CN112615832B - Method and related device for blocking SMB lateral movement - Google Patents

Method and related device for blocking SMB lateral movement Download PDF

Info

Publication number
CN112615832B
CN112615832B CN202011445119.1A CN202011445119A CN112615832B CN 112615832 B CN112615832 B CN 112615832B CN 202011445119 A CN202011445119 A CN 202011445119A CN 112615832 B CN112615832 B CN 112615832B
Authority
CN
China
Prior art keywords
workstation
smb
server
servers
blocking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011445119.1A
Other languages
Chinese (zh)
Other versions
CN112615832A (en
Inventor
龙文洁
莫金友
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Anheng Information Security Technology Co Ltd
Original Assignee
Hangzhou Anheng Information Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Anheng Information Security Technology Co Ltd filed Critical Hangzhou Anheng Information Security Technology Co Ltd
Priority to CN202011445119.1A priority Critical patent/CN112615832B/en
Publication of CN112615832A publication Critical patent/CN112615832A/en
Application granted granted Critical
Publication of CN112615832B publication Critical patent/CN112615832B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a method for blocking SMB lateral shifting, which comprises the following steps: grading the servers; wherein the workstation is at a lowest level; disabling a server ranked higher than the workstation from logging into the workstation; closing a server port of the workstation to reject SMB traffic flowing into the workstation; creating a DENY SMB strategy for the first class server; ASR rules are created for the second category of servers. The method can reliably and effectively block the SMB from transversely moving and prevent the harm caused by the SMB from transversely moving in an intranet in a large scale. The application also discloses a device, equipment and computer readable storage medium for blocking SMB lateral shifting, which all have the technical effects.

