CN111490993B - Application access control security system and method - Google Patents
Application access control security system and method Download PDFInfo
- Publication number
- CN111490993B CN111490993B CN202010285129.7A CN202010285129A CN111490993B CN 111490993 B CN111490993 B CN 111490993B CN 202010285129 A CN202010285129 A CN 202010285129A CN 111490993 B CN111490993 B CN 111490993B
- Authority
- CN
- China
- Prior art keywords
- sdp
- security gateway
- application
- security
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1036—Load balancing of requests to servers for services different from user content provisioning, e.g. load balancing across domain name servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/08—Protocols for interworking; Protocol conversion
Abstract
The invention provides an application access control security system and a method, comprising a terminal, a firewall, a switch and an application system which are sequentially connected with each other, wherein the switch is connected with a security center in parallel, and an SDP security gateway is directly deployed on an application server of the application system; the SDP security gateway is used for monitoring a service port of an application server, carrying out continuous analysis and risk assessment audit on terminal access through multi-source data, and responding to a terminal request according to a result proxy service; the security center is used for analyzing and processing the terminal access request and scheduling the use of the authority control and the security gateway. The invention solves the problems of network transmission risk, access protocol conversion and load balance in the intermediate link from the traditional security gateway to the application server of the user access request.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to an application access control security system and method.
Background
Firstly, accessing a service system under a traditional security architecture needs to isolate an internal network from an external network by means of devices such as a firewall, and an application system is directly mapped to a public network through the firewall, so that the service system is exposed in an untrusted internet environment and may be subjected to more network threats. Secondly, even if the traditional security gateway is used, the scene mainly protects the scene that the user accesses the intranet application system from the internet, but the access of the intranet user is not limited, and meanwhile, the unsafe risk of data transmission from the gateway to the service system exists, so that the probability of network threats such as data leakage and the like of the intranet is increased.
The existing solutions are divided into application scenarios without using a security gateway and application scenarios with a security gateway.
In an application scenario without using a security gateway, often a user administrator directly exposes an intranet service to the internet through means such as port mapping and the like to provide services, and then maps a relevant IP and a port to a public network, so that a hacker can launch an attack by using a self vulnerability of the service system.
Because the prior technical scheme provides proxy service or a tunnel mode for application access control depending on a security gateway, the problem that a user only accesses an intranet application system from the internet, management and control measures for internal personnel to access the application system are lacked, a large amount of hardware security equipment is purchased, and the implementation cost is high is solved. In addition, in the process that a user initiates a request from the internet, the request from the security gateway to the service system has risks of plaintext transmission, traffic hijacking caused by bypassing the security gateway, and the like, for example, traffic is mirrored by using a switch port between the security gateway and the application system, so that security threats such as tampering, identity misuse, and the like are performed. Many business systems are still not designed with HTTPS to enhance application access security, and later modification is difficult to implement.
Meanwhile, the existing security gateway needs to meet the concurrent access scene of a large number of clients of the user by means of third-party load balancing equipment, and for the user, extra load balancing equipment may need to be purchased, so that the burden of an enterprise is increased.
Disclosure of Invention
The invention aims to provide an application access control safety system and a method, which solve the problems of network transmission risk, access protocol conversion and load balance of a user access request from a traditional safety gateway to an application server intermediate link.
The invention provides the following technical scheme:
an application access control security system comprises a terminal, a firewall, a switch and an application system which are sequentially connected with one another, wherein the switch is connected with a security center in parallel, and an SDP security gateway is directly deployed on an application server of the application system;
the SDP security gateway is used for monitoring a service port of an application server, carrying out continuous analysis and risk assessment audit on terminal access through multi-source data, and responding to a terminal request according to a result proxy service; the security center is used for analyzing and processing the terminal access request and scheduling the use of the authority control and the security gateway.
Preferably, the terminal comprises a C/S architecture application, a B/S architecture application and a client, the B/S architecture application accesses an SDP security gateway through a programming interface, the C/S architecture application provides a client software development kit, the client software development kit integrates single-packet authorization, fine authority control and traffic visualization functions of the SDP, and establishes a secure communication link with the SDP security gateway to form a closed-loop secure access space, the client and the SDP security gateway establish a bidirectional TLS connection, the SDP security gateway monitors a service port of an application service, and an agent service responds to a request of the client.
Preferably, the SDP security gateway has SDK or API capabilities of an SDP, and has zero trust security capabilities.
Preferably, the SDP security gateway is further configured to convert the HTTP protocol into the HTTPs protocol.
