authorized office USB flash disk can be used under the condition that the USB default authority is blocked, the unauthorized USB flash disk cannot be used, and the registered identification is divided into four authorities: release, read only, write only, block;
s3: and (3) permission setting: all clients are remotely controlled by a server, the read-write permission of USB ports of all clients can be remotely set through a console, a system administrator can add an administrator, set users and computers to be managed and configure specific permission, so that the division of labor is clear, and the management part of the computer can realize management through grouping and independent setting of the clients;
s4: log audit: the log record is used for recording the operation log of the administrator console and the log of the USB storage device used by the end user in detail, and comprises the following steps: the system comprises a system user log, a client USB plug log, a client file operation log and a client online and offline log;
s5: file backup: after the file backup function is started, the terminal automatically uploads and backs up files copied from the terminal to the USB mobile storage to a server machine (a backup path can be checked on a console), so that an administrator can not only see file names copied by employees, but also copy file contents;
s6: maintaining a database: 1. all log information operated by the console and the client is written into a database, and a lot of data can be accumulated by the data in the database day by day and month, and management and maintenance are performed; 2. the backed-up files are backed up on the server, and are accumulated to a certain amount and pushed to a management end for screening treatment;
s7: the system adaptation range is as follows: the USSE can control equipment such as a U disk, a USB card reader, an SD card, a mobile hard disk, a recorder and a WIN CE mobile phone which are accessed to a client machine, can control equipment such as infrared, Bluetooth, 1394, a 3G network card, a printer and a wireless network card which are arranged outside the client, and thoroughly prevents information data of the client machine from leaking.
2. The method for encrypting the USB disk for the enterprise information security according to claim 1, wherein the four permissions in S2 are defined as, pass: the mobile equipment of the client is not limited, and can be randomly read and written as the case when the USSE is not installed, but all operations are recorded by the server log; reading only: the client cannot write any file into the mobile storage device, but allows the file to be viewed and read; write only: the method can only write the personal file into the mobile storage device, does not allow the personal file to be copied out, and does not allow the content of the file in the mobile storage device to be viewed; stopping: the client cannot read and write any files, and the USSE prohibits the mobile storage device from accessing the computer.
3. The USB disk encryption method for enterprise information security as claimed in claim 1, wherein the USB port management and control system is compatible with the operating system Windows10/8/7/Vista/XP/2003/2000, and the operating system supports simplified Chinese, traditional Chinese and English versions.
4. The method for encrypting the USB disk for the enterprise information security according to claim 1, wherein the USB port management and control system is compatible with anti-virus software such as Norton, Trends, An doctor, Switzerland, Kabaski, Jinshan, etc.
5. The USB disk encryption method for enterprise information security as claimed in claim 1, wherein the USB port management and control system compatible application engineering software includes various financial software, ERP software, engineering software and design tool software.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010098047.1A CN111339526A (en) | 2020-02-18 | 2020-02-18 | USB disk encryption method for enterprise information security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010098047.1A CN111339526A (en) | 2020-02-18 | 2020-02-18 | USB disk encryption method for enterprise information security |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111339526A true CN111339526A (en) | 2020-06-26 |
Family
ID=71181694
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010098047.1A Pending CN111339526A (en) | 2020-02-18 | 2020-02-18 | USB disk encryption method for enterprise information security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111339526A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112836203A (en) * | 2021-02-03 | 2021-05-25 | 中标软件有限公司 | Method for realizing android system equipment management and control based on kernel customization |
| CN116383901A (en) * | 2023-06-02 | 2023-07-04 | 北京网藤科技有限公司 | U disk management system for preventing U disk data from being divulged |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101923678A (en) * | 2010-07-30 | 2010-12-22 | 武汉天喻信息产业股份有限公司 | Data security protection method of enterprise management software |
| CN110059064A (en) * | 2019-03-20 | 2019-07-26 | 北京字节跳动网络技术有限公司 | Journal file processing method, device and computer readable storage medium |
-
2020
- 2020-02-18 CN CN202010098047.1A patent/CN111339526A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101923678A (en) * | 2010-07-30 | 2010-12-22 | 武汉天喻信息产业股份有限公司 | Data security protection method of enterprise management software |
| CN110059064A (en) * | 2019-03-20 | 2019-07-26 | 北京字节跳动网络技术有限公司 | Journal file processing method, device and computer readable storage medium |
Non-Patent Citations (3)
| Title |
|---|
| 裔睿: "非涉密移动存储介质管控系统建设研究——政府部门USB端口管控系统建设案例", 《软件导刊》 * |
| 霞光万丈: "防止USB接口泄密", 《个人电脑》 * |
| 高秀霞: "如何控制好您的USB端口", 《办公自动化》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112836203A (en) * | 2021-02-03 | 2021-05-25 | 中标软件有限公司 | Method for realizing android system equipment management and control based on kernel customization |
| CN116383901A (en) * | 2023-06-02 | 2023-07-04 | 北京网藤科技有限公司 | U disk management system for preventing U disk data from being divulged |
| CN116383901B (en) * | 2023-06-02 | 2023-09-01 | 北京网藤科技有限公司 | U disk management system for preventing U disk data from being divulged |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101572660B (en) | Comprehensive control method for preventing leakage of data | |
| CN101952809B (en) | Computer storage device having separate read-only space and read-write space, removable media component, system management interface, and network interface | |
| EP1860590B1 (en) | Posture-based data protection | |
| KR101012222B1 (en) | Electronic computer data management method, and storing medium storing the program for the method | |
| EP1977364B1 (en) | Securing data in a networked environment | |
| CN102948114B (en) | Single for accessing enciphered data uses authentication method and system | |
| CA2738466C (en) | Apparatus for shielding sensitive file, server computer of the same, method and computer program product for the same | |
| US8805741B2 (en) | Classification-based digital rights management | |
| CN103632080A (en) | Mobile data application safety protection system and mobile data application safety protection method based on USBKey | |
| CN201682524U (en) | Document transfer authority control system based on document filtering driver | |
| CN101635018A (en) | Method of safety ferriage of USB flash disk data | |
| US20080263630A1 (en) | Confidential File Protecting Method and Confidential File Protecting Device for Security Measure Application | |
| CN102799539A (en) | Safe USB flash disk and data active protection method thereof | |
| CN112329050A (en) | File security management terminal and system | |
| JP4044126B1 (en) | Information leakage prevention device, information leakage prevention program, information leakage prevention recording medium, and information leakage prevention system | |
| RU2434283C1 (en) | System for protecting information containing state secrets from unauthorised access | |
| CN111339526A (en) | USB disk encryption method for enterprise information security | |
| CN111488597B (en) | Safety audit system suitable for cross-network safety area | |
| CN111539042A (en) | Safe operation method based on trusted storage of core data files | |
| RU2443017C1 (en) | System of data protection from unauthorized access to the data that constitutes national security information | |
| KR20020005401A (en) | Total system for preventing information outflow from inside | |
| CN111291429B (en) | Data protection method and system | |
| CN111324900A (en) | Anti-disclosure system for enterprise data security | |
| RU2504835C1 (en) | System for protecting information containing state secrets from unauthorised access | |
| JP2006350547A (en) | Security system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200626 |
|
| RJ01 | Rejection of invention patent application after publication |