CN112398860A - Safety control method and device - Google Patents

Safety control method and device Download PDF

Info

Publication number
CN112398860A
CN112398860A CN202011288471.9A CN202011288471A CN112398860A CN 112398860 A CN112398860 A CN 112398860A CN 202011288471 A CN202011288471 A CN 202011288471A CN 112398860 A CN112398860 A CN 112398860A
Authority
CN
China
Prior art keywords
maintenance
control instruction
cloud server
maintenance terminal
authority information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011288471.9A
Other languages
Chinese (zh)
Inventor
邓练兵
李皓
卢振兴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Dahengqin Technology Development Co Ltd
Original Assignee
Zhuhai Dahengqin Technology Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Dahengqin Technology Development Co Ltd filed Critical Zhuhai Dahengqin Technology Development Co Ltd
Priority to CN202011288471.9A priority Critical patent/CN112398860A/en
Publication of CN112398860A publication Critical patent/CN112398860A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention provides a safety control method and a safety control device, wherein the method is applied to a proprietary cloud platform, a plurality of cloud servers and bastion machines are deployed on the proprietary cloud platform, and the method comprises the following steps: the fortress machine receives an operation and maintenance request aiming at the target cloud server and sent by the operation and maintenance terminal; the operation and maintenance terminal is subjected to identity verification, and an operation and maintenance interface for the target cloud server is displayed to the operation and maintenance terminal when the identity verification passes; receiving a first control instruction input by an operation and maintenance terminal through an operation and maintenance interface; acquiring authority information corresponding to the operation and maintenance terminal; when the first control instruction is judged to be matched with the authority information, the first control instruction is converted into a second control instruction which can be identified by the target cloud server; the second control instruction is sent to the target cloud server, so that the safety control of the operation and maintenance request process of the cloud server is realized, the safety of the cloud server is improved, and the operation and maintenance operation of the cloud server can be realized only by a user through a simple control instruction.