Preferably, when the SDP security gateway lacks single packet authorization information to identify an identity to the access request packet, a default discarding security policy is adopted when identifying the first received data packet, so as to implement service hiding, and the single packet authorization adopts a UDP port and a single handshake mechanism.
An application access control security method comprising the steps of:
directly deploying an SDP security gateway on an application server, initiating an access request by a user through a terminal, and monitoring a request of the user for accessing a certain service system by the SDP security gateway;
the SDP security gateway establishes connection after recognizing the message, proxies business service data, and accesses an application system after continuously analyzing user access and performing risk assessment audit through multi-source data;
wherein, the user requests to be dispatched through the security center and reasonably distributed to the SDP security gateway.
Preferably, the SDP security gateway terminates the session for abnormal traffic access.
Preferably, the multi-source data includes devices held by the user, network environment, and geographic location.
Preferably, when the SDP security gateway lacks single packet authorization information to identify an identity to the access request packet, a default discarding security policy is adopted when identifying the first received data packet.
Preferably, when the SDP security gateway receives the user request as HTTP protocol, it automatically converts it into HTTPs protocol in the proxy process.
The invention has the beneficial effects that: the SDP security gateway is moved backwards and directly deployed on a physical server or a virtual machine running an application system, so that the position of a user when the user accesses the internal application system is not distinguished, namely, no matter an access request from the internet or a request initiated from an organization intranet needs to pass through the SDP security gateway, the safety concept of a zero trust architecture is met, end-to-end data full-flow safety encryption from a user end to a service end is really realized, and the risk of network transmission of the user access request from a traditional security gateway to an intermediate link of the application server is solved; in addition, the SDP security gateway is moved backwards, so that the technical problems of access protocol conversion, load balancing and the like are solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic diagram of a system architecture for accessing B/S architecture applications;
FIG. 2 is a schematic diagram of a system architecture for accessing the application of the C/S architecture;
fig. 3 is a schematic diagram illustrating monitoring of the SDP security gateway backward movement service;
fig. 4 is an interaction diagram of the client of the present invention migrating backward with the SDP security gateway;
fig. 5 is a schematic diagram of load balancing implemented based on the SDP security gateway in the present invention.
Detailed Description
As shown in fig. 1 and fig. 2, an application access control security system implements encryption and access control for a user access process through direct deployment of an AH (SDP security gateway) on a user application server, interception of an application service port by the AH (SDP security gateway) and reception of a service request, unlike security protection on a network side or an operating system side, where all access requests and traffic flow need to pass through the AH (SDP security gateway).
The invention simultaneously supports the safe access of the native C/S architecture application and the B/S architecture application of the user. As shown in fig. 1, the B/S framework application establishes a secure access channel by accessing an AH (SDP security gateway) that also integrates APIs through the APIs (application programming interface). As shown in fig. 2, a single-package authorization capability of an SDK (client software development kit) integrated with an authority control capability and a traffic visualization capability of an SDP is provided for a C/S architecture application, and a secure communication link with an AH (SDP security gateway) is established, so that a closed-loop secure access space is formed. The architecture is as shown in fig. 1, an AH (SDP security gateway) is directly deployed in the running environment of an application system, a user access establishes a bidirectional TLS connection from a terminal to the AH (SDP security gateway), the AH (SDP security gateway) listens to a service port of an application service, and a proxy service responds to the request of the user to ensure end-to-end encryption of data traffic in a network.
The AH (SDP security gateway) of the present invention, by running on the service server, can replace the service server to monitor the service port of the service, for example, the AH replaces the service server to monitor the service port such as 80 port, when the user requests the service port, the AH (SDP security gateway) responds to the request and captures the user access request through API (application programming interface) or SDK (client software development kit), and initiates the request to the service system to obtain the service data, so as to achieve the purpose of drainage. The user uses the Client to access, the AH (SDP security gateway) has SDK or API capability of the SDP and zero trust security capability, and any unauthorized user can bypass other security devices in the network, but all traffic is intercepted by the AH (SDP security gateway) and cannot bypass the AH (SDP security gateway) to initiate network attack.
If the application system of the organization does not have the condition of safe access, such as the application adopting HTTP protocol, the protocol conversion of HTTPS is realized by AH (SDP security gateway).
As shown in fig. 3, a user accesses an application system through a client, an access request of the user is analyzed and processed through a security hub, and the security hub performs authority control and AH (SDP security gateway) scheduling on the user, thereby achieving the purpose of protecting the application system of the user.