Description

Method and related device for blocking SMB lateral movement
Technical Field
The application relates to the technical field of network security, in particular to a method for blocking SMB lateral movement; it also relates to an apparatus, a device and a computer readable storage medium for blocking SMB lateral movement.
Background
SMB (Server Message Block) is a network file sharing and data structure protocol. SMB is almost used by devices employing various operating systems, including Windows, MacOS, iOS, Linux, and Android. Clients may use SMB to access data on the server, thereby allowing for file sharing, centralized data management, and reduced storage capacity requirements for the mobile device. Lateral movement refers to a technique used by a network attacker after obtaining initial access rights, and can go deep into the network to search for sensitive data and other high-value assets. Upon entering the network, an attacker can obtain rights by moving in the infected environment and using various tools, and persist control rights.
At present, the blocking of SMB lateral movement depends on upgrading patches issued by windows, however, the patches are time-efficient and can be bypassed by emerging technologies, so that the blocking and defending method depending on the upgrading patches is relatively one-sided, the SMB lateral movement cannot be reliably blocked, and the risk of damage expansion exists.
In view of the above, providing a reliable scheme for blocking SMB lateral shift has become an urgent technical problem to be solved by those skilled in the art.
Disclosure of Invention
The application aims to provide a method for blocking SMB lateral shifting, which can reliably and effectively block the SMB lateral shifting. It is another object of the present application to provide an apparatus, a device and a computer-readable storage medium for blocking SMB lateral movement, all having the above technical effects.
In order to solve the technical problem, the application provides a method for blocking SMB lateral shift, which comprises the following steps:
grading the servers; wherein the workstation is at a lowest level;
disabling a server ranked higher than the workstation from logging into the workstation;
closing a server port of the workstation to reject SMB traffic flowing into the workstation;
creating a DENY SMB strategy for the first class server;
ASR rules are created for the second category of servers.
Optionally, the ranking the servers includes:
dividing a domain control server into the highest grade, dividing the workstation into the lowest grade, and dividing other servers except the domain control server and the workstation into intermediate grades;
accordingly, inhibiting a server that is ranked higher than the workstation from logging into the workstation comprises:
and forbidding the domain control server and the other servers to log in the workstation.
Optionally, the closing the server port of the workstation includes:
the 139 and 445 ports of the workstation are closed.
Optionally, the method further includes:
assigning permissions allowing local login to administrator groups and user groups of the workstation;
assigning a right to allow local login to an administrator group of the domain control server.
Optionally, the method further includes:
and setting an administrator and a backup operator for the other servers.
For solving above-mentioned technical problem, this application still provides a device of blocking SMB lateral shifting, includes:
the grading module is used for grading the servers; wherein the workstation is at a lowest level;
the forbidding module is used for forbidding a server with a higher level than the workstation to log in the workstation;
the closing module is used for closing a server port of the workstation to refuse SMB flow to flow into the workstation;
the first creating module is used for creating a DENY SMB strategy for the first class server;
and the second creating module is used for creating the ASR rule for the second class server.
Optionally, the classification module is specifically configured to classify a domain control server into a highest grade, classify the workstation into a lowest grade, and classify other servers except the domain control server and the workstation into intermediate grades;
correspondingly, the forbidding module is specifically configured to forbid the domain control server and the other servers from logging in to the workstation.
Optionally, the closing module is specifically configured to close 139 ports and 445 ports of the workstation.
For solving above-mentioned technical problem, this application still provides a block SMB lateral shifting's equipment, includes:
a memory for storing a computer program;
a processor for implementing the steps of the method of blocking SMB lateral movement of any of the above when said computer program is executed.
To solve the above technical problem, the present application further provides a computer-readable storage medium having a computer program stored thereon, where the computer program is executed by a processor to implement the steps of the method for blocking SMB lateral shift according to any one of the above-mentioned embodiments.
The method for blocking SMB lateral shifting provided by the application comprises the following steps: grading the servers; wherein the workstation is at a lowest level; disabling a server ranked higher than the workstation from logging into the workstation; closing a server port of the workstation to reject SMB traffic flowing into the workstation; creating a DENY SMB strategy for the first class server; ASR rules are created for the second category of servers.
It can be seen that compared with the traditional technical scheme of blocking SMB lateral movement by depending on the upgrade patch issued by windows, the method for blocking SMB lateral movement provided by the application performs SMB lateral movement blocking in multiple dimensions, by classifying the servers and prohibiting SMB lateral movement between the upper and lower servers, by closing the server ports of the workstation, and by creating a DENY SMB strategy and ASR rules for the servers, SMB lateral movement can be reliably and effectively blocked, and damage caused by large-scale lateral movement of SMB in the intranet is prevented.
