CN112272172A - Internet of things video monitoring safety management system - Google Patents

Internet of things video monitoring safety management system Download PDF

Info

Publication number
CN112272172A
CN112272172A CN202011129811.3A CN202011129811A CN112272172A CN 112272172 A CN112272172 A CN 112272172A CN 202011129811 A CN202011129811 A CN 202011129811A CN 112272172 A CN112272172 A CN 112272172A
Authority
CN
China
Prior art keywords
internet
things
video monitoring
management
private network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202011129811.3A
Other languages
Chinese (zh)
Inventor
张小华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202011129811.3A priority Critical patent/CN112272172A/en
Publication of CN112272172A publication Critical patent/CN112272172A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of Internet of things video monitoring safety management, and discloses an Internet of things video monitoring safety management system, which comprises: the internet of things virtual private network is deployed between the internet of things monitoring operation platform and the internet of things remote management or use terminal, the internet of things virtual private network is used for encrypting data communication between the internet of things monitoring operation platform and the internet of things remote management or use terminal, and an internet of things private network channel between the internet of things monitoring operation platform and the internet of things remote management or use terminal is established; an internet of things security situation and management and control system is deployed at a network access port of the internet of things video monitoring system; web application firewall equipment is deployed in a data center area of the Internet of things video monitoring system. The invention solves the technical problem that the video monitoring system of the Internet of things is directly or indirectly butted with a public network and is easy to be attacked and damaged from the outside.