An AH (SDP security gateway) is used as an execution point of a security policy, and is provided with modules for service monitoring, traffic hijacking, continuous monitoring and the like, access requests from any terminal are received by default, the access requests comprise trusted traffic and unauthorized traffic, all the access requests are intercepted by the AH (SDP security gateway), for the access requests which do not use clients (clients: containing servers and agents), as the message lacks SPA (single packet authorization) information to mark identities, the AH (SDP security gateway) adopts the default discarded security policy when identifying the first received data packet, and the service is hidden, and meanwhile, the SPA (single packet authorization) adopted by the invention adopts a UDP port and single-handshake mechanism, occupies small network resources, thereby effectively protecting various typical DDoS attack means, including HTTP Flood, SYN, UDP Reflection and the like.
The interaction flow is as shown in fig. 4, a user initiates an access request through a Client, monitors a request of the user for accessing a certain service system through an AH (SDP security gateway) in the step (i), establishes an mTLS connection after identifying an SPA message in the step (ii), and proxies service data through the AH (SDP security gateway), so that the user can normally access the service system. And step three, performing continuous analysis and risk assessment on the user access by the AH (SDP security gateway) through multi-source data in the whole access process, wherein the data source comprises the contents of equipment, network environment, geographical position and the like held by the user. And for the abnormal traffic AH (SDP security gateway), the session is terminated through the fifth step. The invention also comprises a log auditing function, which helps the administrator audit the compliance of the user service access process.
As shown in fig. 5, the user requests are scheduled by Brain (security backbone), and reasonably allocated to AH (SDP security gateway), and in case of access by a large number of access requests, traffic is intelligently allocated to different afs, so as to realize load scheduling of the service system. By deploying in application systems AH1, AH2, AH3, Brain assigns traffic to different AH (SDP security gateways) when it receives a user request, reducing traffic system stress, improving user experience, while reducing the cost of organizing the traffic load.
In the invention, the AH (SDP) security gateway is moved backwards and is directly deployed on the protected application server, and the AH (SDP) security gateway and the service server are deeply fused, so that the organization is helped to realize the management and control of the access flow of the internal and external networks with the minimum cost, and the aim of full-flow encryption of data is fulfilled. In addition, the service capability of the application system can be optimized without increasing the purchasing cost of the organization, such as the realization load and the protocol transformation of the application system. Meanwhile, based on an SDP (software defined boundary) model, the invention realizes the upgrade of the security access protocol and the service load of the application system by utilizing a load mechanism of an AH (SDP security gateway) in a low-cost mode, thereby improving the user experience and ensuring that the user improves the security and the reliability of the application system with lower cost.
Although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (2)
1. An application access control security system is characterized by comprising a terminal, a firewall, a switch and an application system which are sequentially connected with one another, wherein the switch is connected with a security center in parallel, and an SDP security gateway is directly deployed on an application server of the application system;
the SDP security gateway is used for monitoring a service port of an application server, carrying out continuous analysis and risk assessment audit on terminal access through multi-source data, and responding to a terminal request according to a result proxy service; the security center is used for analyzing and processing the terminal access request and scheduling the use of the authority control and the security gateway;
the SDP security gateway is also used for converting the HTTP protocol into the HTTPS protocol; when the SDP security gateway lacks single-packet authorization information to mark an identity to an access request message, a default discarding security strategy is adopted when a received first data packet is identified to realize service hiding, and the single-packet authorization adopts a UDP port and a single handshake mechanism;
the terminal comprises a C/S architecture application, a B/S architecture application and a client, wherein the B/S architecture application accesses an SDP security gateway through a programming interface, the C/S architecture application provides a client software development kit, the client software development kit integrates the functions of single-package authorization, fine authority control and flow visualization of the SDP, and establishes a secure communication link with the SDP security gateway to form a closed-loop secure access space, the client and the SDP security gateway establish a bidirectional TLS connection, the SDP security gateway monitors a service port of an application service, and an agent service responds to a request of the client;
the SDP security gateway has SDK or API capability of the SDP and zero trust security capability.
2. An application access control security method, comprising the steps of:
directly deploying an SDP security gateway on an application server, initiating an access request by a user through a terminal, and monitoring a request of the user for accessing a certain service system by the SDP security gateway;
the SDP security gateway establishes connection after recognizing the message, proxies business service data, and accesses an application system after continuously analyzing user access and performing risk assessment audit through multi-source data;
the user requests to be dispatched through a security center and reasonably allocated to an SDP security gateway;
the SDP security gateway terminates the session for the abnormal flow access;
the multi-source data comprises equipment held by a user, a network environment and a geographic position;
when the SDP security gateway lacks single-packet authorization information to mark an identity to an access request message, a default discarded security policy is adopted when a received first data packet is identified;
when the SDP security gateway receives the user request as the HTTP protocol, the SDP security gateway automatically converts the user request into the HTTPS protocol in the proxy process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010285129.7A CN111490993B (en) | 2020-04-13 | 2020-04-13 | Application access control security system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010285129.7A CN111490993B (en) | 2020-04-13 | 2020-04-13 | Application access control security system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111490993A CN111490993A (en) | 2020-08-04 |
| CN111490993B true CN111490993B (en) | 2021-03-30 |
Family
ID=71798145
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010285129.7A Active CN111490993B (en) | 2020-04-13 | 2020-04-13 | Application access control security system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111490993B (en) |
Families Citing this family (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112016073B (en) * | 2020-08-31 | 2023-12-19 | 北京中软华泰信息技术有限责任公司 | Construction method of server zero trust connection architecture |
| CN112565215A (en) * | 2020-11-25 | 2021-03-26 | 电信科学技术第十研究所有限公司 | REST application architecture and construction method based on distributed service agent |
| CN112822158B (en) * | 2020-12-25 | 2022-11-11 | 奇安信科技集团股份有限公司 | Network access method and device, electronic equipment and storage medium |
| CN113194044B (en) * | 2021-05-20 | 2023-01-03 | 深圳市联软科技股份有限公司 | Intelligent flow distribution method and system based on enterprise security |
| CN113311805B (en) * | 2021-05-21 | 2022-07-05 | 上海振华重工(集团)股份有限公司 | Zero trust network access control method for automatic port bridge crane operation system |
| CN113422768B (en) * | 2021-06-21 | 2022-05-31 | 深圳竹云科技有限公司 | Application access method and device in zero trust and computing equipment |
| CN113596009B (en) * | 2021-07-23 | 2023-03-24 | 中国联合网络通信集团有限公司 | Zero trust access method, system, zero trust security proxy, terminal and medium |
| CN113794707A (en) * | 2021-09-07 | 2021-12-14 | 中科星启(北京)科技有限公司 | Implementation method of north-south micro-isolation architecture |
| CN114039750B (en) * | 2021-10-26 | 2023-11-10 | 中电鸿信信息科技有限公司 | Implementation method for protecting SDP controller |
| CN113992328A (en) * | 2021-10-27 | 2022-01-28 | 北京房江湖科技有限公司 | Zero trust transport layer flow authentication method, device and storage medium |
| CN114124477B (en) * | 2021-11-05 | 2024-04-05 | 深圳市联软科技股份有限公司 | Business service system and method |
| CN114640495B (en) * | 2021-11-15 | 2023-03-17 | 江苏云涌电子科技股份有限公司 | Zero-trust single-packet authentication system and method based on universal browser |
| CN114143056B (en) * | 2021-11-24 | 2024-04-05 | 上海派拉软件股份有限公司 | Terminal access method and device, electronic equipment and storage medium |
| CN114531348A (en) * | 2022-01-07 | 2022-05-24 | 上海安几科技有限公司 | Network communication method, device, terminal and storage medium based on zero trust technology |
| CN114401327A (en) * | 2022-03-03 | 2022-04-26 | 安徽省广播电视监测台 | Service hiding architecture based on zero trust model and implementation method |
| CN114697230B (en) * | 2022-03-18 | 2023-12-15 | 国网浙江省电力有限公司绍兴市上虞区供电公司 | Zero trust-based energy station safety monitoring system and method |
| CN114844758A (en) * | 2022-04-12 | 2022-08-02 | 国网湖北省电力有限公司信息通信公司 | SDP-based technical architecture system and construction method of power Internet of things |
| CN114915534B (en) * | 2022-04-22 | 2023-06-16 | 中国人民解放军战略支援部队信息工程大学 | Trust enhancement-oriented network deployment architecture and network access method thereof |
| CN114844898A (en) * | 2022-04-29 | 2022-08-02 | 中国光大银行股份有限公司 | Internet access method, device and system |
| CN115189904A (en) * | 2022-05-06 | 2022-10-14 | 国网湖北省电力有限公司信息通信公司 | SDP-based power Internet of things and networking method |