Description

Safety control method and device
Technical Field
The present invention relates to the technical field of security control, and in particular, to a method and an apparatus for security control.
Background
The cloud platform refers to services based on hardware resources and software resources, and provides computing, network and storage capabilities. Cloud platforms can be divided into three categories: the cloud platform comprises a storage type cloud platform taking data storage as a main part, a computing type cloud platform taking data processing as a main part, and a comprehensive type cloud platform taking computing and storage processing into consideration.
Cloud servers for providing services are generally deployed in the cloud platform, for example: a cloud server providing computing, a cloud server providing storage, a cloud server providing online backup, a cloud server providing hosting, and so forth. In practical application, each cloud server in the cloud platform needs to be operated and maintained, namely, operated and maintained frequently, so that the use efficiency of the cloud server is improved, and faults of the cloud server are checked and processed. Therefore, how to improve the security of the operation and maintenance process of the cloud server is an urgent problem to be solved for the security of the cloud server.
Disclosure of Invention
In view of the above, it is proposed to provide a method and apparatus, a server, a storage medium for security control that overcome or at least partially solve the above problems, comprising:
a security control method is applied to a proprietary cloud platform, wherein the proprietary cloud platform is provided with a plurality of cloud servers and bastion machines, and the method comprises the following steps:
the fortress machine receives an operation and maintenance request aiming at the target cloud server and sent by an operation and maintenance terminal;
the fortress machine carries out identity verification on the operation and maintenance terminal, and displays an operation and maintenance interface aiming at the target cloud server to the operation and maintenance terminal when the identity verification passes;
the fortress machine receives a first control instruction input by the operation and maintenance terminal through the operation and maintenance interface;
the fortress machine acquires authority information corresponding to the operation and maintenance terminal;
the bastion machine judges whether the first control instruction is matched with the authority information;
when the bastion machine judges that the first control instruction is matched with the authority information, the bastion machine converts the first control instruction into a second control instruction which can be recognized by the target cloud server;
and the bastion machine sends the second control instruction to the target cloud server.
Optionally, the method further comprises:
and generating log information aiming at the operation and maintenance request.
Optionally, the method further comprises:
obtaining a feedback result of the target cloud server for the second control instruction;
and sending the feedback result to the operation and maintenance terminal.
Optionally, before the sending the feedback result to the operation and maintenance terminal, the method further includes:
sensitive content detection is carried out on the feedback result;
when the sensitive content passes the detection, the feedback result is sent to the operation and maintenance terminal;
and when the sensitive content does not pass the detection, deleting or encrypting the sensitive content in the feedback result, and sending the deleted or encrypted feedback result to the operation and maintenance terminal.
Optionally, the method further comprises:
and when the control instruction is judged not to be matched with the authority information, generating an illegal operation message and returning the illegal operation message to the operation and maintenance terminal.
Optionally, the bastion machine is provided with a plurality of bastion machines, and the plurality of bastion machines adopt a distributed architecture.
Optionally, the proprietary cloud platform provides services for a regional application portal.
A security control apparatus applied to a proprietary cloud platform deployed with a plurality of cloud servers and bastion machines, the apparatus comprising:
the operation and maintenance request receiving module is used for receiving an operation and maintenance request which is sent by an operation and maintenance terminal and aims at the target cloud server;
the identity authentication module is used for performing identity authentication on the operation and maintenance terminal and displaying an operation and maintenance interface aiming at the target cloud server to the operation and maintenance terminal when the identity authentication passes;
the first control instruction receiving module is used for receiving a first control instruction input by the operation and maintenance terminal through the operation and maintenance interface;
the authority information acquisition module is used for acquiring authority information corresponding to the operation and maintenance terminal;
the authority information judging module is used for judging whether the first control instruction is matched with the authority information;
the conversion module is used for converting the first control instruction into a second control instruction which can be identified by the target cloud server when the first control instruction is judged to be matched with the authority information;
and the second control instruction sending module is used for sending the second control instruction to the target cloud server.
A server comprising a processor, a memory and a computer program stored on the memory and capable of running on the processor, the computer program when executed by the processor implementing a method of security control as described above.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of security control as set forth above.
The embodiment of the invention has the following advantages:
in the embodiment of the invention, an operation and maintenance request aiming at a target cloud server sent by an operation and maintenance terminal is received; the fortress machine carries out identity verification on the operation and maintenance terminal, and displays an operation and maintenance interface aiming at the target cloud server to the operation and maintenance terminal when the identity verification passes; the fortress machine receives a first control instruction input by the operation and maintenance terminal through the operation and maintenance interface; the fortress machine acquires authority information corresponding to the operation and maintenance terminal; the bastion machine judges whether the first control instruction is matched with the authority information; when the bastion machine judges that the first control instruction is matched with the authority information, the bastion machine converts the first control instruction into a second control instruction which can be recognized by the target cloud server; the fortress machine sends the second control instruction to the target cloud server, so that the safety control of the operation and maintenance request process of the cloud server is realized, the safety of the cloud server is improved, and the operation and maintenance operation of the cloud server can be realized only by a user needing a simple control instruction.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed to be used in the description of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic diagram of an overall architecture of a proprietary cloud platform according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating steps of a method for security control according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a safety control device according to an embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below. It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
And the proprietary cloud platform adopts a unified operation and maintenance service management platform to manage related resources in the proprietary cloud platform. The proprietary cloud platform takes computation, network, storage and the like as basic constituent elements, and constituent elements in the proprietary cloud platform can be selected and predefined according to system requirements. The proprietary cloud platform is based on the existing hardware module, combines virtualization, software definition and a distributed architecture, and realizes modularized seamless horizontal extension by aggregating a plurality of sets of standardized general hardware through a network, so as to construct a cloud platform environment completely depending on software drive.
The operation and maintenance system in the proprietary cloud platform realizes the operation and maintenance management of unified automatic deployment, upgrading change and configuration management of physical equipment, an operating system, computing, networks, storage, databases, middleware, business applications and the like in the cloud computing environment. Monitoring alarm and automatic analysis and diagnosis processing in the aspects of fault, performance, configuration and the like are provided, the running state and quality of the cloud platform are evaluated through analysis and processing, the continuous and stable running of cloud computing service application is guaranteed, meanwhile, service and support are provided for a service process, and a perfect operation and maintenance service management platform is constructed.
The management of physical resources of the data center in the proprietary cloud platform can be provided for a proprietary cloud platform planning tool and an automated deployment operation and maintenance service, various resources of the proprietary cloud platform can be managed and scheduled in a centralized manner, physical computing resources, virtual computing resources, network resources and storage resources are covered, and various virtualization technologies can be adapted and managed. Through a unified operation and maintenance management interface, the special cloud platform for operation and maintenance can be comprehensively and efficiently managed.
The proprietary cloud platform may also provide proprietary cloud platform operation/diagnostic system services. The service depends on topology display, cloud platform resource full topology display, network topology display, monitoring configuration, network health, health inspection and pre-inspection of infrastructure, fault pre-inspection and diagnosis; these services in turn rely on the final state data, log data and monitoring data. Meanwhile, the NTP (Network Time Protocol) of the computer room also needs to ensure that the Time on each node must be synchronous, so that the collected log and monitoring data can be valid data, and the effectiveness of operation, maintenance and diagnosis is ensured.
