CN112437081A - Computer firewall device based on cloud database and use method - Google Patents
Computer firewall device based on cloud database and use method Download PDFInfo
- Publication number
- CN112437081A CN112437081A CN202011315784.9A CN202011315784A CN112437081A CN 112437081 A CN112437081 A CN 112437081A CN 202011315784 A CN202011315784 A CN 202011315784A CN 112437081 A CN112437081 A CN 112437081A
- Authority
- CN
- China
- Prior art keywords
- database
- blocking
- access
- firewall device
- device based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 230000000903 blocking effect Effects 0.000 claims abstract description 22
- 230000006399 behavior Effects 0.000 claims abstract description 10
- 238000012423 maintenance Methods 0.000 claims abstract description 8
- 238000002347 injection Methods 0.000 claims abstract description 5
- 239000007924 injection Substances 0.000 claims abstract description 5
- 238000013179 statistical model Methods 0.000 claims abstract description 5
- 238000012550 audit Methods 0.000 claims description 15
- 230000008859 change Effects 0.000 claims description 3
- 238000007726 management method Methods 0.000 claims description 3
- 230000014759 maintenance of location Effects 0.000 claims 1
- 238000005516 engineering process Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a computer firewall device based on a cloud database and a using method thereof, wherein the computer firewall device comprises the following steps: s1, intelligent identification control of application protocol: the DBA protocol, the operation and maintenance protocol, the hacker access and the application software can be automatically identified, the access of all interfaces of the database is comprehensively monitored, and effective access control is realized; s2, accurate interception: blocking can be performed based on various conditions such as IP addresses, time, operation, keywords, database accounts, statement lengths, column names, table names, line numbers, injection feature libraries and the like, so that accurate access control is realized; s3, preventing APT attack: rapidly verifying and blocking complicated and continuous illegal operations and malicious attack behaviors according to the combination of the access behaviors and the statistical model; s4, built-in AI: an intelligent learning module is arranged in the system, machine intelligent learning is carried out, automatic modeling is carried out, and a blocking rule base is automatically generated to actively defend unknown security threats; s5, bypass blocking.
Description
Technical Field
The present invention relates to deployment of computer firewalls, and more particularly, to a computer firewall apparatus based on a cloud database and a method for using the same.
Background
A database firewall is a security device or product that defends against and eliminates database security problems due to application business logic bugs or bugs. The database firewall is generally deployed between an application server and a database server and is completed by adopting a database protocol analysis mode. But this is not the only implementation, you can deploy outside the database, and no protocol resolution can be employed. As can be seen from this definition, the essential goal of a database firewall is to patch a business application to avoid database security impacts due to application business logic bugs or bugs
The database does not handle the reset signal very well and needs to rely on a dead process detection procedure to handle it. Because the processing cannot be guaranteed to be effective, that is, a large number of dead processes may occur in a large number of scenes, a large number of database session resources are consumed, even shared resources are not released, and thus the database is suspended.
Disclosure of Invention
The invention aims to solve the defects in the prior art, and provides a computer firewall device based on a cloud database and a using method thereof.
In order to achieve the purpose, the invention provides the following technical scheme: a computer firewall device based on a cloud database and a using method thereof comprise the following steps:
s1, intelligent identification control of application protocol: the DBA protocol, the operation and maintenance protocol, the hacker access and the application software can be automatically identified, the access of all interfaces of the database is comprehensively monitored, and effective access control is realized;
s2, accurate interception: blocking can be performed based on various conditions such as IP addresses, time, operation, keywords, database accounts, statement lengths, column names, table names, line numbers, injection feature libraries and the like, so that accurate access control is realized;
s3, preventing APT attack: rapidly verifying and blocking complicated and continuous illegal operations and malicious attack behaviors according to the combination of the access behaviors and the statistical model;
s4, built-in AI: an intelligent learning module is arranged in the system, machine intelligent learning is carried out, automatic modeling is carried out, and a blocking rule base is automatically generated to actively defend unknown security threats;
s5, bypass blocking: the bypass deployment blocking mode is supported, the hidden danger that single-point failure exists in serial deployment and time delay is brought to database access is avoided, and the zero change and zero influence of the existing network structure is avoided.
Preferably, the global audit mode and the firewall mode are switched online without restarting equipment. The firewall mode can block messages violating the rules in real time; and the global audit mode is used for rapidly forwarding the message, and the complete audit record is kept.
Preferably, management and audit are isolated, three rights are separated, log is reserved, mutual supervision is convenient, audit is clear, and rights are clear.
Preferably, various database threat interception such as MySQL, Oracle, MSSQL and the like are supported.
Preferably, various accesses to the database can be automatically identified, and intelligent identification and interception of potential risks such as application, operation and maintenance tools and hacker attacks are achieved.
