CN111917697A - Active detection online violation external connection technology based on non-client mode - Google Patents
Active detection online violation external connection technology based on non-client mode Download PDFInfo
- Publication number
- CN111917697A CN111917697A CN202010181557.5A CN202010181557A CN111917697A CN 111917697 A CN111917697 A CN 111917697A CN 202010181557 A CN202010181557 A CN 202010181557A CN 111917697 A CN111917697 A CN 111917697A
- Authority
- CN
- China
- Prior art keywords
- external connection
- illegal
- intranet
- server
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/302—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information gathering intelligence information for situation awareness or reconnaissance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/308—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
Abstract
The non-client mode active check online illegal external connection detection technology provided by the invention has the advantages that an illegal external connection detection server is deployed in an internal network environment, and an evidence obtaining platform is deployed in an external public network; setting an internal network IP network segment range in an illegal external connection detection server to carry out illegal external connection scanning detection; when the intranet terminal is connected simultaneously the intranet, connect the internet, the platform IP of collecting evidence and survey the data package and then forward the service through the route at intranet terminal with embedded outside public network by the external antithetical couplet detection server of violating the regulations and carry out data forwarding, at this moment, outside public network server receives the survey data package that comes from the detection server of the illegal antithetical couplet of intranet and sends, record information such as IP at this illegal antithetical couplet terminal, and respond to the illegal antithetical couplet server of intranet, the inspection server of the illegal antithetical couplet of intranet reports to the police, evidence is kept to outside collection evidence platform. The technical advantage lies in a non-client mode, active inspection mechanism. The dependency of the terminal on the client is not required, the timeliness brought by passive inspection is reduced, the initiative is mastered, and the timeliness is achieved.
Description
Technical Field
The invention belongs to the field of information security, relates to an intranet terminal computer illegal external connection monitoring technology, and particularly relates to an online illegal external connection technology based on non-client mode active check.
Background
With the rapid development of information technology, each enterprise and public institution completely depends on informatization office, information data of the enterprise and public institution relates to various information such as personal information, social resources, national development policies and the like, and once the information is leaked, serious damage can be caused to social stability, people property and even national security. Therefore, in the information-based construction place, most domestic unit networks are divided into an office intranet and the internet, are physically isolated and are used for isolating threats of unsafe attributes of the internet to internal important service data, meanwhile, in order to avoid behaviors of internal staff in private connection with the internet, more and more units deploy desktop terminal management software to prevent illegal external connection, but with long-time use, terminals which are not provided with/cannot be provided with the desktop terminal management software exist in the intranet, the produced illegal external connection is too defensive, and a short board effect exists. Meanwhile, most of unit headquarters cannot comprehensively and effectively supervise the illegal external connection protection strength of subordinate units, supervision means are omitted, and the post-perception is realized when a safety event caused by illegal external connection occurs.
At present, the detection technology of the illegal external connection behavior is mainly based on a server/client architecture, and has strong dependency on a client program, namely, a client is installed through a terminal device in a network monitoring range, and a detection and management server of the illegal external connection behavior is deployed in a network, so that the detection and discovery function of the illegal external connection behavior is realized through a configuration strategy. However, in an actual network environment, the type of the terminal is complex, and if a special terminal cannot install a client, a management bug may occur, which results in that the rule-breaking external defense strategy is similar to a nominal one.
Therefore, the invention provides a technology for actively checking the online illegal external connection based on a non-client mode, and the detection function of the illegal external connection behavior is realized without arranging a client on a terminal host.
Disclosure of Invention
The invention mainly researches a technology for actively checking online illegal external connection behaviors in an intranet non-client mode, does not need to install a client on a terminal computer, and finds the behaviors of the illegal external connection behaviors which are simultaneously connected with an intranet and the internet based on a network layer detection technology and retains evidence obtaining information.
The invention provides a non-client mode active check online illegal external connection detection technology, which comprises the following specific implementation steps:
step 1, deploying an illegal external connection detection server in an internal network environment, and deploying a forensics platform in an external public network;
and 4, when the intranet terminal is simultaneously connected with the intranet and the internet, the illegal external connection detection server carries out data forwarding on the embedded external public network evidence obtaining platform IP and the detection data packet through the routing forwarding service of the intranet terminal, at the moment, the external public network server receives the detection data packet sent by the illegal internal connection detection server from the intranet, records the IP and other information of the illegal external connection terminal, responds to the illegal internal network external connection server, alarms by the illegal internal network external connection detection server, and retains evidence of the external evidence obtaining platform.
Description of the drawings:
FIG. 1 is a diagram of an application deployment for proactively checking for online illegal add-on systems based on a non-client mode;
FIG. 2 is a flow diagram of an active check for online illegal external connection monitoring based on a non-client mode;
fig. 3 is a schematic structural diagram of an active inspection offline online external connection detection system based on a non-client mode.
Claims (3)
1. The external connection technology for actively checking online violation based on the non-client mode comprises the following steps: step 1, deploying an illegal external connection detection server in an internal network environment, and deploying a forensics platform in an external public network; step 2, setting an internal network IP network segment range in an illegal external connection detection server to carry out illegal external connection scanning detection; step 3, when the intranet terminal is not connected with an intranet and the internet at the same time, an embedded external public network evidence obtaining platform IP and a detection data packet sent by the illegal external connection detection server cannot be forwarded through the terminal route, the public network evidence obtaining platform cannot receive information and cannot respond to the intranet illegal external connection server, and therefore the intranet illegal external connection detection server regards the data packet which does not receive the response as the illegal external connection; and 4, when the intranet terminal is simultaneously connected with the intranet and the internet, the illegal external connection detection server carries out data forwarding on the embedded external public network evidence obtaining platform IP and the detection data packet through the routing forwarding service of the intranet terminal, at the moment, the external public network server receives the detection data packet sent by the illegal internal connection detection server from the intranet, records the IP and other information of the illegal external connection terminal, responds to the illegal internal network external connection server, and the illegal internal network external connection detection server alarms and obtains evidence of the external evidence obtaining platform.
2. The method for detecting the illegal external connection according to claim 1, wherein an illegal external connection detection server needs to be deployed on an internal network, and a forensics platform needs to be deployed on an external public network.
3. The method according to claim 1, wherein the illegal external connection detection server sends a detection data packet to the intranet detected terminal, the data packet is embedded into an IP address and a communication mechanism of the public network forensics platform, and once the public network forensics platform receives the detection data packet sent by the intranet illegal external connection detection server, the detection data packet is recorded and responded.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010181557.5A CN111917697A (en) | 2020-03-17 | 2020-03-17 | Active detection online violation external connection technology based on non-client mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010181557.5A CN111917697A (en) | 2020-03-17 | 2020-03-17 | Active detection online violation external connection technology based on non-client mode |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111917697A true CN111917697A (en) | 2020-11-10 |
Family
ID=73237397
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010181557.5A Withdrawn CN111917697A (en) | 2020-03-17 | 2020-03-17 | Active detection online violation external connection technology based on non-client mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111917697A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114244570A (en) * | 2021-11-18 | 2022-03-25 | 广东电网有限责任公司 | Terminal illegal external connection monitoring method and device, computer equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103391216A (en) * | 2013-07-15 | 2013-11-13 | 中国科学院信息工程研究所 | Alarm and blocking method for illegal external connections |
| CN106713472A (en) * | 2016-12-30 | 2017-05-24 | 重庆安迈科技有限公司 | Internet of Things monitoring system and method |
| CN107733706A (en) * | 2017-09-30 | 2018-02-23 | 北京北信源软件股份有限公司 | The illegal external connection monitoring method and system of a kind of no agency |
| CN107948122A (en) * | 2016-10-12 | 2018-04-20 | 成都鼎桥通信技术有限公司 | Isolating device traversing method and device |
| CN109450921A (en) * | 2018-11-29 | 2019-03-08 | 北京北信源信息安全技术有限公司 | Network status monitoring method, apparatus, storage medium and server |
-
2020
- 2020-03-17 CN CN202010181557.5A patent/CN111917697A/en not_active Withdrawn
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103391216A (en) * | 2013-07-15 | 2013-11-13 | 中国科学院信息工程研究所 | Alarm and blocking method for illegal external connections |
| CN107948122A (en) * | 2016-10-12 | 2018-04-20 | 成都鼎桥通信技术有限公司 | Isolating device traversing method and device |
| CN106713472A (en) * | 2016-12-30 | 2017-05-24 | 重庆安迈科技有限公司 | Internet of Things monitoring system and method |
| CN107733706A (en) * | 2017-09-30 | 2018-02-23 | 北京北信源软件股份有限公司 | The illegal external connection monitoring method and system of a kind of no agency |
| CN109450921A (en) * | 2018-11-29 | 2019-03-08 | 北京北信源信息安全技术有限公司 | Network status monitoring method, apparatus, storage medium and server |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114244570A (en) * | 2021-11-18 | 2022-03-25 | 广东电网有限责任公司 | Terminal illegal external connection monitoring method and device, computer equipment and storage medium |
| CN114244570B (en) * | 2021-11-18 | 2023-12-22 | 广东电网有限责任公司 | Illegal external connection monitoring method and device for terminal, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7832006B2 (en) | System and method for providing network security | |
| CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| CN113839935B (en) | Network situation awareness method, device and system | |
| CN101626368A (en) | Device, method and system for preventing web page from being distorted | |
| WO2004084063A1 (en) | Method and system for preventing virus infection | |
| CN112134877A (en) | Network threat detection method, device, equipment and storage medium | |
| CN109587122B (en) | System and method for realizing self-guarantee of Web subsystem security based on WAF system function | |
| CN105227559A (en) | The information security management framework that a kind of automatic detection HTTP actively attacks | |
| Uemura et al. | Availability analysis of an intrusion tolerant distributed server system with preventive maintenance | |
| CN110351277A (en) | Electric power monitoring system security protection alarm method | |
| CN103378991A (en) | Online service abnormity monitoring method and monitoring system thereof | |
| CN113645213A (en) | Multi-terminal network management monitoring system based on VPN technology | |
| CN111917701A (en) | Passive checking online violation external connection technology based on non-client mode | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| CN113411295A (en) | Role-based access control situation awareness defense method and system | |
| CN106254125A (en) | The method and system of security incident correlation analysiss based on big data | |
| CN114006722B (en) | Situation awareness verification method, device and system for detecting threat | |
| CN111131168A (en) | Self-adaptive protection method based on Web application | |
| CN111917697A (en) | Active detection online violation external connection technology based on non-client mode | |
| Miloslavskaya et al. | Taxonomy for unsecure big data processing in security operations centers | |
| CN114625074A (en) | Safety protection system and method for DCS (distributed control System) of thermal power generating unit | |
| CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
| US20140245454A1 (en) | Method and apparatus for protecting flight data | |
| Tanaka et al. | IoT system security issues and solution approaches | |
| CN114301796B (en) | Verification method, device and system for prediction situation awareness |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20201110 |
|
| WW01 | Invention patent application withdrawn after publication |