Besides the cloud product autonomous operation and maintenance portal (entry site) through the proprietary cloud platform diagnostic system, the operation and maintenance in the proprietary cloud platform need to log on to the device node (physical server, virtual machine, container, network node, network device) for operation and maintenance under specific conditions. Meanwhile, in order to reduce operation errors caused by manual login of the service node, almost all operation and maintenance tools, operation and maintenance scripts and operation and maintenance commands in operation and maintenance work are integrated in the proprietary cloud platform operation and maintenance/diagnosis system, and remote login and operation and maintenance operations can be performed on the target node in an operation and maintenance portal provided by the cloud platform operation and maintenance/diagnosis system.
In the proprietary cloud platform, the operation and maintenance archive serves as storage of operation and maintenance data and comprises terminal data, diagnosis prescriptions (fault solutions), log data, monitoring data and operation and maintenance flow data. As a data source for comparison between diagnosis and fault judgment, the richer the data, the higher the diagnosis accuracy, and the higher the health pre-inspection and trend judgment accuracy.
The operation and maintenance safety is guaranteed from the perspective of three-power separation, a system administrator has operation and maintenance operation permissions of the platform, a security administrator has the permissions of creating, changing and destroying operation and maintenance accounts and roles, a security auditor has audit permissions on all operation and maintenance operation logs of the proprietary cloud platform, and the operation and maintenance permissions are subdivided, so that each operation and maintenance person is guaranteed to be used for the minimum applicable permission, and risks caused by overlarge permissions are avoided. The product operation and maintenance management and control are converged in a proprietary cloud platform operation and maintenance system in a unified manner, and an SSO (Single Sign On) system is accessed, so that the unified convergence of the product operation and maintenance management and control authority is ensured. The method supports various two-factor services, verifies the account IP and the authority information when the operation and maintenance system logs in, and ensures the authentication safety of the proprietary cloud platform.
In the construction of a smart city, by introducing advanced technologies such as cloud computing, big data, internet of things and mobile interconnection, a cross-domain multi-dimensional big data public service cloud platform with unified standards, unified entries, unified acquisition, unified management, unified service and unified data is built, so that the data fusion capability of cross-department, cross-domain and cross-region is realized, the data in-domain data concentration, data sharing and exchange outside the domain and flexible expansion of domain boundaries according to rules are achieved, the ecological cycle of digital economy is formed, the data sharing of various fields of city management, social civilian life, resource environment and economic industry is promoted, the administrative efficiency, the city management capability and the resident life quality are improved, the industry fusion development is promoted, and the industry transformation upgrading and the business model are promoted.
Through the construction of a cross-domain multi-dimensional big data cloud platform, data barriers can be broken, data concentration is realized, and the big data development problem is solved. Based on the construction of the cloud platform, a data center platform and a data sharing service system are further constructed aiming at the cloud platform.
Aiming at the construction of a data middle station (namely a unified data platform), a data resource platform, a data sharing platform and the like are introduced and matched with corresponding data specifications, so that a data sharing platform which provides access to all levels of service collaboration mechanisms, video areas, all levels of service systems and all fields can be constructed, and the data sharing platform which provides openness, interconnection and sharing can be formed and simultaneously can have a unified data management system such as data cloud, data management, data exploration and full link monitoring.
As shown in fig. 1, a regional application portal, an open service gateway, a unified data platform, a regional internet of things sensing system, and other structures are deployed in a proprietary cloud platform, where the open service gateway includes a converged service sharing center and a converged data innovation center, and the following specifically describes each part of the proprietary cloud platform:
area application portal
In the regional application portal, the regional application portal is mainly divided into blocks of traffic, environmental protection, tourism, industry and commerce, medical treatment, education, regional economic brains, employment, cross-domain authentication and the like, and a user can enter each block through the regional application portal and can acquire information corresponding to each block formed by processed data.
(II) converged service sharing center and converged data innovation center
The fusion service sharing center may create different data sharing centers after fusing the data of each region according to service classification, for example: the system comprises a personal information center, a credit information center, a legal information center, a financial service center, a travel service center, a comprehensive treatment service center, a space-time service center, an Internet of things service center and the like.
The fusion data innovation center can realize the innovative application of the fusion data through a data fusion system and an AI algorithm system. The fusion service sharing center and the fusion data innovation center can fuse the data and then present the processed data to the user through the regional application portal.
(III) unified data platform
The unified data platform can comprise a data resource platform and a data sharing platform, wherein the data resource platform can comprise a plurality of components, such as data cloud, an intelligent data warehouse, an intelligent tag, data exploration, an AIMaster, data DNA, panoramic monitoring and data assets, so that service can be provided for upper-layer industry application and service scenes, the problems of data standardization, data quality and the like in the field of data management are solved, interaction modes such as dragging and the like are adopted, the realization of service logic and service functions is simplified, and the usability of the data platform is improved.
(IV) regional Internet of things sensing system
The regional Internet of things sensing system is composed of relevant sensing equipment and equipment data such as pressure, humidity, a camera, a light source, infrared sensing and temperature.
(V) other structures
In addition, data can be processed through a supercomputing cluster, a regional cloud computing platform and an OpenStack FI Ware cluster (one open-source cloud computing management platform project is a combination of a series of software open-source projects).
Referring to fig. 2, a flowchart illustrating steps of a method for security control according to an embodiment of the present invention is shown, where the method may be applied to a proprietary cloud platform, and the proprietary cloud platform may be connected to a regional application portal and provide corresponding services for the regional application portal, for example: traffic, environmental protection, tourism, industry and commerce, medical treatment, education, regional economic brain, employment, cross-domain authentication and the like. A plurality of cloud servers and bastion machines can be deployed in the proprietary cloud platform.
Specifically, the method can comprise the following steps:
step 201, the fort machine receives an operation and maintenance request aiming at a target cloud server and sent by an operation and maintenance terminal;
the bastion machine monitors and records the operation behaviors of operation and maintenance personnel on devices such as a cloud server, network devices, safety devices, a database and the like in the network by using various technical means in order to ensure that the network and data are not invaded and damaged by external and internal users under a specific network environment, so that centralized alarming, timely processing, auditing and responsibility determination are facilitated.
In practical application, the bastion machine integrates two main functions of core system operation and safety audit management and control, and technically realizes that the direct access of the terminal computer to the network and cloud server resources is cut off, and the access of the terminal computer to the network and the cloud server is taken over by adopting a protocol agent mode. In a pictographic way, the access of the operation and maintenance terminal to the target needs translation through operation and maintenance safety audit. For example, the operation and maintenance security audit acts as a gatekeeper, and all requests to the network device and the cloud server pass through the gate. Therefore, the operation and maintenance safety audit can intercept illegal access and malicious attack, carry out command blocking on illegal commands, filter out all illegal access behaviors to target equipment, and carry out audit monitoring on misoperation and illegal operation of internal personnel so as to facilitate the responsibility tracking after the fact.
As an example, the number of the bastion machines deployed in the proprietary cloud platform can be multiple, the number of the bastion machines in the proprietary cloud platform can be set according to actual conditions, and the multiple bastion machines can be arranged in the proprietary cloud platform by adopting a distributed architecture, so that the services and the traffic of the multiple bastion machines are distributed, and the working efficiency of the bastion machines is improved.
The operation and maintenance request may refer to an operation request initiated by a user for operation and maintenance of the cloud server, for example: derive log data recorded by the cloud server, update the cloud server, and so on.