The invention has the technical effects and advantages that:
1. the method comprises the steps of accurately identifying and intercepting fine granularity based on the matching of various condition type rules, realizing complex attack detection and interception such as APT (android Package) through combination rules and statistical rules, adding attack IP into a blacklist, and realizing real-time blocking of actions such as strange hosts, strange tools, strange account access and strange IP access databases through AI (advanced intelligence) technology; various accesses to the database can be automatically identified, and intelligent identification and interception of potential risks such as application, operation and maintenance tools, hacker attack and the like are realized.
2. Log retrieval: support hundred million level data second level retrieval; processing capacity: the carrier-class data processing capability is high, and the concurrent bearing guarantee is realized; and a high-performance hardware platform and a kernel optimization technology are used, so that the performance requirement under a high-load environment is met.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
A computer firewall device based on a cloud database and a using method thereof comprise the following steps:
s1, intelligent identification control of application protocol: the DBA protocol, the operation and maintenance protocol, the hacker access and the application software can be automatically identified, the access of all interfaces of the database is comprehensively monitored, and effective access control is realized;
s2, accurate interception: blocking can be performed based on various conditions such as IP addresses, time, operation, keywords, database accounts, statement lengths, column names, table names, line numbers, injection feature libraries and the like, so that accurate access control is realized;
s3, preventing APT attack: rapidly verifying and blocking complicated and continuous illegal operations and malicious attack behaviors according to the combination of the access behaviors and the statistical model;
s4, built-in AI: an intelligent learning module is arranged in the system, machine intelligent learning is carried out, automatic modeling is carried out, and a blocking rule base is automatically generated to actively defend unknown security threats;
s5, bypass blocking: the bypass deployment blocking mode is supported, the hidden danger that single-point failure exists in serial deployment and time delay is brought to database access is avoided, and the zero change and zero influence of the existing network structure is avoided.
Preferably, the global audit mode and the firewall mode are switched online without restarting equipment. The firewall mode can block messages violating the rules in real time; and the global audit mode is used for rapidly forwarding the message, and the complete audit record is kept.
Preferably, management and audit are isolated, three rights are separated, log is reserved, mutual supervision is convenient, audit is clear, and rights are clear.
Preferably, various database threat interception such as MySQL, Oracle, MSSQL and the like are supported.
Preferably, various accesses to the database can be automatically identified, and intelligent identification and interception of potential risks such as application, operation and maintenance tools and hacker attacks are achieved.
Example two
A computer firewall device based on a cloud database and a using method thereof comprise the following steps:
s1, under the transparent bridging mode, the IP address is not needed to be set, the original network configuration is affected by zero, and various software and hardware fault condition services are ensured to still run normally through various bypass modes;
s2, the client is logically connected with the address of the firewall device, and the firewall device forwards the flow to the database server; through the proxy access mode, the network topology structure is unchanged;
s3, accurate interception: blocking can be performed based on various conditions such as IP addresses, time, operation, keywords, database accounts, statement lengths, column names, table names, line numbers, injection feature libraries and the like, so that accurate access control is realized;
and S4, rapidly verifying and blocking complicated and continuous illegal operation and malicious attack behaviors according to the combination of the access behaviors and the statistical model.
In summary, the following steps: compared with other firewall technologies, the computer firewall device based on the cloud database and the using method thereof greatly improve the security of the database and meet the performance requirement under a high-load environment.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments or portions thereof without departing from the spirit and scope of the invention.
Claims (5)
1. A computer firewall device based on cloud database and its using method are characterized in that: the method comprises the following steps:
s1, intelligent identification control of application protocol: the DBA protocol, the operation and maintenance protocol, the hacker access and the application software can be automatically identified, the access of all interfaces of the database is comprehensively monitored, and effective access control is realized;
s2, accurate interception: blocking can be performed based on various conditions such as IP addresses, time, operation, keywords, database accounts, statement lengths, column names, table names, line numbers, injection feature libraries and the like, so that accurate access control is realized;
s3, preventing APT attack: rapidly verifying and blocking complicated and continuous illegal operations and malicious attack behaviors according to the combination of the access behaviors and the statistical model;
s4, built-in AI: an intelligent learning module is arranged in the system, machine intelligent learning is carried out, automatic modeling is carried out, and a blocking rule base is automatically generated to actively defend unknown security threats;
s5, bypass blocking: the bypass deployment blocking mode is supported, the hidden danger that single-point failure exists in serial deployment and time delay is brought to database access is avoided, and the zero change and zero influence of the existing network structure is avoided.
2. The computer firewall device based on cloud database and the using method thereof according to claim 1, wherein: and the global audit mode and the firewall mode are switched on line without restarting equipment. The firewall mode can block messages violating the rules in real time; and the global audit mode is used for rapidly forwarding the message, and the complete audit record is kept.
3. The computer firewall device based on cloud database and the using method thereof according to claim 1, wherein: management and audit are isolated, three rights are separated, log retention is achieved, mutual supervision is facilitated, audit is clear, and rights are clear.
4. The computer firewall device based on cloud database and the using method thereof according to claim 1, wherein: and various database threat interception such as MySQL, Oracle, MSSQL and the like are supported.
5. The computer firewall device based on cloud database and the using method thereof according to claim 1, wherein: various accesses to the database can be automatically identified, and intelligent identification and interception of potential risks such as application, operation and maintenance tools, hacker attack and the like are realized.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011315784.9A CN112437081A (en) | 2020-11-22 | 2020-11-22 | Computer firewall device based on cloud database and use method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011315784.9A CN112437081A (en) | 2020-11-22 | 2020-11-22 | Computer firewall device based on cloud database and use method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112437081A true CN112437081A (en) | 2021-03-02 |
Family
ID=74693432
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011315784.9A Pending CN112437081A (en) | 2020-11-22 | 2020-11-22 | Computer firewall device based on cloud database and use method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112437081A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113783889A (en) * | 2021-09-22 | 2021-12-10 | 南方电网数字电网研究院有限公司 | Firewall control method for linkage access of network layer and application layer and firewall thereof |
| CN114338087A (en) * | 2021-12-03 | 2022-04-12 | 成都安恒信息技术有限公司 | Directional operation and maintenance auditing method and system based on firewall |
| CN115865487A (en) * | 2022-11-30 | 2023-03-28 | 四川启睿克科技有限公司 | Abnormal behavior analysis method and device with privacy protection function |
-
2020
- 2020-11-22 CN CN202011315784.9A patent/CN112437081A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113783889A (en) * | 2021-09-22 | 2021-12-10 | 南方电网数字电网研究院有限公司 | Firewall control method for linkage access of network layer and application layer and firewall thereof |
| CN114338087A (en) * | 2021-12-03 | 2022-04-12 | 成都安恒信息技术有限公司 | Directional operation and maintenance auditing method and system based on firewall |
| CN114338087B (en) * | 2021-12-03 | 2024-03-15 | 成都安恒信息技术有限公司 | Directional operation and maintenance auditing method and system based on firewall |
| CN115865487A (en) * | 2022-11-30 | 2023-03-28 | 四川启睿克科技有限公司 | Abnormal behavior analysis method and device with privacy protection function |
| CN115865487B (en) * | 2022-11-30 | 2024-06-04 | 四川启睿克科技有限公司 | Abnormal behavior analysis method and device with privacy protection function |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111784209B (en) | Asset visualization and safe operation management system | |
| CN112437081A (en) | Computer firewall device based on cloud database and use method | |
| CN106790186B (en) | Multi-step attack detection method based on multi-source abnormal event correlation analysis | |
| Tien et al. | KubAnomaly: Anomaly detection for the Docker orchestration platform with neural network approaches | |
| Kholidy et al. | CIDS: A framework for intrusion detection in cloud systems | |
| CN110099040B (en) | Defense method for detecting and intercepting intranet attack source based on mass bait deployment host | |
| CN111193719A (en) | Network intrusion protection system | |
| CN105516189B (en) | Network security enforcement system and method based on big data platform | |
| CN101873318A (en) | Application and data security method aiming at application system on application basis supporting platform | |
| Riccardi et al. | A framework for financial botnet analysis | |
| CN112333191A (en) | Illegal network asset detection and access blocking method, device, equipment and medium | |
| US20230362131A1 (en) | Systems and methods for monitoring and securing networks using a shared buffer | |
| Mishra et al. | Analysis of cloud computing vulnerability against DDoS | |
| CN112468464B (en) | State machine integrity verification system and method based on service chain | |
| Zammit | A machine learning based approach for intrusion prevention using honeypot interaction patterns as training data | |
| CN105025067A (en) | Information security technology research platform | |
| Zhao et al. | Network security model based on active defense and passive defense hybrid strategy | |
| CN116155559A (en) | Privacy calculation-oriented expandable data fine-granularity access control system | |
| Tudosi et al. | Design and Implementation of an Automated Dynamic Rule System for Distributed Firewalls. | |
| Meng et al. | Research on Active Defense Technology Based on Power System Network Security | |
| Pareta et al. | An integrated approach for effective intrusion detection with elasticsearch | |
| US11283823B1 (en) | Systems and methods for dynamic zone protection of networks | |
| An et al. | Research on Computer Information Security Protection System Based on Big Data Background | |
| Ao | Design and deployment of border security in multimedia network | |
| Wu et al. | [Retracted] Vulnerability Digging for Software‐Defined Network Controller Using Event Flow Graph Analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210302 |
|
| WD01 | Invention patent application deemed withdrawn after publication |