CN111526150A - Zero-trust automation rule releasing platform and releasing method for single-cluster or multi-cluster cloud computer remote operation and maintenance port - Google Patents
Zero-trust automation rule releasing platform and releasing method for single-cluster or multi-cluster cloud computer remote operation and maintenance port Download PDFInfo
- Publication number
- CN111526150A CN111526150A CN202010348127.8A CN202010348127A CN111526150A CN 111526150 A CN111526150 A CN 111526150A CN 202010348127 A CN202010348127 A CN 202010348127A CN 111526150 A CN111526150 A CN 111526150A
- Authority
- CN
- China
- Prior art keywords
- cluster
- port
- user account
- address
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012423 maintenance Methods 0.000 title claims abstract description 51
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000012795 verification Methods 0.000 claims abstract description 45
- 230000003993 interaction Effects 0.000 claims abstract description 8
- 238000004891 communication Methods 0.000 claims description 6
- 230000007246 mechanism Effects 0.000 abstract description 5
- 238000010276 construction Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000010405 clearance mechanism Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012858 packaging process Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a zero-trust automation rule releasing platform and a releasing method for a remote operation and maintenance port of a single-cluster or multi-cluster cloud computer, wherein the releasing platform comprises a verification end, a server end, a client end and a database, both the verification end and the server end can perform data interaction with the database, the client end is used for sending request user account information and an authentication password, the verification end is used for comparing the request user account information and the authentication password with data prestored in the database, reading an IP address and port information of the server end prestored in the database and acquiring the IP address of the request client end, and the server end is used for receiving the IP address of the request client end and the port information of the server end and uniquely releasing the IP address of the request client end of a corresponding port. The invention adds a layer of authentication mechanism for the internal and external network security of the remote operation and maintenance port, and simplifies the security clearance method of the remote operation and maintenance port.
Description
Technical Field
The invention relates to the field of virtualization networks, in particular to a single-cluster or multi-cluster cloud computer remote operation and maintenance port zero-trust automation rule releasing platform.
Background
With the increasing maturity of computer virtualization technology, a large amount of deployment and application of cloud computers, and the opening of remote operation and maintenance ports become the very need of cloud operation and maintenance work. In an increasingly complex network security environment, great security and operation and maintenance challenges are brought to large-scale deployment of cloud computers. Once the remote operation and maintenance port of the computer is opened, potential safety hazards are brought to the system, once any computer in the cloud is attacked by a hacker, other cloud computers in the same network segment are in a dangerous environment all the time.
To realize image interaction, operation and maintenance between the terminal and the cloud, a communication port must be opened at the cloud terminal. Once the port is opened, potential safety hazards are brought to all the systems in the cloud. In recent years, many organizations and enterprises at home and abroad suffer from network security events such as wild attacks and lassos similar to lasso virus, and system user passwords suffer from violent cracking, so that great risks are brought to information and data security. Meanwhile, the method brings unprecedented new challenges to IT operation and maintenance personnel.
In the prior art, the black-and-white list rule of the IP security policy is manually deployed, and other methods such as VPN two-factor authentication and port number modification are adopted. While security defense within the scope of rules can be achieved, automated zero trust clearance mechanisms are lacking.
And the manual deployment rule only adapts to small-scale IT deployment and operation and maintenance with weak mobility, and for large-scale deployment and service such as private cloud computers with strong mobility requirements, if other methods such as manual black-and-white list security policy setting or VPN authentication are adopted, the security mobility of the cloud computers is limited, the working efficiency of IT operation and maintenance personnel is reduced, and the labor cost of security defense is increased.
Disclosure of Invention
Aiming at the problems, the invention provides a zero-trust automation rule releasing platform for a single-cluster or multi-cluster cloud computer remote operation and maintenance port, which adds a layer of authentication mechanism for the safety of an internal network and an external network of the remote operation and maintenance port.
The technical scheme adopted by the invention for solving the technical problems is as follows: a zero-trust automation rule releasing platform for remote operation and maintenance ports of single-cluster or multi-cluster cloud computers comprises a verification end and a service end which are in the same cluster, client ends of the same cluster or different clusters and a database, wherein the verification end and the service end can perform data interaction with the database, the client ends are used for sending request user account information and an authentication password to a designated cluster verification end, the verification end is used for comparing the request user account information and the authentication password sent by the client ends with data prestored in the database and verifying the request user account information and the authentication password, reading an IP address and port information of the service end corresponding to the user account information prestored in the database, and simultaneously acquiring the IP address of the request client end, and the corresponding service end with the IP address of the service end is used for receiving the IP address of the request client end and the port information of the service end corresponding to the user account information, and uniquely releasing the request client IP address of the corresponding port to realize the permission/non-permission of the appointed port of the request client IP address.
The invention also provides a release method applied to the single-cluster or multi-cluster cloud computer remote operation and maintenance port zero-trust automation rule release platform, which comprises the following steps:
(1) a user sends a request user account information and an authentication password to a designated cluster verification end through a client at any terminal or equipment;
(2) after receiving the request user account information and the authentication password, the verifying terminal compares the request user account information and the authentication password with user account information and authentication password data prestored in a database so as to verify whether the request user account information exists and the authentication password is correct by comparison, and reads a server IP address and port information which are prestored in the database and correspond to the user account information; simultaneously acquiring the IP address of the request client; after the comparison is passed, executing the step (3); when the comparison does not pass, executing the step (4);
(3) the verification end sends the IP address of the request client end and the read port information of the service end corresponding to the user account information to the corresponding service end, and the corresponding service end with the IP address of the service end receives the IP address of the client end and the port information of the service end corresponding to the user account information and uniquely releases the IP address of the request client end of the corresponding port; meanwhile, feeding back the information of 'check pass' to the client;
(4) the verification end feeds back 'failure' information to the client, and the black and white list port release rule corresponding to the server is kept unchanged.
Preferably, in the step (1), the requesting user account information is encrypted requesting user account information, and preferably double-layer encryption is performed.
Preferably, in the step (2), after receiving the request user account information and the authentication password, the verifying terminal needs to decrypt first, and then compares the decrypted request user account information and the authentication password with a data password pre-stored in the database.
Preferably, in the step (3), after receiving the IP address of the client and the port information of the server corresponding to the user account information, the server uniquely releases the IP address of the client requesting the corresponding port, and simultaneously feeds back the received information to the verification end.
Preferably, the verification end can record the IP address and the communication time information of the client, and automatically intercept and record illegal users.
Preferably, any user authentication password pre-stored or stored in the database adopts different encryption ciphertexts.
Preferably, the corresponding port release rule that passes without authentication by the method defaults to not allowing any IP address to be released.
Preferably, the background thread of the server automatically judges the connection and disconnection states of the operation and maintenance user, and once the user disconnects, any release rule of the corresponding operation and maintenance port is closed immediately.
Compared with the prior art, the invention has the following beneficial effects:
1. a layer of authentication mechanism is added for the safety of the internal network and the external network of the remote operation and maintenance port, and meanwhile, the safety release method of the remote operation and maintenance port is simplified;
2. safety and prevention are improved for novel information construction;
3. the occurrence of a password brute force cracking event is prevented to the maximum extent;
4. the working efficiency of personnel such as IT operation and maintenance service is improved.
Drawings
FIG. 1 is a schematic flow diagram of the present invention.
Detailed Description
The invention will now be described in detail with reference to fig. 1, wherein exemplary embodiments and descriptions of the invention are provided to explain the invention, but not to limit the invention.
The invention particularly relates to a zero-trust automation rule releasing platform and a zero-trust automation rule releasing method for a single-cluster or multi-cluster cloud computer remote operation and maintenance port, which are called zero-trust cloud operation and maintenance platform or zero-trust cloud operation and maintenance firewall for short.
The operation and maintenance port in the invention refers to an operation and maintenance port (such as SSH, RDP and other ports) which can be accessed only after authentication of a user name and a password, and does not contain an HTTP, HTTPS and other ports which can be accessed anonymously.
A zero-trust automatic rule releasing platform for remote operation and maintenance ports of single-cluster or multi-cluster cloud computers comprises a verification end and a server end which are in the same cluster, client ends of the same cluster or different clusters and a database, wherein the verification end and the server ends can perform data interaction with the database, the client ends are used for sending request user account information and an authentication password to a designated cluster verification end, the verification end is used for comparing the request user account information and the authentication password sent by the client ends with pre-stored data in the database and verifying the request user account information and the authentication password, reading IP addresses and port information of the server ends corresponding to the user account information and pre-stored in the database, reading other pre-stored information such as MAC addresses and the like, and simultaneously acquiring IP addresses of the request client ends, and the corresponding server ends with the IP addresses of the server ends are used for receiving the IP addresses of the request client ends passed by the verification end and the port information of the server ends corresponding to the user account information And uniquely passing through the IP address of the request client of the corresponding port so as to realize the permission/non-permission of the appointed port of the IP address of the request client. The client can comprise a plurality of terminal clients, and the server is a cloud computer server and comprises a cloud host server, n cloud desktop servers and the like.
The automatic zero-trust release mechanism of the computer remote operation and maintenance port is suitable for IT deployment and operation and maintenance of novel information-based construction such as public cloud, private cloud, mixed cloud, organization local area network office (both internal and external networks are suitable) and the like.
The invention also provides a release method applied to the single-cluster or multi-cluster cloud computer remote operation and maintenance port zero-trust automation rule release platform, which comprises the following steps:
(1) a user sends a request user account information and an authentication password to a designated cluster verification end through a client at any terminal or equipment; in the step (1), the request user account information is encrypted request user account information, and preferably double-layer encryption is performed.
(2) After receiving the request user account information and the authentication password, the verifying terminal compares the request user account information and the authentication password with user account information and authentication password data prestored in a database so as to verify whether the request user account information exists and the authentication password is correct by comparison, and reads a server IP address and port information which are prestored in the database and correspond to the user account information; simultaneously acquiring the IP address of the request client; after the comparison is passed, executing the step (3); when the comparison does not pass, executing the step (4); in the step (2), after receiving the request user account information and the authentication password, the verifying terminal needs to decrypt the request user account information and the authentication password, and then compares the decrypted request user account information and the decrypted authentication password with the data password prestored in the database.
(3) The verification end sends the IP address of the request client end and the read port information of the service end corresponding to the user account information to the corresponding service end, and the corresponding service end with the IP address of the service end receives the IP address of the client end and the port information of the service end corresponding to the user account information and uniquely releases the IP address of the request client end of the corresponding port; meanwhile, feeding back the information of 'check pass' to the client;
after receiving the IP address of the client and the port information of the server corresponding to the user account information, the server uniquely releases the IP address of the client requesting the corresponding port, and feeds back the received information to the verification end;
(4) the verification end feeds back 'failure' information to the client, and the black and white list port release rule corresponding to the server is kept unchanged.
The verification end can record the IP address and the communication time information of the client, and automatically intercept and record illegal users.
According to the invention, under the default condition, the remote interaction port of any cloud computer is in a zero trust state, and only after verification and verification of a cloud firewall, the unique passing of the request IP address can be automatically carried out. The verification ciphertext is set or modified by the cloud computer user, and any request data is encrypted. The safety and the mobility are ensured, the IT operation and maintenance are simplified, and the working efficiency of operation and maintenance personnel is improved. And simultaneously adding attack interception and log recording of malicious users.
The invention is composed of three basic components of Client, Authentication and Server (namely Client, verification end and Server), and needs to be matched with open source or commercial database for use (MsSQL, MySQL, Oracle SQL, etc.). All data transmissions are encrypted.
The verification terminal, the server terminal and the database are required to be located in the same VLAN network segment of the same cluster, so that reliability and safety are improved, and operation and maintenance personnel and cloud desktop users do not need to know the packaging process and the data interaction mode of a data packet.
And the database is responsible for recording related information such as the IP address, the MAC address, the port, the user account number, the verification passwords of different encryption rules and the like of the cloud server and the cloud desktop. The verification password is set and modified by operation and maintenance personnel or cloud desktop users at the cloud computer client. And the system is deployed in any cloud server system (Windows or Linux) in the cluster. The verification end and the server end can perform data interaction with the database, and can also be deployed on the same cloud server system with the verification end. (the database only stores the authentication passwords of all users and does not store the operation and maintenance passwords of the cloud computer).