Specifically, the operation and maintenance request may include a cloud server identification identifier that the user needs to perform operation and maintenance, operation and maintenance operations that the user needs to perform, and user identity information, when the user needs to perform operation and maintenance on a certain cloud server, a corresponding request initiation operation may be performed at the operation and maintenance terminal, and the operation and maintenance terminal may initiate an operation based on the request of the user to generate an operation and maintenance request, and send the operation and maintenance request to the dedicated cloud platform.
As an example, the operation and maintenance terminal may be a terminal computer, a terminal communication device, and the like.
In practical applications, multiple cloud servers in a proprietary cloud platform may provide different services to users, such as: computing, storage, online backup, hosting, and the like. In daily use, each cloud server provides service for a user, on one hand, normal log data can be recorded when the cloud server is normal, on the other hand, abnormal log data can also be recorded when the cloud server is abnormal, and at the moment, the user can send an operation and maintenance request to a special cloud platform through an operation and maintenance terminal so as to derive the normal and/or abnormal data recorded by the cloud server.
As an example, when a user needs to perform operation and maintenance operations such as upgrading on a cloud server, the operation and maintenance terminal may also send an operation and maintenance request to a proprietary cloud platform to perform operation and maintenance operations such as upgrading on the cloud server.
After receiving the operation and maintenance request, the bastion machine in the proprietary cloud platform may identify the cloud server identification, the operation and maintenance operation to be performed, and the user identity information in the operation and maintenance request, so as to respond to the operation and maintenance request of the user, for example: the cloud server identification mark is an identification mark corresponding to a ' computing cloud server ', the operation and maintenance operation required to be carried out is ' export abnormal log data ', and the user identity information is ' account number: 123456; password: abcd ".
Step 202, the bastion machine carries out identity verification on the operation and maintenance terminal, and displays an operation and maintenance interface aiming at the target cloud server to the operation and maintenance terminal when the identity verification passes;
in practical application, a user identity information base can be established in a proprietary cloud platform in advance, and identity information of a user capable of performing operation and maintenance on a cloud server is stored in the user identity information base.
After receiving the operation and maintenance request, a bastion machine in the proprietary cloud platform can verify the identity information of the user to judge whether the current operation and maintenance request is a malicious access request, and the operation and maintenance request initiated by an internal operation and maintenance terminal or sent by an external operation and maintenance terminal needs to be verified by the bastion machine and then sent to a cloud server, so that the safety problems that the cloud server is crashed and the like because the cloud server receives the malicious access request when the operation and maintenance request is directly received by the cloud server are avoided.
In practical application, the bastion machine can match the user identity information contained in the operation and maintenance request to determine whether the user identity information is in the identity information base. If the identity information is successfully matched in the identity information base, the bastion machine can judge that the current operation and maintenance request is a normal access request and carry out the subsequent steps; if the identity information is not successfully matched in the identity information base, the bastion machine can determine that the current operation and maintenance request is malicious access, and terminate the current operation and maintenance request.
In practical application, when the bastion machine judges that the current operation and maintenance request is malicious access, a malicious access message can be generated, the proprietary cloud platform terminates the current operation and maintenance request based on the malicious access message, and the malicious access message can be returned to the operation and maintenance terminal.
After the identity verification is passed, the fortress machine can display an operation and maintenance interface to the operation and maintenance terminal, wherein the operation and maintenance interface can be an interface of a cloud server corresponding to the operation and maintenance operation required by the user.
As an example, the bastion machine may also verify the source IP address of the operation and maintenance terminal to determine whether the source IP address registered by the operation and maintenance terminal device which sent the operation and maintenance request belongs to the secure IP address.
In practical application, an operation and maintenance terminal code such as a serial number can be further set for the operation and maintenance terminal, when the operation and maintenance terminal sends an operation and maintenance request to the fort machine, the operation and maintenance terminal can simultaneously send the operation and maintenance terminal code to the fort machine, and then the fort machine verifies the operation and maintenance terminal code to determine whether the operation and maintenance terminal which currently initiates the operation and maintenance request belongs to a specified operation and maintenance terminal, so that the safety of an operation and maintenance request source is ensured.
As an example, the operation and maintenance terminal code may also be included in the operation and maintenance request.
In practical application, after the identity authentication is passed, the bastion machine may obtain the cloud server identification in the operation and maintenance request to determine which cloud server the current operation and maintenance request is directed to, and then may use the determined cloud server as the target cloud server.
After the target cloud server is determined, the bastion machine may send an operation and maintenance interface corresponding to the target cloud server to the operation and maintenance terminal, for example: and if the target cloud server is a computing cloud server, the bastion machine can send an operation and maintenance interface aiming at the computing cloud server to the operation and maintenance terminal.
After receiving the operation and maintenance interface, the operation and maintenance terminal can display the operation and maintenance interface on the interface, and a user can input a control instruction corresponding to operation and maintenance operation to be performed based on the operation and maintenance interface displayed by the operation and maintenance terminal.
In practical application, after the target cloud server is determined, the bastion machine can send a webpage link to the operation and maintenance terminal, and after the operation and maintenance terminal receives the webpage link, a user can click the webpage link so as to display an operation and maintenance interface corresponding to the webpage link at the operation and maintenance terminal.
Step 203, the fort machine receives a first control instruction input by the operation and maintenance terminal through the operation and maintenance interface;
the first control instruction may refer to a simple system instruction, so that a user can simply and quickly input a first control instruction corresponding to an operation and maintenance operation to be performed, for example: the first control instruction may be an instruction of a Windows system.
After the operation and maintenance interface is displayed, a user can perform corresponding input operation on the operation and maintenance terminal based on the prompt information of the operation and maintenance interface, so that a first control instruction is input in a corresponding input box in the operation and maintenance interface, and the first control instruction can be used for indicating which cloud server the user needs to perform operation and maintenance operation and which operation and maintenance operation needs to be performed.
After the first control instruction is input, the operation and maintenance terminal can send the first control instruction to a bastion machine in the proprietary cloud platform.
In practical application, after the first control instruction is input, the operation and maintenance terminal can encrypt the first control instruction and then send the encrypted first control instruction to a bastion machine in a proprietary cloud platform.
After the first control instruction is received, the bastion machine can decrypt the encrypted first control instruction in a corresponding decryption mode.
As an example, the first control instruction may be encrypted and decrypted by a two-key encryption technique, i.e. by a public key and a private key, such as: the operation and maintenance terminal encrypts the first control instruction through a private key, sends the encrypted first control instruction to a bastion machine in the proprietary cloud platform, and the bastion machine decrypts the first control instruction through a public key.
Step 204, the bastion machine acquires authority information corresponding to the operation and maintenance terminal;
in practical application, the operation and maintenance terminal sends the first control instruction to the fort machine, and the fort machine can acquire authority information of the operation and maintenance terminal from the operation and maintenance terminal.
Specifically, a corresponding authority identifier may be set in each operation and maintenance terminal in advance, and different authority identifiers correspond to different authority information, for example: the authority identifier is "super administrator", and the corresponding authority information may be "authority that can perform all operation and maintenance operations on all cloud servers".
As an example, the first control instruction sent by the operation and maintenance terminal to the fort machine may include authority information of the operation and maintenance terminal, and after the fort machine receives the first control instruction, the authority information of the operation and maintenance terminal in the first control instruction may be acquired.
As an example, the operation and maintenance terminal may transmit the authority information of the operation and maintenance terminal to the fortress machine at the same time when the operation and maintenance terminal transmits the first control instruction to the fortress machine.
Step 205, the bastion machine judges whether the first control instruction is matched with the authority information;
after the authority information corresponding to the operation and maintenance terminal is determined, the bastion machine can judge the first control instruction so as to determine whether the operation and maintenance operation to be performed by the user corresponding to the first control instruction is matched with the authority information. For example: the authority information is 'deriving normal log data in all cloud servers', and the operation and maintenance operation to be performed by the user corresponding to the first control instruction is 'deriving normal log data of the computing cloud servers', so that the first control instruction can be considered to be matched with the authority information; the authority information is "derive normal log data in all cloud servers", and the operation and maintenance operation to be performed by the user corresponding to the first control instruction is "update the computing cloud server", so that it can be considered that the first control instruction is not matched with the authority information.
In practical applications, when the bastion machine determines that the first control command matches the authority information, the process continues to step 206.
In an embodiment of the invention, when the bastion machine judges that the first control instruction is not matched with the authority information, an illegal operation message is generated and returned to the operation and maintenance terminal.
In practical application, the operation and maintenance operation to be performed by the user may exceed the authority of the user, and therefore, when the bastion machine determines that the first control instruction is not matched with the authority information, the first control instruction may be considered to exceed the authority range which can be exercised by the authority information, or the operation and maintenance operation to be performed by the user may be considered to exceed the operation and maintenance operation range which can be performed by the user, at this time, the bastion machine may generate an illegal operation message and send the illegal operation message to the operation and maintenance terminal to prompt the user that the current operation and maintenance operation exceeds the authority range which the bastion machine has.
As an example, when the bastion machine determines that the first control instruction does not match the authority information, the bastion machine may also terminate the current operation request and lock the operation terminal used by the current user.
Step 206, when the bastion machine judges that the first control instruction is matched with the authority information, converting the first control instruction into a second control instruction which can be recognized by the target cloud server;
the second control instruction is a more complex system instruction that can be recognized by the target cloud server, for example: instructions for an AIX (Advanced Interactive execution) system, and the like.
In practical application, the cloud server can only identify a relatively complex system instruction, and if a user inputs such a complex system instruction, the learning cost of inputting a control instruction when the user performs operation and maintenance operation is increased, so that the user only needs to input a relatively simple system instruction such as an instruction of a windows system when the user inputs the control instruction, and then after the control instruction input by the user of the user is determined to be matched with authority information, the bastion machine can convert the simple system instruction into a relatively complex system instruction which can be identified by the cloud server such as an instruction of an AIX system.
After the first control instruction is judged to be matched with the authority information, the bastion machine can judge that the operation and maintenance operation to be performed by the user at present is normal operation and belongs to the executable authority range, and at the moment, the bastion machine can convert the first control instruction into a second control instruction which can be recognized by the target cloud server. The method is convenient and simplifies the operation of the user, and reduces the learning cost of the user for inputting the control instruction.
And step 207, the bastion machine sends the second control instruction to the target cloud server.
After the first control instruction is converted into the second control instruction, the bastion machine can send the second control instruction to the corresponding target cloud server, so that the operation and maintenance operation required by the user can be realized.
In an embodiment of the present invention, after receiving the second control instruction, the method may further include the following steps:
obtaining a feedback result of the target cloud server for the second control instruction; and sending the feedback result to the operation and maintenance terminal.
After receiving the second control instruction, the target cloud server may perform corresponding operation and maintenance operations based on the second control instruction, and then the target cloud server may generate a corresponding feedback result based on the operation and maintenance operations, and send the feedback result to the operation and maintenance terminal.
Specifically, the target cloud server may decode the second control instruction to obtain an operation and maintenance operation that the user needs to perform, and then the target cloud server may perform a corresponding operation and maintenance operation based on the operation and maintenance operation and generate a corresponding feedback result, for example: if the operation and maintenance operation required by the user is "export normal log data", the target cloud server may export the stored normal log data, and generate a corresponding feedback result based on the exported normal log data.
After the feedback result is generated, the target cloud server may send the feedback result to the operation and maintenance terminal, so as to prompt the user whether the current operation and maintenance operation is completed or not and the completion condition.
As an example, after the feedback result is generated, the target cloud server may encrypt the feedback result and then send the encrypted feedback result to the operation and maintenance terminal.
In an embodiment of the present invention, before sending the feedback result to the operation and maintenance terminal, the method may further include the following steps:
sensitive content detection is carried out on the feedback result; when the sensitive content passes the detection, the feedback result is sent to the operation and maintenance terminal; and when the sensitive content does not pass the detection, deleting or encrypting the sensitive content in the feedback result, and sending the deleted or encrypted feedback result to the operation and maintenance terminal.
In practical application, the feedback result may include sensitive content such as personal information, and therefore, before the feedback result is sent to the operation and maintenance terminal, the target cloud server may delete or encrypt the sensitive content in the feedback result, and then send the deleted or encrypted feedback result to the operation and maintenance terminal.
Specifically, after the feedback result is generated, the target cloud server may perform sensitive content detection on the feedback result first to determine whether the feedback result to be sent includes sensitive content.
In practical application, when the sensitive content is not detected, it can be considered that the current feedback result does not contain the sensitive content, and at this time, the target cloud server can directly send the generated feedback result to the operation and maintenance terminal.
In practical application, it may also be that the sensitive content of the current feedback result passes the detection, and it may be considered that the current feedback result includes the sensitive content, at this time, the sensitive content may be deleted or encrypted, and specifically, what processing method is adopted may be set according to an actual situation.
After the sensitive content is deleted or encrypted, the target cloud server may send the deleted or encrypted feedback result to the operation and maintenance terminal.
In an embodiment of the present invention, the method may further include the following steps:
and generating log information aiming at the operation and maintenance request.
Specifically, when receiving an operation and maintenance request sent by an operation and maintenance terminal, the proprietary cloud platform may start to record data such as operation information, operation time, and operation state in the whole operation and maintenance request process for the operation and maintenance request, and generate log information for the current operation and maintenance request based on the recorded data, for example: the operation and maintenance method comprises the steps of sending an operation and maintenance request to a source IP address of an operation and maintenance terminal, sending a request to initiate a user account, carrying out operation and maintenance operation, carrying out a target cloud server of the operation and maintenance operation and the like.
In practical application, a log library for storing log information can be arranged in a proprietary cloud platform in advance, and when the historical operation and maintenance request needs to be checked or analyzed, the log information can be directly derived from the log library, so that a user can directly check or analyze the process of the historical operation and maintenance request based on the derived log information, and the subsequent check or analysis of the historical operation and maintenance request is facilitated.
In the embodiment of the invention, an operation and maintenance request aiming at a target cloud server sent by an operation and maintenance terminal is received; the fortress machine carries out identity verification on the operation and maintenance terminal, and displays an operation and maintenance interface aiming at the target cloud server to the operation and maintenance terminal when the identity verification passes; the fortress machine receives a first control instruction input by the operation and maintenance terminal through the operation and maintenance interface; the fortress machine acquires authority information corresponding to the operation and maintenance terminal; the bastion machine judges whether the first control instruction is matched with the authority information; when the bastion machine judges that the first control instruction is matched with the authority information, the bastion machine converts the first control instruction into a second control instruction which can be recognized by the target cloud server; the fortress machine sends the second control instruction to the target cloud server, so that the safety control of the operation and maintenance request process of the cloud server is realized, the safety of the cloud server is improved, and the operation and maintenance operation of the cloud server can be realized only by a user needing a simple control instruction.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 3, a schematic structural diagram of an apparatus for security control according to an embodiment of the present invention is shown, where the apparatus may be applied to a proprietary cloud platform, where multiple cloud servers and bastion machines may be deployed, and the apparatus specifically includes the following modules:
the operation and maintenance request receiving module 301 is configured to receive an operation and maintenance request for a target cloud server, which is sent by an operation and maintenance terminal;
the identity verification module 302 is configured to perform identity verification on the operation and maintenance terminal, and when the identity verification passes, display an operation and maintenance interface for the target cloud server to the operation and maintenance terminal;
a first control instruction receiving module 303, configured to receive a first control instruction input by the operation and maintenance terminal through the operation and maintenance interface;
the authority information obtaining module 304 is configured to obtain authority information corresponding to the operation and maintenance terminal;
a permission information judging module 305, configured to judge whether the first control instruction matches the permission information;
a conversion module 306, configured to, when it is determined that the first control instruction matches the permission information, convert the first control instruction into a second control instruction that can be recognized by the target cloud server;
a second control instruction sending module 307, configured to send the second control instruction to the target cloud server.
In an embodiment of the present invention, the apparatus further includes:
and the log information generating module is used for generating log information aiming at the operation and maintenance request.
In an embodiment of the present invention, the apparatus further includes:
a feedback result obtaining module, configured to obtain a feedback result of the target cloud server for the second control instruction;
and the feedback result sending module is used for sending the feedback result to the operation and maintenance terminal.
In an embodiment of the present invention, the apparatus further includes:
the sensitive content detection processing module is used for detecting the sensitive content of the feedback result before the feedback result is sent to the operation and maintenance terminal; when the sensitive content passes the detection, the feedback result is sent to the operation and maintenance terminal; and when the sensitive content does not pass the detection, deleting or encrypting the sensitive content in the feedback result, and sending the deleted or encrypted feedback result to the operation and maintenance terminal.
In an embodiment of the present invention, the apparatus further includes:
and the illegal operation information judgment and generation module is used for generating an illegal operation message and returning the illegal operation message to the operation and maintenance terminal when the control instruction is judged not to be matched with the authority information.
In one embodiment of the invention, the bastion machine is provided with a plurality of bastion machines, and the plurality of bastion machines adopt a distributed architecture.
In an embodiment of the invention, the proprietary cloud platform provides services for regional application portals.
In the embodiment of the invention, an operation and maintenance request aiming at a target cloud server sent by an operation and maintenance terminal is received; the fortress machine carries out identity verification on the operation and maintenance terminal, and displays an operation and maintenance interface aiming at the target cloud server to the operation and maintenance terminal when the identity verification passes; the fortress machine receives a first control instruction input by the operation and maintenance terminal through the operation and maintenance interface; the fortress machine acquires authority information corresponding to the operation and maintenance terminal; the bastion machine judges whether the first control instruction is matched with the authority information; when the bastion machine judges that the first control instruction is matched with the authority information, the bastion machine converts the first control instruction into a second control instruction which can be recognized by the target cloud server; the fortress machine sends the second control instruction to the target cloud server, so that the safety control of the operation and maintenance request process of the cloud server is realized, the safety of the cloud server is improved, and the operation and maintenance operation of the cloud server can be realized only by a user needing a simple control instruction.
An embodiment of the present invention also provides a server, which may include a processor, a memory, and a computer program stored on the memory and capable of running on the processor, wherein when the computer program is executed by the processor, the method for performing security control as described above is implemented.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the above method of security control.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The method and the device for safety control provided above are introduced in detail, and a specific example is applied in this document to illustrate the principle and the implementation of the present invention, and the above description of the embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A security control method is applied to a proprietary cloud platform, wherein the proprietary cloud platform is provided with a plurality of cloud servers and bastion machines, and the method comprises the following steps:
the fortress machine receives an operation and maintenance request aiming at the target cloud server and sent by an operation and maintenance terminal;
the fortress machine carries out identity verification on the operation and maintenance terminal, and displays an operation and maintenance interface aiming at the target cloud server to the operation and maintenance terminal when the identity verification passes;
the fortress machine receives a first control instruction input by the operation and maintenance terminal through the operation and maintenance interface;
the fortress machine acquires authority information corresponding to the operation and maintenance terminal;
the bastion machine judges whether the first control instruction is matched with the authority information;
when the bastion machine judges that the first control instruction is matched with the authority information, the bastion machine converts the first control instruction into a second control instruction which can be recognized by the target cloud server;
and the bastion machine sends the second control instruction to the target cloud server.
2. The method of claim 1, further comprising:
and generating log information aiming at the operation and maintenance request.
3. The method of claim 1 or 2, further comprising:
obtaining a feedback result of the target cloud server for the second control instruction;
and sending the feedback result to the operation and maintenance terminal.
4. The method according to claim 1, 2 or 3, wherein before the sending the feedback result to the operation and maintenance terminal, the method further comprises:
sensitive content detection is carried out on the feedback result;
when the sensitive content passes the detection, the feedback result is sent to the operation and maintenance terminal;
and when the sensitive content does not pass the detection, deleting or encrypting the sensitive content in the feedback result, and sending the deleted or encrypted feedback result to the operation and maintenance terminal.
5. The method of claim 1, further comprising:
and when the control instruction is judged not to be matched with the authority information, generating an illegal operation message and returning the illegal operation message to the operation and maintenance terminal.
6. The method of claim 1, wherein the bastard has a plurality, and the plurality of bastardards are in a distributed architecture.
7. The method of claim 1, wherein the proprietary cloud platform provides services for a regional application portal.
8. The utility model provides a device of safety control, its characterized in that is applied to proprietary cloud platform, proprietary cloud platform deploys a plurality of cloud server and fort machine, the device includes:
the operation and maintenance request receiving module is used for receiving an operation and maintenance request which is sent by an operation and maintenance terminal and aims at the target cloud server;
the identity authentication module is used for performing identity authentication on the operation and maintenance terminal and displaying an operation and maintenance interface aiming at the target cloud server to the operation and maintenance terminal when the identity authentication passes;
the first control instruction receiving module is used for receiving a first control instruction input by the operation and maintenance terminal through the operation and maintenance interface;
the authority information acquisition module is used for acquiring authority information corresponding to the operation and maintenance terminal;
the authority information judging module is used for judging whether the first control instruction is matched with the authority information;
the conversion module is used for converting the first control instruction into a second control instruction which can be identified by the target cloud server when the first control instruction is judged to be matched with the authority information;
and the second control instruction sending module is used for sending the second control instruction to the target cloud server.
9. A server comprising a processor, a memory, and a computer program stored on the memory and capable of running on the processor, the computer program, when executed by the processor, implementing a method of security control as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out a method of safety control according to any one of claims 1 to 7.
CN202011288471.9A 2020-11-17 2020-11-17 Safety control method and device Pending CN112398860A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011288471.9A CN112398860A (en) 2020-11-17 2020-11-17 Safety control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011288471.9A CN112398860A (en) 2020-11-17 2020-11-17 Safety control method and device