| CN115065564B (en) * | 2022-08-18 | 2022-11-01 | 天津天元海科技开发有限公司 | Access control method based on zero trust mechanism |
| CN116938603B (en) * | 2023-09-15 | 2023-12-05 | 杭州安恒信息技术股份有限公司 | Traffic transmission method, device, equipment and storage medium based on stealth gateway |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103095778A (en) * | 2011-11-07 | 2013-05-08 | 北京知道创宇信息技术有限公司 | Web application firewall and web application safety protection method |
| US8484241B2 (en) * | 2010-10-29 | 2013-07-09 | Russell Kent Bouse | Systems and methods to consolidate and communicate user profiles and modality preferences information for content delivery or interaction experiences |
| CN103927489A (en) * | 2014-04-22 | 2014-07-16 | 陈幼雷 | System and method for trusted storage of data |
| CN104753930A (en) * | 2015-03-17 | 2015-07-01 | 成都盛思睿信息技术有限公司 | Cloud desktop management system based on security gateway and security access control method thereof |
| CN110059110A (en) * | 2019-04-12 | 2019-07-26 | 北京百度网讯科技有限公司 | Business datum security processing, device, computer equipment and storage medium |
| CN110336794A (en) * | 2019-06-10 | 2019-10-15 | 平安科技(深圳)有限公司 | A kind of Intranet access method, system and relevant apparatus |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008057729A2 (en) * | 2006-10-16 | 2008-05-15 | Hospira, Inc. | System and method for comparing and utilizing activity information and configuration information from mulitple device management systems |
-
2020
- 2020-04-13 CN CN202010285129.7A patent/CN111490993B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8484241B2 (en) * | 2010-10-29 | 2013-07-09 | Russell Kent Bouse | Systems and methods to consolidate and communicate user profiles and modality preferences information for content delivery or interaction experiences |
| CN103095778A (en) * | 2011-11-07 | 2013-05-08 | 北京知道创宇信息技术有限公司 | Web application firewall and web application safety protection method |
| CN103927489A (en) * | 2014-04-22 | 2014-07-16 | 陈幼雷 | System and method for trusted storage of data |
| CN104753930A (en) * | 2015-03-17 | 2015-07-01 | 成都盛思睿信息技术有限公司 | Cloud desktop management system based on security gateway and security access control method thereof |
| CN110059110A (en) * | 2019-04-12 | 2019-07-26 | 北京百度网讯科技有限公司 | Business datum security processing, device, computer equipment and storage medium |
| CN110336794A (en) * | 2019-06-10 | 2019-10-15 | 平安科技(深圳)有限公司 | A kind of Intranet access method, system and relevant apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111490993A (en) | 2020-08-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111490993B (en) | Application access control security system and method | |
| Andy et al. | Attack scenarios and security analysis of MQTT communication protocol in IoT system | |
| AU2018307756B2 (en) | Efficient SSL/TLS proxy | |
| US6529513B1 (en) | Method of using static maps in a virtual private network | |
| US8443190B2 (en) | Method for securing a two-way communications channel and device for implementing said method | |
| US7809126B2 (en) | Proxy server for internet telephony | |
| Liyanage et al. | Enhancing security of software defined mobile networks | |
| EP2909988B1 (en) | Unidirectional deep packet inspection | |
| WO2013173429A1 (en) | Transport layer security traffic control using service name identification | |
| US20090113517A1 (en) | Security state aware firewall | |
| CN113824791B (en) | Access control method, device, equipment and readable storage medium | |
| CN115989661A (en) | Securing control and user plane separation in a mobile network | |
| US20210160217A1 (en) | Secure Controlled Access To Protected Resources | |
| Guenane et al. | Reducing DDoS attacks impact using a hybrid cloud-based firewalling architecture | |
| CN115549932A (en) | Safety access system and access method for massive heterogeneous Internet of things terminals | |
| Ashutosh | An insight in to network traffic analysis using packet sniffer | |
| CN105518693A (en) | Safety protection method and device | |
| Moriarty et al. | Effects of pervasive encryption on operators | |
| Akbaş et al. | A preliminary survey on the security of software-defined networks | |
| Ackermann et al. | Vulnerabilities and Security Limitations of current IP Telephony Systems | |
| KR20210001728A (en) | Ship security system for Ethernet network based ship network protection. | |
| CN114465744A (en) | Safety access method and network firewall system | |
| KR100539760B1 (en) | System and method for inducing installing agent using internet access control | |
| van Oorschot et al. | Firewalls and tunnels | |
| Moriarty et al. | RFC 8404: Effects of pervasive encryption on operators |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |