CN111585957B - Message processing method, device, network equipment and storage medium - Google Patents

Message processing method, device, network equipment and storage medium Download PDF

Info

Publication number
CN111585957B
CN111585957B CN202010246689.1A CN202010246689A CN111585957B CN 111585957 B CN111585957 B CN 111585957B CN 202010246689 A CN202010246689 A CN 202010246689A CN 111585957 B CN111585957 B CN 111585957B
Authority
CN
China
Prior art keywords
message
security level
address
detection
sip
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010246689.1A
Other languages
Chinese (zh)
Other versions
CN111585957A (en
Inventor
岳炳词
王乐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
New H3C Security Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Security Technologies Co Ltd filed Critical New H3C Security Technologies Co Ltd
Priority to CN202010246689.1A priority Critical patent/CN111585957B/en
Publication of CN111585957A publication Critical patent/CN111585957A/en
Application granted granted Critical
Publication of CN111585957B publication Critical patent/CN111585957B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Abstract

The application provides a message processing method, a message processing device, network equipment and a storage medium. The message processing method is applied to a firewall, an access matching strategy is preset by the firewall, and matching items of the access matching strategy comprise a message characteristic matching item and a security level matching item; the method comprises the following steps: receiving a message, wherein the message characteristics of the message comprise a Source Internet Protocol (SIP) address; determining a detection security level corresponding to the SIP address; determining a preset security level corresponding to the message characteristics of the message based on a locally set access matching strategy; and when the detection security level is smaller than the preset security level, discarding the message. According to the method and the device, the access authority of the IP address to the server is adjusted according to the safe credible state of the IP address, and the safety risk is reduced.

Description

Message processing method, device, network equipment and storage medium
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for processing a packet, a network device, and a storage medium.
Background
In today where network applications are widespread, as a barrier for isolating and protecting an intranet and an extranet, it is the most common way to deploy a firewall between the intranet and the extranet or between intranet departments. In current firewall implementations, access control permissions for user terminals are fixed and static. This presents a serious safety risk: originally, a relatively safe user terminal is controlled by a hacker attacker, so that the user terminal which generates malicious attack performs network attack on resources protected by the firewall, thereby bringing greater security risk and even sensitive information leakage or other economic losses.
Disclosure of Invention
In order to solve the above problems, the present application provides a message processing method, an apparatus, a network device, and a storage medium.
In a first aspect, the present application provides a packet processing method, which is applied to a firewall, where the firewall sets an access matching policy in advance, and matching items of the access matching policy include a packet feature matching item and a security level matching item; the method comprises the following steps:
receiving a message, wherein the message characteristics of the message comprise a Source Internet Protocol (SIP) address;
determining a detection security level corresponding to the SIP address;
determining a preset security level corresponding to the message characteristics of the message based on a locally set access matching strategy;
and when the detection safety level is smaller than the preset safety level, discarding the message.
Optionally, the method further includes: and when the detected security level is not less than the preset security level, allowing the message to pass through.
Optionally, the determining a detection security level corresponding to the SIP address includes:
carrying out security detection on the SIP address, and determining a detection security level corresponding to the SIP address; or the like, or, alternatively,
and inquiring a detection security level corresponding to the SIP address according to a locally stored terminal trusted list, wherein the terminal trusted list comprises the IP address and the detection security level.
Optionally, the terminal trusted list further includes an aging time; when determining the detection security level corresponding to the SIP address, the method further includes:
when the aging time corresponding to the SIP address is determined to be 0, discarding the message;
and when the aging time corresponding to the SIP address is determined to be not 0, executing the access matching strategy based on local setting, and determining a preset security level corresponding to the message characteristics of the message.
Optionally, the message processing method further includes: and carrying out security detection on the SIP address, and discarding the message with the source address being the SIP when the security detection is unsuccessful.
In a second aspect, the present application provides a packet processing apparatus, which is applied to a firewall, where the firewall sets an access matching policy in advance, and matching items of the access matching policy include a packet feature matching item and a security level matching item; the device comprises:
the receiving unit is used for receiving a message, and the message characteristics of the message comprise a Source Internet Protocol (SIP) address;
a first determining unit, configured to determine a detection security level corresponding to the SIP address;
a second determining unit, configured to determine, based on an access matching policy set locally, a preset security level corresponding to a packet feature of the packet;
and the forwarding unit is used for discarding the message when the detected security level is less than the preset security level.
Optionally, the forwarding unit is further configured to:
and when the detected security level is not less than the preset security level, allowing the message to pass through.
Optionally, the first determining unit is specifically configured to:
performing security detection on the SIP address, and determining a detection security level corresponding to the SIP address; or the like, or, alternatively,
and inquiring a detection security level corresponding to the SIP address according to a locally stored terminal trusted list, wherein the terminal trusted list comprises the IP address and the detection security level.
Optionally, the terminal trusted list further includes an aging time; the first determining unit is specifically configured to:
triggering the forwarding unit to discard the message when determining that the aging time corresponding to the SIP address is 0;
and when the aging time corresponding to the SIP address is determined to be not 0, triggering the second determination unit to determine a preset security level corresponding to the message characteristics of the message based on a locally set access matching strategy.
Optionally, the first determining unit is further configured to: and carrying out security detection on the SIP address, and triggering the forwarding unit to discard the message with the source address being the SIP when the security detection is unsuccessful.
In a third aspect, the present application provides a network device comprising a processor CPU and a machine-readable storage medium storing machine-executable instructions executable by the CPU, the CPU being caused by the machine-executable instructions to: implementing the steps of the message processing method of any of the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the message processing method according to any one of the first aspect.
Compared with the prior art, the method provided by the embodiment of the application discards the message taking the IP address as the source IP by setting the access matching policy comprising the security level of the IP address and when the detection security level of the IP address is determined to be smaller than the preset security level set by the access matching policy. Therefore, under the condition that a certain IP address is changed from unsafe to dangerous, the access authority of the IP address to the server can be adjusted according to the safe credible state of the IP address, and the safety risk is reduced. Therefore, even if the safe user terminal is controlled by a hacker attacker and becomes a user terminal generating malicious attack, the access message sent by the safe user terminal can be discarded by the firewall, and the user terminal cannot access the resources protected by the firewall.
Drawings
Fig. 1 is a schematic diagram of a message processing flow provided in an embodiment of the present application;
fig. 2 is a schematic diagram of a message processing flow according to another embodiment of the present application;
fig. 3 is a schematic diagram of a possible application scenario networking provided in an embodiment of the present application;
fig. 4 is a schematic diagram illustrating a message processing flow according to yet another embodiment of the present application;
fig. 5 is a schematic diagram of a message processing apparatus according to an embodiment of the present application;
fig. 6 is a schematic diagram of a network device according to an embodiment of the present application.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at" \8230; "or" when 8230; \8230; "or" in response to a determination ", depending on the context.
The inventors have now found the following problems:
the current firewall technology mainly performs protection by statically setting a protection strategy and setting characteristics of a feature library. And performing security protection of network access by judging whether one message is matched with a protection strategy and matching characteristics.
Because the policy rule is static, the access authority of the user terminal cannot be adjusted according to the safe credible state of the access user terminal, and a larger safety risk exists.
Because the artificial configuration strategy is fixed, it is difficult to accurately judge whether the strategy configuration setting has a safety protection risk, and a large leakage prevention risk exists.
The embodiment of the application provides a message processing method, which is applied to a firewall, wherein the firewall presets an access matching strategy, and matching items of the access matching strategy comprise a message characteristic matching item and a security level matching item. In one example, the matching item of the access matching policy includes at least one of a source internet protocol SIP address, a source port, a destination internet protocol DIP, a destination port, a source security domain, a destination security domain, a protocol, a security level, and the like, where the packet feature matching includes at least one of the matching items of the SIP address, the source port, the DIP, the destination port, the source security domain, the destination security domain, the protocol, and the like. Specifically, the format of the access matching policy is shown in table 1 below.
TABLE 1
SouIpOpt SouPortOpt SouZone DestIpOpt DestPortOpt DestZone Prop SecLevel Action
The terms in table 1 above are explained as follows:
SouIpOpt: the SIP address, i.e., the source IP address. In one embodiment of the present application, SIP may be the IP address of the user terminal.
SouPortOpt: a source port. In one embodiment of the present application, the source port is a user terminal application port.
Souzone: a source security domain. In one embodiment of the present application, one or more ports of the user terminal may be joined to one security domain.
DestIPopt: DIP address, i.e. destination IP address.
DestPortOpt: the destination port, in the embodiment of the present application, identifies the protected application resource through the port.
Destzone: and the target security domain is a security domain added to a port connected with the accessed resource in the embodiment of the application. Ports in the same security domain consider the resources to which they are connected to have common security requirements.
And (2) Prop: and (4) protocol. In the embodiment of the application, the protocol is a transport layer protocol, such as TCP, UDP and the like
SecLevel: and the security level restricts the security level of the terminal matched with the strategy. Assuming that the set security level is 5, there are different processing modes for different values of Action.
Action is "allowed", and the destination resource can be accessed only when the security level of the user terminal is greater than or equal to 5. Here corresponding to a white list.
Action is "prohibited": the destination resource may only be accessed if the security level of the user terminal is greater than or equal to 5. This corresponds to a black list.
And (4) Action: action, 0: indicating enabled and 1 indicating disabled.
Referring to FIG. 1, the method of FIG. 1 includes 101-104, as described below.
101. And receiving a message, wherein the message characteristics of the message comprise a Source Internet Protocol (SIP) address.
102. A detected security level corresponding to the SIP address is determined.
In the embodiment of the application, the detection security level is determined after security detection is performed by a firewall. In one example, 102 may perform a security check on the SIP address to determine a corresponding security level of the check for the SIP address.
In another example, the firewall further stores a terminal trusted list, where the terminal trusted list includes an IP address and a detection security level, and after the firewall performs security detection on a certain IP address, determines the detection security level corresponding to the IP address, and then stores the IP address and the corresponding detection security level in the terminal trusted list. Then 102 may query a locally stored trusted list of terminals for the detected security level corresponding to the SIP address.
It should be noted that, the firewall may select an existing related security detection method to detect the IP address according to actual requirements, and the embodiment of the present application is not particularly limited.
103. And determining a preset security level corresponding to the message characteristics of the message based on the locally set access matching strategy.
104. And when the detected safety level is less than the preset safety level, discarding the message.
And when the detected security level is less than the preset security level, the SIP address of the message is not safe, and the message is not allowed to pass through.
The method provided by the embodiment of the application discards the message with the IP address as the source IP by setting the access matching strategy comprising the security level of the IP address and when the detection security level of the IP address is determined to be smaller than the preset security level set by the access matching strategy. Therefore, under the condition that a certain IP address is changed from unsafe to dangerous, the access authority of the IP address to the server can be adjusted according to the safe credible state of the IP address, and the safety risk is reduced. Therefore, even if the secure user terminal is controlled by a hacker and becomes a user terminal generating malicious attacks, the access message sent by the secure user terminal can be discarded by the firewall, and the user terminal cannot access resources protected by the firewall.
Based on fig. 1, please refer to fig. 2, the message processing method according to the embodiment of the present application further includes: 105. and when the detected security level is not less than the preset security level, allowing the message to pass through.
In an optional embodiment, the trusted list of terminals further includes an aging time; when determining the detection security level corresponding to the SIP address, the method further includes: an aging time corresponding to the SIP address is determined.
When the aging time corresponding to the SIP address is determined to be 0, discarding the message;
and when the aging time corresponding to the SIP address is not 0, executing 103, namely executing a step of determining a preset security level corresponding to the message characteristics of the message based on a locally set access matching strategy.
In an optional embodiment, the message processing method further includes: and carrying out security detection on the SIP address, and discarding the message with the source address being the SIP when the security detection is unsuccessful. In the embodiment of the present application, the unsuccessful security detection may be that the SIP address cannot be identified, or that an abnormality occurs in the security detection function of the firewall. When the security detection is unsuccessful, in order to reduce the risk, the firewall discards the message sent by the SIP address.
Referring to fig. 3, a networking diagram of an application scenario provided in the embodiment of the present application includes a user terminal 1-2, a firewall, and a server 1-2, where an IP address of the user terminal 1 is IP1, and an access matching policy set by the firewall is shown in table 2 below.
TABLE 2
SouIpOpt SouPortOpt SouZone DestIpOpt DestPortOpt DestZone Prop SecLevel Action
IP1 Is not provided with Is not provided with Is not provided with Is not provided with Is not provided with Is not provided with 5 1
After the access matching strategy is set, the firewall can perform security detection on the IP1, determine the detection security level corresponding to the IP1, and store the IP1, the corresponding detection security level and the aging time in a local terminal trusted list. Assume that the terminal trusted list is shown in table 3 below.
TABLE 3
IP address Detecting security levels Aging time
IP1 5 20s
In conjunction with the application scenario shown in fig. 3, fig. 4 shows a message processing method applied to a firewall.
The user terminal 1 sends a message 1 to the firewall, and the SIP of the message 1 is IP1.
401. The firewall receives the message 1, and obtains the SIP of the message 1: IP1.
402. The firewall inquires the detection security level corresponding to the IP1 address in the terminal trusted list: 5. aging time: and 20s.
403. And judging whether the aging time is 0 or not. If not, then 404 is performed. If yes, execute 407: message 1 is discarded.
404. Obtaining an access matching strategy, and determining a preset security level corresponding to the IP 1: 5.
405. and judging whether the detected safety level is greater than or equal to a preset safety level.
If yes, execute 406: allowing message 1 to pass.
If not, then 407 is executed: message 1 is discarded.
408. The firewall periodically performs security checks on IP1 and updates table 3. Updated table 3 is shown below in table 4.
TABLE 4
IP address Detecting security levels Aging time
IP1 4 20s
And repeating the steps 402-407 for the subsequent received message of which the SIP is IP1.
Referring to fig. 5, an embodiment of the present application provides a packet processing apparatus, which is applied to a firewall, where the firewall sets an access matching policy in advance, and matching items of the access matching policy include a packet feature matching item and a security level matching item. The message processing device comprises: receiving unit 500, first determining unit 501, second determining unit 502, and forwarding unit 503.
The receiving unit 500 is configured to receive a message, where a message characteristic of the message includes a source internet protocol SIP address.
A first determining unit 501, configured to determine a detected security level corresponding to the SIP address.
A second determining unit 502, configured to determine a preset security level corresponding to a packet feature of the packet based on a locally set access matching policy.
The forwarding unit 503 is configured to discard the packet when the detected security level is less than the preset security level.
Optionally, the forwarding unit 503 is further configured to:
and when the detected security level is not less than the preset security level, allowing the message to pass through.
Optionally, the first determining unit 501 is specifically configured to:
performing security detection on the SIP address, and determining a detection security level corresponding to the SIP address; or the like, or a combination thereof,
and inquiring a detection safety level corresponding to the SIP address according to a locally stored terminal credible list, wherein the terminal credible list comprises the IP address and the detection safety level.
Optionally, the terminal trusted list further includes an aging time; the first determining unit 501 is specifically configured to:
when the aging time corresponding to the SIP address is determined to be 0, triggering a forwarding unit to discard the message;
and when the aging time corresponding to the SIP address is determined to be not 0, triggering a second determination unit to determine a preset security level corresponding to the message characteristic of the message based on a locally set access matching strategy.
Optionally, the first determining unit 501 is further configured to: the SIP address is detected safely, and when the safety detection is unsuccessful, the forwarding unit 503 is triggered to discard the message whose source address is SIP.
The implementation process of the functions and actions of each unit in the module/device is specifically described in the implementation process of the corresponding step in the method, and is not described herein again.
Referring to fig. 6, an embodiment of the present application provides a network device, which may specifically be a firewall. The network device comprises a processor 610, a transceiver 620 and a machine-readable storage medium 630, the machine-readable storage medium 630 storing machine-executable instructions capable of being executed by the processor 610, the processor 610 being caused by the machine-executable instructions to perform the processing method of any one of the methods provided by the embodiments of the present application.
The embodiment of the present application provides a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements the steps of any one of the methods provided in the embodiment of the present application.
For the module/device embodiment, since it substantially corresponds to the method embodiment, reference may be made to the partial description of the method embodiment for relevant points. The above-described module/device embodiments are merely illustrative, and units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.