Publications (1)

Publication Number Publication Date
CN112398860A true CN112398860A (en) 2021-02-23

Family

ID=74606144

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011288471.9A Pending CN112398860A (en) 2020-11-17 2020-11-17 Safety control method and device

Country Status (1)

Country Link
CN (1) CN112398860A (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112882851A (en) * 2021-03-24 2021-06-01 国家超级计算天津中心 Cloud interaction system based on supercomputer
CN113138897A (en) * 2021-04-25 2021-07-20 北京字节跳动网络技术有限公司 Information display method, device, equipment and storage medium
CN113282950A (en) * 2021-07-26 2021-08-20 阿里云计算有限公司 Operation and maintenance method, device, equipment and system of encryption machine
CN113311809A (en) * 2021-05-28 2021-08-27 苗叶 Industrial control system-based safe operation and maintenance instruction blocking device and method
CN113467816A (en) * 2021-06-28 2021-10-01 国网上海市电力公司 Management platform for remote safe operation and maintenance of automation system based on virtualization
CN114138366A (en) * 2021-11-30 2022-03-04 驭势(上海)汽车科技有限公司 Service control method, device, equipment and storage medium
CN114244604A (en) * 2021-12-16 2022-03-25 杭州乒乓智能技术有限公司 Integrated authority management method and system suitable for bastion machine, electronic device and readable storage medium
CN114448965A (en) * 2021-12-22 2022-05-06 天翼云科技有限公司 Method, device and system for managing big data assembly and readable storage medium
CN114615254A (en) * 2022-03-25 2022-06-10 医渡云(北京)技术有限公司 Remote connection method, device and system, storage medium and electronic equipment
CN114978670A (en) * 2022-05-19 2022-08-30 中国银行股份有限公司 Identity authentication method and device based on fort machine
CN115150199A (en) * 2022-09-02 2022-10-04 北京中安星云软件技术有限公司 Database operation and maintenance client account management and control method, system, equipment and medium
CN115766862A (en) * 2022-11-16 2023-03-07 中国工商银行股份有限公司 Container operation and maintenance method and device, computer equipment and storage medium
CN115941362A (en) * 2023-02-17 2023-04-07 杭州三一谦成科技有限公司 Data transmission method of remote operation and maintenance tool
WO2023142087A1 (en) * 2022-01-27 2023-08-03 中远海运科技股份有限公司 Method for realizing cloud resource multi-account permission management and control for cloud host and cloud bastion host

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101162535B (en) * 2006-10-13 2011-01-12 中国银联股份有限公司 Method and system for realizing magnetic stripe card trading by IC card
CN105471823A (en) * 2014-09-03 2016-04-06 阿里巴巴集团控股有限公司 Sensitive information processing method, device, server and security determination system
CN110324338A (en) * 2019-06-28 2019-10-11 深圳前海微众银行股份有限公司 Data interactive method, device, fort machine and computer readable storage medium
US20200090415A1 (en) * 2012-06-04 2020-03-19 Apple Inc. System and method for remotely initiating lost mode on a computing device
CN111901361A (en) * 2020-08-11 2020-11-06 深圳墨世科技有限公司 Bastion machine service method and device, computer equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101162535B (en) * 2006-10-13 2011-01-12 中国银联股份有限公司 Method and system for realizing magnetic stripe card trading by IC card
US20200090415A1 (en) * 2012-06-04 2020-03-19 Apple Inc. System and method for remotely initiating lost mode on a computing device
CN105471823A (en) * 2014-09-03 2016-04-06 阿里巴巴集团控股有限公司 Sensitive information processing method, device, server and security determination system
CN110324338A (en) * 2019-06-28 2019-10-11 深圳前海微众银行股份有限公司 Data interactive method, device, fort machine and computer readable storage medium
CN111901361A (en) * 2020-08-11 2020-11-06 深圳墨世科技有限公司 Bastion machine service method and device, computer equipment and storage medium

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112882851A (en) * 2021-03-24 2021-06-01 国家超级计算天津中心 Cloud interaction system based on supercomputer
CN113138897A (en) * 2021-04-25 2021-07-20 北京字节跳动网络技术有限公司 Information display method, device, equipment and storage medium
CN113311809A (en) * 2021-05-28 2021-08-27 苗叶 Industrial control system-based safe operation and maintenance instruction blocking device and method
CN113467816A (en) * 2021-06-28 2021-10-01 国网上海市电力公司 Management platform for remote safe operation and maintenance of automation system based on virtualization
CN113282950A (en) * 2021-07-26 2021-08-20 阿里云计算有限公司 Operation and maintenance method, device, equipment and system of encryption machine
CN114138366A (en) * 2021-11-30 2022-03-04 驭势(上海)汽车科技有限公司 Service control method, device, equipment and storage medium
CN114244604A (en) * 2021-12-16 2022-03-25 杭州乒乓智能技术有限公司 Integrated authority management method and system suitable for bastion machine, electronic device and readable storage medium
CN114244604B (en) * 2021-12-16 2024-03-29 杭州乒乓智能技术有限公司 Integrated authority management method and system suitable for fort machine, electronic equipment and readable storage medium
CN114448965A (en) * 2021-12-22 2022-05-06 天翼云科技有限公司 Method, device and system for managing big data assembly and readable storage medium
WO2023142087A1 (en) * 2022-01-27 2023-08-03 中远海运科技股份有限公司 Method for realizing cloud resource multi-account permission management and control for cloud host and cloud bastion host
CN114615254A (en) * 2022-03-25 2022-06-10 医渡云(北京)技术有限公司 Remote connection method, device and system, storage medium and electronic equipment
CN114615254B (en) * 2022-03-25 2023-09-29 医渡云(北京)技术有限公司 Remote connection method, device and system, storage medium and electronic equipment
CN114978670B (en) * 2022-05-19 2024-03-01 中国银行股份有限公司 Identity authentication method and device based on fort machine
CN114978670A (en) * 2022-05-19 2022-08-30 中国银行股份有限公司 Identity authentication method and device based on fort machine
CN115150199B (en) * 2022-09-02 2023-01-31 北京中安星云软件技术有限公司 Database operation and maintenance client account management and control method, system, equipment and medium
CN115150199A (en) * 2022-09-02 2022-10-04 北京中安星云软件技术有限公司 Database operation and maintenance client account management and control method, system, equipment and medium
CN115766862A (en) * 2022-11-16 2023-03-07 中国工商银行股份有限公司 Container operation and maintenance method and device, computer equipment and storage medium
CN115941362A (en) * 2023-02-17 2023-04-07 杭州三一谦成科技有限公司 Data transmission method of remote operation and maintenance tool

Similar Documents

Publication Publication Date Title
CN112398860A (en) Safety control method and device
CN112765245A (en) Electronic government affair big data processing platform
CA2946224C (en) Method and apparatus for automating the building of threat models for the public cloud
Spyridopoulos et al. Incident analysis & digital forensics in SCADA and industrial control systems
CN102333090A (en) Internal control bastion host and security access method of internal network resources
CN104240342A (en) Access control method and device
CN112887268B (en) Network security guarantee method and system based on comprehensive detection and identification
CN102682245A (en) Systems and methods for detecting fraud associated with systems application processing
CN110825776B (en) Air quality detection report processing method and device, computing equipment and storage medium
CN112837194A (en) Intelligent system
CN112291264B (en) Security control method, device, server and storage medium
CN112291266B (en) Data processing method, device, server and storage medium
WO2016013925A1 (en) System and method for secure tracking of internet of things based goods in supply chain system
Tichy et al. Application of Cybersecurity Approaches within Smart Cities and ITS
CN104539463B (en) A kind of network equipments configuration file on-line attribute cross-check method and system
CN112256490A (en) Data processing method and device
CN112269690A (en) Data backup method and device
Feng et al. Autonomous Vehicles' Forensics in Smart Cities
CN114329299A (en) Vehicle internet service management website architecture
CN112383556B (en) Data processing method and device
CN112258369A (en) Unified data platform and data processing method based on unified data platform
Falk et al. Enhancing integrity protection for industrial cyber physical systems
CN114915472B (en) Security operation and maintenance control center, security operation and maintenance control method and readable storage medium
CN112291265B (en) Data sharing method, device, server and storage medium
CN114268460B (en) Network security anomaly detection method and device, storage medium and computing equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210223