The verification end is deployed in any Windows cloud server system in the cluster and can communicate with the only port of the service end on the effective cloud computer recorded in the database in the cluster (effective means that the verification end can normally communicate with the service end of the cloud computer). According to different scenes and requirements, rules can be released to any internal and external network open verification end port, and a legal client can be ensured to normally communicate with the open port of the verification end. And the verifying end verifies the verification request of the legal client, records information such as the IP address, the communication time and the like of the client, automatically intercepts and records the illegal user, and reserves the original evidence for future verification.
The server is deployed in a Windows cloud computer which needs to open a remote operation and maintenance port in a cluster, and only a unique communication port is opened to the verification end IP. Any cloud computer in the cluster can set and modify a client authentication password through a server software interface, the authentication passwords of different users adopt different encryption ciphertexts and are responsible for judging the connection and disconnection states of the operation and maintenance users, once the users are disconnected, any release rule of the corresponding operation and maintenance port is immediately closed, and a zero trust mechanism of the corresponding port is started.
The client is arranged on any visual graphic terminal device in any network or the same VLAN network and is responsible for submitting the verification request of the user and receiving the feedback information of the verification end.
The technical solutions provided by the embodiments of the present invention are described in detail above, and the principles and embodiments of the present invention are explained herein by using specific examples, and the descriptions of the embodiments are only used to help understanding the principles of the embodiments of the present invention; meanwhile, for a person skilled in the art, according to the embodiments of the present invention, there may be variations in the specific implementation manners and application ranges, and in summary, the content of the present description should not be construed as a limitation to the present invention.
Claims (9)
1. A zero-trust automation rule releasing platform for a single-cluster or multi-cluster cloud computer remote operation and maintenance port is characterized in that: the system comprises a verifying end and a server end which are positioned in the same cluster, client ends of the same cluster or different clusters and a database, wherein the verifying end and the server end can perform data interaction with the database, the client ends are used for sending request user account information and an authentication password to a designated cluster verifying end, the verifying end is used for comparing and verifying the request user account information and the authentication password sent by the client ends and pre-stored data in the database, reading IP addresses and port information of the server end corresponding to the user account information and pre-stored in the database, and simultaneously acquiring the IP address of the request client end, the corresponding server end with the IP address of the server end is used for receiving the IP address of the request client end passed by the verifying end and the port information of the server end corresponding to the user account information, and uniquely releasing the IP address of the request client end of the corresponding port, to enable the specified port of the requesting client IP address to allow/disallow pass-through.
2. A release method applied to the single-cluster or multi-cluster cloud computer remote operation and maintenance port zero-trust automation rule release platform according to claim 1, characterized in that: the method comprises the following steps:
(1) a user sends a request user account information and an authentication password to a designated cluster verification end through a client at any terminal or equipment;
(2) after receiving the request user account information and the authentication password, the verifying terminal compares the request user account information and the authentication password with user account information and authentication password data prestored in a database so as to verify whether the request user account information exists and the authentication password is correct by comparison, and reads a server IP address and port information which are prestored in the database and correspond to the user account information; simultaneously acquiring the IP address of the request client; after the comparison is passed, executing the step (3); when the comparison does not pass, executing the step (4);
(3) the verification end sends the IP address of the request client end and the read port information of the service end corresponding to the user account information to the corresponding service end, and the corresponding service end with the IP address of the service end receives the IP address of the client end and the port information of the service end corresponding to the user account information and uniquely releases the IP address of the request client end with the corresponding port; meanwhile, feeding back the information of 'check pass' to the client;
(4) the verification end feeds back 'failure' information to the client, and the black and white list port release rule corresponding to the server is kept unchanged.
3. The release method applied to the single-cluster or multi-cluster cloud computer remote operation and maintenance port zero-trust automation rule release platform according to claim 2, characterized in that: in the step (1), the request user account information is encrypted request user account information, and preferably double-layer encryption is performed.
4. The release method applied to the single-cluster or multi-cluster cloud computer remote operation and maintenance port zero-trust automation rule release platform according to claim 2, characterized in that: in the step (2), after receiving the request user account information and the authentication password, the verifying terminal needs to decrypt the request user account information and the authentication password, and then compares the decrypted request user account information and the decrypted authentication password with the data password prestored in the database.
5. The release method applied to the single-cluster or multi-cluster cloud computer remote operation and maintenance port zero-trust automation rule release platform according to claim 2, characterized in that: in the step (3), after receiving the IP address of the client and the port information of the server corresponding to the user account information, the server uniquely releases the IP address of the client requesting the corresponding port, and feeds back the received information to the verification end.
6. The release method applied to the single-cluster or multi-cluster cloud computer remote operation and maintenance port zero-trust automation rule release platform according to claim 2, characterized in that: the verification end can record the IP address and the communication time information of the client, and automatically intercept and record illegal users.
7. The release method applied to the single-cluster or multi-cluster cloud computer remote operation and maintenance port zero-trust automation rule release platform according to claim 2, characterized in that: the authentication passwords of any user pre-stored or stored in the database adopt different encryption ciphertexts.
8. The release method applied to the single-cluster or multi-cluster cloud computer remote operation and maintenance port zero-trust automation rule release platform according to claim 2, characterized in that: the corresponding port release rule which passes without the authentication of the method defaults to not allow any IP address to release.
9. The release method applied to the single-cluster or multi-cluster cloud computer remote operation and maintenance port zero-trust automation rule release platform according to claim 2, characterized in that: the server side automatically judges the connection and disconnection states of the operation and maintenance user, and once the user disconnects, any releasing rule of the corresponding operation and maintenance port is closed immediately.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010348127.8A CN111526150A (en) | 2020-04-28 | 2020-04-28 | Zero-trust automation rule releasing platform and releasing method for single-cluster or multi-cluster cloud computer remote operation and maintenance port |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010348127.8A CN111526150A (en) | 2020-04-28 | 2020-04-28 | Zero-trust automation rule releasing platform and releasing method for single-cluster or multi-cluster cloud computer remote operation and maintenance port |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111526150A true CN111526150A (en) | 2020-08-11 |
Family
ID=71906065
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010348127.8A Pending CN111526150A (en) | 2020-04-28 | 2020-04-28 | Zero-trust automation rule releasing platform and releasing method for single-cluster or multi-cluster cloud computer remote operation and maintenance port |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111526150A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112118242A (en) * | 2020-09-09 | 2020-12-22 | 厦门安胜网络科技有限公司 | Zero trust authentication system |
| CN112422340A (en) * | 2020-11-18 | 2021-02-26 | 北京魔带互联科技有限公司 | System and method for managing cloud service cluster |
| CN112637187A (en) * | 2020-12-18 | 2021-04-09 | 合肥阿格德信息科技有限公司 | Computer network information safety system |
Citations (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1874303A (en) * | 2006-03-04 | 2006-12-06 | 华为技术有限公司 | Method for implementing black sheet |
| CN103139187A (en) * | 2011-12-02 | 2013-06-05 | 中兴通讯股份有限公司 | Method and device for interacting with telnet servers |
| US20140047526A1 (en) * | 2012-08-10 | 2014-02-13 | Hon Hai Precision Industry Co., Ltd. | Electronic device and method for providing cloud computing services |
| CN103618752A (en) * | 2013-12-18 | 2014-03-05 | 广东中科遥感技术有限公司 | Virtual machine remote desktop safety access system and method |
| CN103763119A (en) * | 2011-03-09 | 2014-04-30 | 成都勤智数码科技股份有限公司 | Telnet/SSH-based network terminal management method |
| CN103944890A (en) * | 2014-04-08 | 2014-07-23 | 山东乾云启创信息科技有限公司 | Virtual interaction system and method based on client/server mode |
| CN104270334A (en) * | 2014-06-13 | 2015-01-07 | 国家电网公司 | SSH (Secure Shell) network security access protocol monitoring method |
| CN104283879A (en) * | 2014-10-09 | 2015-01-14 | 广州杰赛科技股份有限公司 | Virtual machine remote connection method and system |
| CN104363245A (en) * | 2014-11-28 | 2015-02-18 | 上海斐讯数据通信技术有限公司 | Remote login system and method based on telnet protocol |
| CN104954189A (en) * | 2015-07-07 | 2015-09-30 | 上海斐讯数据通信技术有限公司 | Automatic server cluster detecting method and system |
| CN104951524A (en) * | 2015-06-11 | 2015-09-30 | 上海新炬网络信息技术有限公司 | Mobile platform for database operation and maintenance and using method of mobile platform |
| CN105141632A (en) * | 2015-09-21 | 2015-12-09 | 北京百度网讯科技有限公司 | Method and device used for checking pages |
| WO2015196659A1 (en) * | 2014-06-23 | 2015-12-30 | 中兴通讯股份有限公司 | Method and device for authenticating connection between desktop cloud client and serving end |
| CN105577677A (en) * | 2015-12-31 | 2016-05-11 | 亿阳安全技术有限公司 | Remote login method and system based on J2EE |
| CN106161463A (en) * | 2016-08-30 | 2016-11-23 | 江苏名通信息科技有限公司 | A kind of online game account login method |
| CN107026913A (en) * | 2017-05-18 | 2017-08-08 | 广西拾叁工房网络科技有限公司 | The remote cluster control system and its control method of a kind of ios device |
| CN107819874A (en) * | 2017-11-27 | 2018-03-20 | 南京城市职业学院 | A kind of method of remote control fire wall terminal |
| CN108429730A (en) * | 2018-01-22 | 2018-08-21 | 北京智涵芯宇科技有限公司 | Feedback-less safety certification and access control method |
| CN110166432A (en) * | 2019-04-17 | 2019-08-23 | 平安科技(深圳)有限公司 | The access method of internal net destination service provides the method for Intranet destination service |
| CN110351298A (en) * | 2019-07-24 | 2019-10-18 | 中国移动通信集团黑龙江有限公司 | Access control method, device, equipment and storage medium |
| CN110719276A (en) * | 2019-09-30 | 2020-01-21 | 北京网瑞达科技有限公司 | Network equipment safety access system based on cache password and working method thereof |
-
2020
- 2020-04-28 CN CN202010348127.8A patent/CN111526150A/en active Pending
Patent Citations (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1874303A (en) * | 2006-03-04 | 2006-12-06 | 华为技术有限公司 | Method for implementing black sheet |
| CN103763119A (en) * | 2011-03-09 | 2014-04-30 | 成都勤智数码科技股份有限公司 | Telnet/SSH-based network terminal management method |
| CN103139187A (en) * | 2011-12-02 | 2013-06-05 | 中兴通讯股份有限公司 | Method and device for interacting with telnet servers |
| US20140047526A1 (en) * | 2012-08-10 | 2014-02-13 | Hon Hai Precision Industry Co., Ltd. | Electronic device and method for providing cloud computing services |
| CN103618752A (en) * | 2013-12-18 | 2014-03-05 | 广东中科遥感技术有限公司 | Virtual machine remote desktop safety access system and method |
| CN103944890A (en) * | 2014-04-08 | 2014-07-23 | 山东乾云启创信息科技有限公司 | Virtual interaction system and method based on client/server mode |
| CN104270334A (en) * | 2014-06-13 | 2015-01-07 | 国家电网公司 | SSH (Secure Shell) network security access protocol monitoring method |
| WO2015196659A1 (en) * | 2014-06-23 | 2015-12-30 | 中兴通讯股份有限公司 | Method and device for authenticating connection between desktop cloud client and serving end |
| CN104283879A (en) * | 2014-10-09 | 2015-01-14 | 广州杰赛科技股份有限公司 | Virtual machine remote connection method and system |
| CN104363245A (en) * | 2014-11-28 | 2015-02-18 | 上海斐讯数据通信技术有限公司 | Remote login system and method based on telnet protocol |
| CN104951524A (en) * | 2015-06-11 | 2015-09-30 | 上海新炬网络信息技术有限公司 | Mobile platform for database operation and maintenance and using method of mobile platform |
| CN104954189A (en) * | 2015-07-07 | 2015-09-30 | 上海斐讯数据通信技术有限公司 | Automatic server cluster detecting method and system |
| CN105141632A (en) * | 2015-09-21 | 2015-12-09 | 北京百度网讯科技有限公司 | Method and device used for checking pages |
| CN105577677A (en) * | 2015-12-31 | 2016-05-11 | 亿阳安全技术有限公司 | Remote login method and system based on J2EE |