Description

Internet of things video monitoring safety management system
Technical Field
The invention relates to the technical field of Internet of things video monitoring safety management, in particular to an Internet of things video monitoring safety management system.
Background
The Internet of things video monitoring is a comprehensive system with strong prevention capability and mainly comprises three pieces of front-end acquisition equipment, a transmission network and a monitoring operation platform. The interconnection between objects and people is realized by monitoring and collecting videos and sounds and analyzing and extracting data in time. At present, the video monitoring of the internet of things is mainly used for security monitoring of large-scale stadiums and areas with dense people streams, important equipment and facilities and is often deployed in an intranet environment; however, for the convenience of remote management and use, a considerable part of the system is connected with the public network or directly deployed in the public network, and the system is directly or indirectly connected with the public network, so that the system is easily attacked and damaged from the outside, and an attacker can damage or even tamper with data on the server, thereby causing a serious security problem.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides an Internet of things video monitoring safety management system, which aims to solve the technical problem that the Internet of things video monitoring system is directly or indirectly butted with a public network and is easily attacked and damaged from the outside.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
an Internet of things video monitoring safety management system comprises: the internet of things virtual private network is deployed between the internet of things monitoring operation platform and the internet of things remote management or use terminal, the internet of things virtual private network is used for encrypting data communication between the internet of things monitoring operation platform and the internet of things remote management or use terminal, and an internet of things private network channel between the internet of things monitoring operation platform and the internet of things remote management or use terminal is established;
the virtual private network of the Internet of things is characterized in that a VPN server is erected in an internal network of the Internet of things, after the Internet of things is remotely managed or a user terminal is connected with the Internet, the Internet of things is connected with the VPN server, and then the Internet of things enters the internal network of the Internet of things through the VPN server.
Further, the internet of things video monitoring safety management system further comprises: an internet of things security situation and management and control system is deployed at a network access port of the internet of things video monitoring system, and Web application firewall equipment is deployed in a data center area of the internet of things video monitoring system.
Further, the internet of things security situation and management and control system carries out state monitoring, behavior auditing, anomaly analysis and security management and control on the front-end equipment of the internet of things video monitoring system, and senses security states, vulnerability, anomaly threats and illegal access of the front-end equipment in the massive internet of things video monitoring system.
Further, the Web application firewall device protects a Web application server of the Internet of things video monitoring platform and monitors the access of a website of the Internet of things video monitoring system for 7x24 hours in real time.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
according to the invention, the Internet of things virtual private network is deployed between the Internet of things monitoring operation platform and the Internet of things remote management or use terminal, and the Internet of things virtual private network realizes encryption of data communication between the Internet of things monitoring operation platform and the Internet of things remote management or use terminal, and establishes an Internet of things private network channel between the Internet of things monitoring operation platform and the Internet of things remote management or use terminal;
the virtual private network of the Internet of things provides a method for remotely managing and using video monitoring data of the Internet of things, which has high cost efficiency and good safety performance; the internet of things security situation and management and control system deployed at the network access port of the internet of things video monitoring system realizes the asset threat visualization of the whole internet of things video monitoring system, and the whole network asset security can be managed and controlled; the method comprises the steps that Web application firewall equipment deployed in a data center area of an Internet of things video monitoring system monitors the access of a website for 7x24 hours in real time;
therefore, the technical problem that the video monitoring system of the Internet of things is directly or indirectly connected with a public network and is easily attacked and damaged from the outside is solved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An Internet of things video monitoring safety management system comprises: the internet of things virtual private network is deployed between the internet of things monitoring operation platform and the internet of things remote management or use terminal, the internet of things virtual private network is used for encrypting data communication between the internet of things monitoring operation platform and the internet of things remote management or use terminal, and an internet of things private network channel between the internet of things monitoring operation platform and the internet of things remote management or use terminal is established;
the virtual private network of the Internet of things establishes a VPN server in an internal network of the Internet of things, after the Internet of things is remotely managed or a terminal is connected with the Internet, the Internet of things is connected with the VPN server through the Internet, and then the Internet of things enters the internal network of the Internet of things through the VPN server;
wherein, the VPN is a virtual private network;
in order to ensure the safety of video monitoring data of the Internet of things, communication data between a VPN server and a remote management or use terminal of the Internet of things are encrypted;
the working process of the virtual private network of the Internet of things comprises the following steps:
firstly, a VPN gateway of an Internet of things virtual private network adopts a double-network card structure, and an external network card accesses the Internet by using a public network IP;
remotely managing the Internet of things of the Internet or accessing the Internet of things monitoring operation platform of the Internet of things by using a terminal, wherein the target address of the access data packet sent by the Internet of things monitoring operation platform is the internal IP address of the Internet of things monitoring operation platform;
checking a target address of an access data packet sent by an Internet of things remote management or using terminal by a VPN gateway of the Internet, if the target address belongs to the address of the Internet of things, packaging the data packet, and using the original packaged data packet as the load of the VPN data packet, wherein the target address of the VPN data packet is the external address of the VPN gateway of the Internet of things;
the VPN gateway of the Internet sends the VPN data packet to the Internet, and the data packet is correctly sent to the VPN gateway of the Internet of things by the route in the Internet because the target address of the VPN data packet is the external address of the VPN gateway of the Internet of things;
fifthly, the VPN gateway of the Internet of things checks the received data packet, if the data packet is sent from the VPN gateway of the Internet, the data packet can be judged to be the VPN data packet, and the data packet is unpacked, wherein the unpacking process mainly comprises the steps of stripping a packet header of the VPN data packet and then reversely processing the data packet to restore the data packet into an original data packet;
sixthly, the VPN gateway of the Internet of things sends the restored original data packet to the Internet of things monitoring operation platform, and the target address of the original data packet is the IP of the Internet of things monitoring operation platform, so that the data packet can be correctly sent to the Internet of things monitoring operation platform, and the received data packet is the same as that directly sent from the remote management or use terminal of the Internet of things in view of the Internet of things monitoring operation platform;
the processing process of the data packet returned from the Internet of things monitoring operation platform to the Internet of things remote management or the use terminal is the same as the process, so that the terminals in the two networks can communicate with each other;
furthermore, an internet of things security situation and management and control system is deployed at a network access port of the internet of things video monitoring system, and the internet of things security situation and management and control system performs state monitoring, behavior auditing, anomaly analysis and security management and control on front-end equipment of the internet of things video monitoring system and senses security conditions such as security states, vulnerabilities, anomaly threats, illegal access and the like of the front-end equipment in the massive internet of things video monitoring system;
the method comprises the steps that for the prediction, protection, monitoring and response of the security situation of front-end equipment of the video monitoring system of the Internet of things, the overall security capability is improved from a plurality of aspects of end point security, boundary security, data security and management security, so that the visualization of the asset threat of the whole video monitoring system of the Internet of things is realized, and the whole network asset security can be managed and controlled;
furthermore, a Web application firewall device is deployed in a data center area of the Internet of things video monitoring system, and the Web application firewall device protects a Web application server of the Internet of things video monitoring platform, namely, the website access is monitored in real time within 7x24 hours, and through the deployment of the Web application firewall, various website safety problems of the Web application server can be solved, such as SQL injection attack, cross-site attack, malicious coding, buffer overflow, application layer DDoS attack and the like, so that the occurrence of security events which seriously affect the image, such as webpage tampering, trojan hanging and the like, is prevented;
the Web application firewall equipment is directly connected in a link by adopting an HA dual-computer hot standby deployment mode, and external Web application is protected before a Web server of the Internet of things video monitoring platform is deployed.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (4)