Claims (12)

1. A message processing method is characterized in that the method is applied to a firewall, an access matching strategy is preset by the firewall, and matching items of the access matching strategy comprise a message characteristic matching item and a security level matching item; the method comprises the following steps:
receiving a message, wherein the message characteristics of the message comprise a Source Internet Protocol (SIP) address;
determining a detection security level corresponding to the SIP address;
determining a preset security level corresponding to the message characteristics of the message based on a locally set access matching strategy;
and when the detection safety level is smaller than the preset safety level, discarding the message.
2. The method of claim 1, further comprising:
and when the detected security level is not less than the preset security level, allowing the message to pass through.
3. The method of claim 1, wherein determining the detected security level corresponding to the SIP address comprises:
carrying out security detection on the SIP address, and determining a detection security level corresponding to the SIP address; or the like, or, alternatively,
and inquiring a detection security level corresponding to the SIP address according to a locally stored terminal trusted list, wherein the terminal trusted list comprises the IP address and the detection security level.
4. The method of claim 3, wherein the trusted list of terminals further includes an aging time; when determining the detection security level corresponding to the SIP address, the method further includes:
when the aging time corresponding to the SIP address is determined to be 0, discarding the message;
and when the aging time corresponding to the SIP address is determined to be not 0, executing the access matching strategy based on local setting, and determining a preset security level corresponding to the message characteristics of the message.
5. The method of any of claims 1-4, further comprising:
and carrying out security detection on the SIP address, and discarding the message with the source address being the SIP when the security detection is unsuccessful.
6. A message processing device is characterized in that the device is applied to a firewall, an access matching strategy is preset by the firewall, and matching items of the access matching strategy comprise a message characteristic matching item and a security level matching item; the device comprises:
the receiving unit is used for receiving a message, and the message characteristics of the message comprise a Source Internet Protocol (SIP) address;
a first determining unit, configured to determine a detection security level corresponding to the SIP address;
a second determining unit, configured to determine, based on an access matching policy set locally, a preset security level corresponding to a packet feature of the packet;
and the forwarding unit is used for discarding the message when the detected security level is less than the preset security level.
7. The apparatus of claim 6, wherein the forwarding unit is further configured to:
and when the detected security level is not less than the preset security level, allowing the message to pass through.
8. The apparatus according to claim 6, wherein the first determining unit is specifically configured to:
carrying out security detection on the SIP address, and determining a detection security level corresponding to the SIP address; or the like, or, alternatively,
and inquiring a detection security level corresponding to the SIP address according to a locally stored terminal trusted list, wherein the terminal trusted list comprises the IP address and the detection security level.
9. The apparatus of claim 8, wherein the trusted list of terminals further includes an aging time; the first determining unit is specifically configured to:
triggering the forwarding unit to discard the message when determining that the aging time corresponding to the SIP address is 0;
and when the aging time corresponding to the SIP address is determined to be not 0, triggering the second determination unit to determine a preset security level corresponding to the message characteristics of the message based on a locally set access matching strategy.
10. The apparatus according to any of claims 6-9, wherein the first determining unit is further configured to:
and carrying out security detection on the SIP address, and triggering the forwarding unit to discard the message with the source address being the SIP when the security detection is unsuccessful.
11. A network device comprising a processor CPU and a machine-readable storage medium storing machine-executable instructions executable by the CPU, the CPU being caused by the machine-executable instructions to: the steps of implementing the message processing method of any of claims 1-5.
12. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the message processing method according to any one of claims 1 to 5.
CN202010246689.1A 2020-04-01 2020-04-01 Message processing method, device, network equipment and storage medium Active CN111585957B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010246689.1A CN111585957B (en) 2020-04-01 2020-04-01 Message processing method, device, network equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010246689.1A CN111585957B (en) 2020-04-01 2020-04-01 Message processing method, device, network equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111585957A CN111585957A (en) 2020-08-25
CN111585957B true CN111585957B (en) 2023-03-28