| CN106161463A (en) * | 2016-08-30 | 2016-11-23 | 江苏名通信息科技有限公司 | A kind of online game account login method |
| CN107026913A (en) * | 2017-05-18 | 2017-08-08 | 广西拾叁工房网络科技有限公司 | The remote cluster control system and its control method of a kind of ios device |
| CN107819874A (en) * | 2017-11-27 | 2018-03-20 | 南京城市职业学院 | A kind of method of remote control fire wall terminal |
| CN108429730A (en) * | 2018-01-22 | 2018-08-21 | 北京智涵芯宇科技有限公司 | Feedback-less safety certification and access control method |
| CN110166432A (en) * | 2019-04-17 | 2019-08-23 | 平安科技(深圳)有限公司 | The access method of internal net destination service provides the method for Intranet destination service |
| CN110351298A (en) * | 2019-07-24 | 2019-10-18 | 中国移动通信集团黑龙江有限公司 | Access control method, device, equipment and storage medium |
| CN110719276A (en) * | 2019-09-30 | 2020-01-21 | 北京网瑞达科技有限公司 | Network equipment safety access system based on cache password and working method thereof |
Non-Patent Citations (2)
| Title |
|---|
| RIDHO MAULANA ARIFIANTO: "An SSH Honeypot Architecture Using Port Knocking and Intrusion Detection System", 《 2018 6TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY (ICOICT)》 * |
| 王少青: "基于集成虚拟化集群服务器的高校数字校园平台设计与实现", 《信息科技辑》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112118242A (en) * | 2020-09-09 | 2020-12-22 | 厦门安胜网络科技有限公司 | Zero trust authentication system |
| CN112422340A (en) * | 2020-11-18 | 2021-02-26 | 北京魔带互联科技有限公司 | System and method for managing cloud service cluster |
| CN112637187A (en) * | 2020-12-18 | 2021-04-09 | 合肥阿格德信息科技有限公司 | Computer network information safety system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11647003B2 (en) | Concealing internal applications that are accessed over a network | |
| US10419459B2 (en) | System and method for providing data and device security between external and host devices | |
| US9781114B2 (en) | Computer security system | |
| US9729514B2 (en) | Method and system of a secure access gateway | |
| EP2328319B1 (en) | Method, system and server for realizing the secure access control | |
| EP1782265B1 (en) | System and method for secure network connectivity | |
| CN114598540B (en) | Access control system, method, device and storage medium | |
| JP4168052B2 (en) | Management server | |
| EP4236206B1 (en) | Actively monitoring encrypted traffic by inspecting logs | |
| US20120151565A1 (en) | System, apparatus and method for identifying and blocking anomalous or improper use of identity information on computer networks | |
| CN111526150A (en) | Zero-trust automation rule releasing platform and releasing method for single-cluster or multi-cluster cloud computer remote operation and maintenance port | |
| CN110719277B (en) | System and method for secure access of network device based on one-time access credential | |
| CN116032533A (en) | Remote office access method and system based on zero trust | |
| WO2008155428A1 (en) | Firewall control system | |
| CN113472758A (en) | Access control method, device, terminal, connector and storage medium | |
| KR101858207B1 (en) | System for security network | |
| CN111628960B (en) | Method and apparatus for connecting to network services on a private network | |
| CN114915427B (en) | Access control method, device, equipment and storage medium | |
| CN116827646A (en) | Terminal flow agent and access control method based on eBPF | |
| CN116248405A (en) | Network security access control method based on zero trust and gateway system and storage medium adopting same | |
| CN114662080A (en) | Data protection method and device and desktop cloud system | |
| CN118300899B (en) | Authorized communication method, device, computer equipment and storage medium | |
| Yoo et al. | TAPS: Trust-based Access Control and Protect System | |
| Conde Ortiz | Ethical Hacking Of An Industrial Control System | |
| CN118118184A (en) | Medical equipment remote operation and maintenance method, system and device based on zero trust security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200811 |
|
| RJ01 | Rejection of invention patent application after publication |