1. The utility model provides a thing networking video monitoring safety control system which characterized in that includes: the internet of things virtual private network is deployed between the internet of things monitoring operation platform and the internet of things remote management or use terminal, the internet of things virtual private network is used for encrypting data communication between the internet of things monitoring operation platform and the internet of things remote management or use terminal, and an internet of things private network channel between the internet of things monitoring operation platform and the internet of things remote management or use terminal is established;
the virtual private network of the Internet of things is characterized in that a VPN server is erected in an internal network of the Internet of things, after the Internet of things is remotely managed or a user terminal is connected with the Internet, the Internet of things is connected with the VPN server, and then the Internet of things enters the internal network of the Internet of things through the VPN server.
2. The internet of things video monitoring security management system according to claim 1, further comprising: an internet of things security situation and management and control system is deployed at a network access port of the internet of things video monitoring system, and Web application firewall equipment is deployed in a data center area of the internet of things video monitoring system.
3. The internet of things video monitoring security management system according to claim 2, wherein the internet of things security situation and management and control system performs state monitoring, behavior auditing, anomaly analysis and security management and control on the front-end equipment of the internet of things video monitoring system, and senses security states, vulnerability, anomaly threats and illegal access of the front-end equipment in the massive internet of things video monitoring system.
4. The internet of things video monitoring security management system according to claim 3, wherein the Web application firewall device protects a Web application server of the internet of things video monitoring platform and monitors access to a website of the internet of things video monitoring system for 7x24 hours in real time.
CN202011129811.3A 2020-10-21 2020-10-21 Internet of things video monitoring safety management system Withdrawn CN112272172A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011129811.3A CN112272172A (en) 2020-10-21 2020-10-21 Internet of things video monitoring safety management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011129811.3A CN112272172A (en) 2020-10-21 2020-10-21 Internet of things video monitoring safety management system

Publications (1)

Publication Number Publication Date
CN112272172A true CN112272172A (en) 2021-01-26

Family

ID=74342598

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011129811.3A Withdrawn CN112272172A (en) 2020-10-21 2020-10-21 Internet of things video monitoring safety management system

Country Status (1)

Country Link
CN (1) CN112272172A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112671808A (en) * 2021-03-16 2021-04-16 北京顺谋科技有限公司 Internet data transmission anti-tampering sentinel system and internet data transmission system
CN114338136A (en) * 2021-12-27 2022-04-12 深圳前海同益网络技术有限公司 System and method for realizing private network communication based on universal Internet of things equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112671808A (en) * 2021-03-16 2021-04-16 北京顺谋科技有限公司 Internet data transmission anti-tampering sentinel system and internet data transmission system
CN112671808B (en) * 2021-03-16 2021-07-13 北京顺谋科技有限公司 Internet data transmission anti-tampering sentinel system and internet data transmission system
CN114338136A (en) * 2021-12-27 2022-04-12 深圳前海同益网络技术有限公司 System and method for realizing private network communication based on universal Internet of things equipment

Similar Documents

Publication Publication Date Title
CN102821081B (en) Method and system for monitoring DDOS (distributed denial of service) attacks in small flow
CN104954764A (en) Video monitoring system based on video resource safety gateway
KR100947211B1 (en) System for active security surveillance
CN112272172A (en) Internet of things video monitoring safety management system
Bowen et al. Next generation SCADA security: best practices and client puzzles
CN104660572A (en) Novel method and device for controlling mode data for denial of service attack in access network
Patidar et al. Information theory-based techniques to detect DDoS in SDN: A survey
Ahmed et al. A Linux-based IDPS using Snort
Ma An effective method for defense against IP spoofing attack
CN1176421C (en) Intraconnection network computer and Internet unauthorized connection monitoring system and its method
CN111885020A (en) Network attack behavior real-time capturing and monitoring system with distributed architecture
Zhang et al. VOIP voice network technology security strategies
Ye et al. Research on network security protection strategy
Hwang et al. NetShield: Protocol anomaly detection with datamining against DDoS attacks
Maynard et al. Towards understanding man-on-the-side attacks (MotS) in SCADA networks
Mudgal et al. Spark-Based Network Security Honeypot System: Detailed Performance Analysis
Abhijith et al. First Level Security System for Intrusion Detection and Prevention in LAN
Xiang et al. An active distributed defense system to protect web applications from DDoS attacks
KR100422807B1 (en) Security gateway apparatus for controlling of policy-based network security and its proceeding method
Yang et al. Cybersecurity testing technology in smart substations
KR20090116206A (en) System for defending client distribute denial of service and method therefor
Hareesh et al. Passive security monitoring for IEC-60870-5-104 based SCADA systems
Abdulrezzak et al. Enhancing Intrusion Prevention in Snort System
Xiang et al. Protect grids from DDoS attacks
Ao Design and deployment of border security in multimedia network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20210126

WW01 Invention patent application withdrawn after publication