Family

ID=72124259

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010246689.1A Active CN111585957B (en) 2020-04-01 2020-04-01 Message processing method, device, network equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111585957B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112291199B (en) * 2020-09-30 2022-02-22 新华三信息安全技术有限公司 Message processing method and device, electronic equipment and storage medium
CN112788045B (en) * 2021-01-21 2023-02-24 杭州迪普科技股份有限公司 Safety protection method and device for network camera
CN113179252B (en) * 2021-03-30 2022-04-01 新华三信息安全技术有限公司 Security policy management method, device, equipment and machine-readable storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1905555A (en) * 2005-07-30 2007-01-31 华为技术有限公司 Fire wall controlling system and method based on NGN service
CN101160876A (en) * 2005-10-15 2008-04-09 华为技术有限公司 Network security control method and system
EP2458790A1 (en) * 2010-11-30 2012-05-30 LSIS Co., Ltd. Intelligent electric device and network system including the device
CN105337890A (en) * 2014-07-16 2016-02-17 杭州迪普科技有限公司 Control strategy generation method and apparatus
CN109286594A (en) * 2017-07-19 2019-01-29 中兴通讯股份有限公司 The processing method and processing device of address analysis protocol message
CN109861985A (en) * 2019-01-02 2019-06-07 平安科技(深圳)有限公司 IP air control method, apparatus, equipment and the storage medium divided based on risk class
CN110138660A (en) * 2019-06-06 2019-08-16 杭州商湾网络科技有限公司 A kind of multiple exit route selection method
CN110430159A (en) * 2019-06-20 2019-11-08 国网辽宁省电力有限公司信息通信分公司 A kind of excessive method for early warning of Platform Server firewall policy range of opening

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1905555A (en) * 2005-07-30 2007-01-31 华为技术有限公司 Fire wall controlling system and method based on NGN service
CN101160774A (en) * 2005-07-30 2008-04-09 华为技术有限公司 Next generation network service based firewall control system and method
CN101160876A (en) * 2005-10-15 2008-04-09 华为技术有限公司 Network security control method and system
EP2458790A1 (en) * 2010-11-30 2012-05-30 LSIS Co., Ltd. Intelligent electric device and network system including the device
CN105337890A (en) * 2014-07-16 2016-02-17 杭州迪普科技有限公司 Control strategy generation method and apparatus
CN109286594A (en) * 2017-07-19 2019-01-29 中兴通讯股份有限公司 The processing method and processing device of address analysis protocol message
CN109861985A (en) * 2019-01-02 2019-06-07 平安科技(深圳)有限公司 IP air control method, apparatus, equipment and the storage medium divided based on risk class
CN110138660A (en) * 2019-06-06 2019-08-16 杭州商湾网络科技有限公司 A kind of multiple exit route selection method
CN110430159A (en) * 2019-06-20 2019-11-08 国网辽宁省电力有限公司信息通信分公司 A kind of excessive method for early warning of Platform Server firewall policy range of opening

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于防火墙技术的网络安全风险评估体系构建策略;顾晟;《廊坊师范学院学报(自然科学版)》;20100620(第03期);全文 *

Also Published As

Publication number Publication date
CN111585957A (en) 2020-08-25

Similar Documents

Publication Publication Date Title
CN111585957B (en) Message processing method, device, network equipment and storage medium
US11082436B1 (en) System and method for offloading packet processing and static analysis operations
US10225280B2 (en) System and method for verifying and detecting malware
US7159149B2 (en) Heuristic detection and termination of fast spreading network worm attacks
US7526809B2 (en) System and method for computer protection against malicious electronic mails by analyzing, profiling and trapping the same
EP2008188B1 (en) Software vulnerability exploitation shield
AU2004289001B2 (en) Method and system for addressing intrusion attacks on a computer system
CN106850637B (en) Abnormal traffic detection method based on traffic white list
US9398027B2 (en) Data detecting method and apparatus for firewall
US9661006B2 (en) Method for protection of automotive components in intravehicle communication system
US20140259168A1 (en) Malware identification using a hybrid host and network based approach
US20070294759A1 (en) Wireless network control and protection system
CN107979581B (en) Detection method and device for zombie characteristics
JP2015528263A (en) Network traffic processing system
JP2006352669A (en) Attack detection/defense system
JP2013191199A (en) Methods and systems for protecting network-connected device from intrusion
EP3737067A1 (en) Systems and methods for automated intrusion detection
US20170250998A1 (en) Systems and methods of preventing infection or data leakage from contact with a malicious host system
KR20080028381A (en) Method for defending against denial of service attacks in ip networks by target victim self-identification and control
CN106790189B (en) intrusion detection method and device based on response message
CN112383559B (en) Address resolution protocol attack protection method and device
CN112583841A (en) Virtual machine safety protection method and system, electronic equipment and storage medium
US20040093514A1 (en) Method for automatically isolating worm and hacker attacks within a local area network
US20170346844A1 (en) Mitigating Multiple Advanced Evasion Technique Attacks
CN115603985A (en) Intrusion detection method, electronic device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant