CN111917702A - Non-client-side mode passive checking off-line illegal external connection technology - Google Patents

Non-client-side mode passive checking off-line illegal external connection technology Download PDF

Info

Publication number
CN111917702A
CN111917702A CN202010241761.1A CN202010241761A CN111917702A CN 111917702 A CN111917702 A CN 111917702A CN 202010241761 A CN202010241761 A CN 202010241761A CN 111917702 A CN111917702 A CN 111917702A
Authority
CN
China
Prior art keywords
external connection
intranet
terminal
accessed
illegal external
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010241761.1A
Other languages
Chinese (zh)
Inventor
刘正海
李京飞
李强
刘超
史宗亚
李善良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Ronghui Huafang Technology Co ltd
Original Assignee
Beijing Ronghui Huafang Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ronghui Huafang Technology Co ltd filed Critical Beijing Ronghui Huafang Technology Co ltd
Priority to CN202010241761.1A priority Critical patent/CN111917702A/en
Publication of CN111917702A publication Critical patent/CN111917702A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides an offline illegal external connection technology based on passive check of a non-client mode, wherein a terminal leaves an internal network in the non-client mode, is illegally connected with an external network, can send a request to a pre-customized DNS (domain name system) server for external network information accessed by the terminal through a specific JavaScript program, judges that the terminal accesses the Internet after analyzing an Internet website and receiving an illegal external connection service address, and sends a terminal IP/MAC (Internet protocol/media access control) and an external connection address to an external connection detection server.

Description

Non-client-side mode passive checking off-line illegal external connection technology
Technical Field
The invention belongs to the field of information security, and relates to a non-client mode passive checking offline illegal external connection technology.
Background
Government, military, and business office systems have been networked. These important information systems store a lot of confidential information, which, if leaked, may cause serious damage to the security of enterprises and public institutions and even countries. In order to improve the safety of the intranet, some units with higher information safety requirements prohibit the connection of an internal network and an external network such as the internet and adopt a physical isolation mode for control. In actual work, however, illegal external connection is often intentionally and unintentionally caused due to the low security awareness of some users. The risk of springboard attack and illegal invasion is easily increased.
The existing external connection detection means has two modes: 1) the proxy client is not installed, and the internal and external networks can be simultaneously on line to monitor whether illegal external connection occurs. 2) And installing a proxy client, and sending an external connection data packet to the outside through the client to perform external network detection. The client needs each computer to install a plug-in for checking, and more or less compatibility problems exist.
Therefore, the invention provides a technology for passively checking offline illegal external connection based on a non-client mode, which can accurately find the occurrence and positioning of illegal external connection after a check terminal leaves an internal network and then accesses an internal network.
Disclosure of Invention
The invention relates to a passive offline illegal external connection checking technology based on a non-client mode. And the browser accessed by the terminal through a specific JavaScript program is loaded to the local to check the DNS server to analyze the outer network access trace.
The invention provides a technical method for passively checking offline illegal external connection based on a non-client mode, which comprises the following steps:
step 1, an intranet terminal is connected to the internet;
step 2, the intranet terminal is accessed to the intranet, and a JavaScript program is loaded to the local place along with a browser when a service website is accessed;
step 3, the JavaScript program performs request analysis to dns by reading an external network address accessed by an intranet terminal browser Cooike simulation opening;
step 4, after the analysis is completed, automatically analyzing whether the external network address can be analyzed to an external connection detection system;
step 5, after the external network address is analyzed, the JavaScript program reports the internal network address and the external network access trace to an internal illegal external connection detection server;
step 6, after receiving the detection information, immediately carrying out illegal external connection alarm;
by the method and the system provided by the invention, accurate monitoring of illegal external connection behaviors can be realized on the terminal host without the proxy client, and a simpler and more convenient means is provided for monitoring illegal external connections.
Drawings
FIG. 1 is a diagram illustrating an application deployment of a system for passively checking offline illegal external connection based on a non-client mode according to the present invention;
FIG. 2 is a flow chart of a passive check of offline illegal external connection monitoring based on non-client mode according to the present invention;
fig. 3 is a flowchart of a non-client-side passive check offline illegal external connection monitoring according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a non-client-side passive detection offline illegal external connection detection system according to the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings:
according to the step 11 of FIG. 3, an intranet deploys a set of illegal external connection monitoring system;
according to the step 12 of fig. 3, the internal network DNS resolution system resolves the external network domain name to the external connection monitoring system;
loading a JavaScript program according to the intranet service website in the step 13 of FIG. 3;
the terminal leaves the intranet to connect to the internet according to step 14 of figure 3;
according to the step 15 of FIG. 3, the terminal of the intranet is accessed to the intranet, and the visiting service website loads the JavaScript program to the local along with the browser;
according to the JavaScript program in step 16 of FIG. 3, an analysis request is initiated to the DNS server by reading the address of the external network accessed by the internal network terminal browser through Cooike simulation;
after the resolution is completed according to step 17 in fig. 3, automatically analyzing whether the external network address can be resolved;
if not, step 18 according to fig. 3, it is assumed that no illegal external connection has occurred;
if the external connection monitoring system is analyzed according to step 19 in fig. 3, the illegal external connection is considered to occur. Meanwhile, reporting the internal network address and the external network access trace to an internal monitoring server by the JavaScript program;
after receiving the detection information according to step 20 of fig. 3, immediately performing illegal external connection alarm on the terminal;
the classification of the relevant information is ended according to step 21 of fig. 3.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention. Therefore, the protection scope of the present invention should be subject to the appended claims.
THE ADVANTAGES OF THE PRESENT INVENTION
Compared with the traditional external connection detection means, the method can detect the illegal external connection behavior of the terminal after leaving the intranet to carry out careful monitoring on the premise of not installing client agent software. The illegal external connection of the terminal after leaving the intranet is better monitored without perception, and network security events such as springboard attack, information leakage and the like are effectively avoided.

Claims (3)

1. A technology for passively checking offline illegal external connection based on a non-client mode is characterized in that a browser accessed by a terminal through a specific JavaScript program is loaded to the local to check a DNS server to analyze an external network access trace, and the technology comprises the following steps:
step 1, an intranet terminal is connected to the internet;
step 2, the intranet terminal is accessed to the intranet, and a JavaScript program is loaded to the local place along with a browser when a service website is accessed;
step 3, the JavaScript program performs request analysis on the DNS configured in advance by reading the address of the outer network accessed by the inner network terminal browser through Cooike simulation;
step 4, after the analysis is completed, automatically analyzing whether the external network address can be analyzed to an illegal external connection server;
step 5, after the external network address is analyzed, the JavaScript program reports the internal network address and the external network access trace to an internal illegal external connection detection server;
and 6, immediately carrying out illegal external connection alarm after receiving the detection information.
2. The non-client mode passive inspection offline violation extralink technique according to claim 1 wherein detection servers need to be deployed on the intranet, mirrored traffic for intranet web services is configured and the intranet is provided with a DNS server.
3. The method according to claim 2, wherein the intranet terminal that has violated the extranet is re-connected to the network, and when accessing the service, the JS check code is automatically traced, which simulates accessing the extranet domain name, and is designated as the intranet detection server according to the extranet domain name access information embedded in the DNS, and once the intranet detection server receives the extranet domain name access information at the same time, the intranet terminal is considered to have accessed the internet.
CN202010241761.1A 2020-03-31 2020-03-31 Non-client-side mode passive checking off-line illegal external connection technology Withdrawn CN111917702A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010241761.1A CN111917702A (en) 2020-03-31 2020-03-31 Non-client-side mode passive checking off-line illegal external connection technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010241761.1A CN111917702A (en) 2020-03-31 2020-03-31 Non-client-side mode passive checking off-line illegal external connection technology

Publications (1)

Publication Number Publication Date
CN111917702A true CN111917702A (en) 2020-11-10

Family

ID=73237375

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010241761.1A Withdrawn CN111917702A (en) 2020-03-31 2020-03-31 Non-client-side mode passive checking off-line illegal external connection technology

Country Status (1)

Country Link
CN (1) CN111917702A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115051867A (en) * 2022-06-22 2022-09-13 深信服科技股份有限公司 Detection method and device for illegal external connection behaviors, electronic equipment and medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1750480A (en) * 2005-09-29 2006-03-22 西安交大捷普网络科技有限公司 Detecting method for illegal external connection of inner net computer
CN106302501A (en) * 2016-08-27 2017-01-04 浙江远望信息股份有限公司 A kind of method of real-time discovery internetwork communication behavior
CN107733706A (en) * 2017-09-30 2018-02-23 北京北信源软件股份有限公司 The illegal external connection monitoring method and system of a kind of no agency
CN108632221A (en) * 2017-03-22 2018-10-09 华为技术有限公司 Position method, equipment and the system of the compromised slave in Intranet
CN108881211A (en) * 2018-06-11 2018-11-23 杭州盈高科技有限公司 A kind of illegal external connection detection method and device
CN110191102A (en) * 2019-05-09 2019-08-30 黄志英 A kind of illegal external connection comprehensive monitoring system and its method
CN110417821A (en) * 2019-09-09 2019-11-05 北京华赛在线科技有限公司 A kind of networking detection method and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1750480A (en) * 2005-09-29 2006-03-22 西安交大捷普网络科技有限公司 Detecting method for illegal external connection of inner net computer
CN106302501A (en) * 2016-08-27 2017-01-04 浙江远望信息股份有限公司 A kind of method of real-time discovery internetwork communication behavior
CN108632221A (en) * 2017-03-22 2018-10-09 华为技术有限公司 Position method, equipment and the system of the compromised slave in Intranet
CN107733706A (en) * 2017-09-30 2018-02-23 北京北信源软件股份有限公司 The illegal external connection monitoring method and system of a kind of no agency
CN108881211A (en) * 2018-06-11 2018-11-23 杭州盈高科技有限公司 A kind of illegal external connection detection method and device
CN110191102A (en) * 2019-05-09 2019-08-30 黄志英 A kind of illegal external connection comprehensive monitoring system and its method
CN110417821A (en) * 2019-09-09 2019-11-05 北京华赛在线科技有限公司 A kind of networking detection method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王永佳: "使用JavaScript代码在Rapid板子上实现DNS解析域名得到IP地址操作分享!", 《电子发烧友论坛;HTTPS://BBS.ELECFANS.COM/JISHU_1831050_1_1.HTML 》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115051867A (en) * 2022-06-22 2022-09-13 深信服科技股份有限公司 Detection method and device for illegal external connection behaviors, electronic equipment and medium
CN115051867B (en) * 2022-06-22 2024-04-09 深信服科技股份有限公司 Illegal external connection behavior detection method and device, electronic equipment and medium

Similar Documents

Publication Publication Date Title
US10873594B2 (en) Test system and method for identifying security vulnerabilities of a device under test
CN110365793B (en) Illegal external connection monitoring method, device and system and storage medium
CN109525558B (en) Data leakage detection method, system, device and storage medium
CN101841533B (en) Method and device for detecting distributed denial-of-service attack
CN103378991B (en) A kind of online service method for monitoring abnormality and its monitoring system
CN107733706A (en) The illegal external connection monitoring method and system of a kind of no agency
CN107317818B (en) Network connection detection method based on DNS hijacking technology
CN114006723B (en) Network security prediction method, device and system based on threat information
CN112131577A (en) Vulnerability detection method, device and equipment and computer readable storage medium
CN104580185A (en) Method and system for network access control
CN104935551B (en) A kind of webpage tamper protective device and method
CN107733699B (en) Internet asset security management method, system, device and readable storage medium
CN112738095A (en) Method, device, system, storage medium and equipment for detecting illegal external connection
CN111917701A (en) Passive checking online violation external connection technology based on non-client mode
CN114244564B (en) Attack defense method, device, equipment and readable storage medium
Zulkifli et al. Live Forensics Method for Analysis Denial of Service (DOS) Attack on Routerboard
CN109361574A (en) NAT detection method, system, medium and equipment based on JavaScript script
CN113468075A (en) Security testing method and system for server-side software
CN115190108A (en) Method, device, medium and electronic equipment for detecting monitored equipment
CN113630409B (en) Abnormal flow identification method based on DNS analysis flow and IP flow fusion analysis
US7467201B2 (en) Methods, systems and computer program products for providing status information to a device attached to an information infrastructure
CN111917702A (en) Non-client-side mode passive checking off-line illegal external connection technology
CN114301796B (en) Verification method, device and system for prediction situation awareness
CN115378655A (en) Vulnerability detection method and device
CN114205169A (en) Network security defense method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20201110

WW01 Invention patent application withdrawn after publication