The device, the equipment and the computer-readable storage medium for blocking the SMB lateral movement have the technical effects.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed in the prior art and the embodiments are briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic flow chart of a method for blocking SMB lateral shift according to an embodiment of the present application;
fig. 2 is a schematic view of an apparatus for blocking SMB lateral movement according to an embodiment of the present application;
fig. 3 is a schematic diagram of an apparatus for blocking SMB lateral movement according to an embodiment of the present application.
Detailed Description
The core of the application is to provide a method for blocking SMB lateral shifting, which can reliably and effectively block SMB lateral shifting. Another core of the present application is to provide an apparatus, a device and a computer-readable storage medium for blocking SMB lateral movement, which all have the above technical effects.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a schematic flow chart of a method for blocking SMB lateral shift according to an embodiment of the present application, and referring to fig. 1, the method includes:
s101: grading the servers; wherein the workstation is at the lowest level;
specifically, this step is intended to perform server ranking, and may specifically be performed according to the role of the server itself in the intranet. Wherein, the workstation is the lowest level server.
In one specific embodiment, the manner in which the servers are ranked may be as follows: the domain control server is divided into the highest grade, the workstation is divided into the lowest grade, and other servers except the domain control server and the workstation are divided into the middle grade.
Specifically, the server in this embodiment includes three layers, namely, a domain control server, a workstation, and other servers except the domain control server and the workstation. And the domain control server is classified into the highest level 0 level, the workstation is classified into the lowest level 2 level, and the other servers out of the domain control server and the workstation are classified into the intermediate level, i.e., 1 level between the level 0 and the level 2. Other servers may include file servers, logging servers, and the like.
S102: prohibiting a server with a higher level than the workstation from logging into the workstation;
specifically, the servers are classified, so that the on-off relationship among the servers is clarified, and on the basis of the clarified on-off relationship, the servers with the higher grades than the workstation are prohibited from logging in the workstation. Therefore, when a certain workstation is invaded by a network attacker and further invades a superior server of the workstation, the network attacker can be prevented from further invading other workstations through the server with the higher level than the workstation by forbidding the server with the higher level than the workstation to log in the workstation, and thus the SMB lateral movement is prevented.
On the basis of the above embodiment in which the domain control server is divided into the highest level, the workstation is divided into the lowest level, and the other servers except the domain control server and the workstation are divided into the intermediate level, the corresponding manner for prohibiting the server with the level higher than the workstation from logging in the workstation is as follows: and forbidding the domain control server and other servers to log in the workstation.
For example, taking 3 workstations as an example, after the workstation 1 is invaded by a network attacker and further invades other servers through the workstation 1, because other servers are prohibited from logging in the workstation, even if the network attacker invades other servers, the workstation 2 and the workstation 3 cannot be further invaded by other servers, thereby effectively blocking the SMB from moving transversely.
S103: closing a server port of the workstation to refuse SMB traffic to flow into the workstation;
in particular, this step is intended to reject SMB traffic flowing into the workstation. In particular, a windows firewall may be used to close portions of the server ports of the workstation to deny SMB traffic flowing into the workstation.
In a specific embodiment, the closing the server port of the workstation may include: the 139 and 445 ports of the workstation are closed.
Specifically, in this embodiment, the closed server ports of the workstation are specifically 139 port and 445 port, and all inbound traffic of the 139 port and the 445 port may be rejected by issuing a group policy using a windows firewall.
S104: creating a DENY SMB strategy for the first class server;
specifically, this step is directed to creating a DENY SMB policy for the first class of servers. The first category server is a server with a general risk of being invaded. Specifically, a domain control server, a file server and a log record server which are communicated with a workstation are screened out, and a DENY SMB strategy is created under the group strategy path of the domain control server, the file server and the log record server, so that the purpose of rejecting most SMBs from the workstation to the domain control server, the file server and the like is achieved. Wherein, the group policy path is: group policy management editor/computer configuration/preferences/windows settings/registry.
S105: ASR rules are created for the second category of servers.
Specifically, this step is intended to create an ASR (Attack Surface Reduction) rule for the second class of servers. The second category of servers refers to servers with higher risk of being invaded, namely high-risk servers. By creating ASR rules for high-risk servers helps prevent malware from being used to compromise the operation of a device or network, blocking SMB lateral movement of the host layer.
Specifically, open group policy path: the method comprises the steps of managing an editor, a strategy, a management template, a Windows component, Microsoft depender antivirus, Windows Defender vulnerability protection, attack face reduction and attack face reduction, configuring attack face reduction rules, configuring specific ASR rule IDs, issuing ASR rules through a group strategy to block flow creation of PSExec and WMI commands, block stealing of credentials from a Windows local security authorization subsystem (lsass. exe), block JavaScript or VBScript from starting downloaded executable content and block all Office application program creation sub-processes.
On the basis of the above embodiment, the method further comprises the following steps: assigning permissions allowing local login to administrator groups and user groups of the workstation; assigning a right to allow local login to an administrator group of the domain control server; and set up administrators and backup operators for other servers.
Specifically, for the domain control server, only the user authority allowing local login is assigned to the administerrates group, i.e., the administrator group. For other types of servers, a backup operator may be added in addition to the administrator. For the workstation, in addition to assigning the user right to allow local login to the administrator group, the user right to allow local login is also assigned to the user group.
In summary, the method for blocking SMB lateral shift provided by the present application includes: grading the servers; wherein the workstation is at a lowest level; prohibiting a server with a higher level than the workstation from logging into the workstation; closing a server port of the workstation to reject SMB traffic flowing into the workstation; creating a DENY SMB strategy for the first class server; ASR rules are created for the second category of servers. Compared with the traditional technical scheme of blocking SMB lateral movement by depending on upgrading patches issued by windows, the method for blocking SMB lateral movement provided by the application performs SMB lateral movement blocking in multiple dimensions, performs classification on the servers and prohibits SMB lateral movement between the upper-level server and the lower-level server, closes the server ports of the workstations, and creates DENY SMB strategies and ASR rules for the servers, so that SMB lateral movement can be reliably and effectively blocked, and damage caused by large-scale lateral movement of SMB in an intranet is prevented.
The application also provides a device for blocking SMB lateral movement, and the device described below can be correspondingly referenced with the method described above. Referring to fig. 2, fig. 2 is a schematic view of an apparatus for blocking SMB lateral movement according to an embodiment of the present application, and referring to fig. 2, the apparatus includes:
a grading module 10 for grading the servers; wherein the workstation is at a lowest level;
a forbidding module 20, configured to forbid a server with a higher level than the workstation from logging into the workstation;
a closing module 30, configured to close a server port of the workstation to reject SMB traffic flowing into the workstation;
a first creation module 40, configured to create a DENY SMB policy for the first class server;
a second creating module 50 for creating ASR rules for the second class server.
On the basis of the foregoing embodiment, as a specific implementation manner, the classification module 10 is specifically configured to divide a domain control server into a highest class, divide a workstation into a lowest class, and divide servers other than the domain control server and the workstation into an intermediate class;
correspondingly, the prohibiting module 20 is specifically configured to prohibit the domain control server and the other servers from logging in to the workstation.
On the basis of the foregoing embodiment, as a specific implementation manner, the shutdown module 30 is specifically configured to shutdown 139 ports and 445 ports of the workstation.
On the basis of the above embodiment, as a specific implementation manner, the method further includes:
a first allocation module for allocating permissions allowing local login to administrator groups and user groups of the workstation;
and the second distribution module is used for distributing the authority for allowing local login to the administrator group of the domain control server.
On the basis of the above embodiment, as a specific implementation manner, the method further includes:
and the setting module is used for setting an administrator and a backup operator for the other servers.
The present application also provides an apparatus for blocking SMB lateral movement, shown with reference to fig. 3, comprising a memory 1 and a processor 2.
A memory 1 for storing a computer program;
a processor 2 for executing a computer program to implement the steps of:
grading the servers; wherein the workstation is at a lowest level; prohibiting a server with a higher level than the workstation from logging into the workstation; closing a server port of the workstation to reject SMB traffic flowing into the workstation; creating a DENY SMB strategy for the first class server; ASR rules are created for the second category of servers.
For the introduction of the device provided in the present application, please refer to the above method embodiment, which is not described herein again.
The present application further provides a computer readable storage medium having a computer program stored thereon, which when executed by a processor, performs the steps of:
grading the servers; wherein the workstation is at a lowest level; disabling a server ranked higher than the workstation from logging into the workstation; closing a server port of the workstation to reject SMB traffic flowing into the workstation; creating a DENY SMB strategy for the first class server; ASR rules are created for the second category of servers.
The computer-readable storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
For the introduction of the computer-readable storage medium provided in the present application, please refer to the above method embodiments, which are not described herein again.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device, the apparatus and the computer-readable storage medium disclosed by the embodiments correspond to the method disclosed by the embodiments, so that the description is simple, and the relevant points can be referred to the description of the method.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The method, apparatus, device and computer readable storage medium for blocking SMB lateral shift provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.

Claims (10)

1. A method of blocking SMB lateral movement, comprising:
grading the servers; wherein the workstation is at a lowest level;
disabling a server ranked higher than the workstation from logging into the workstation;
closing a server port of the workstation to reject SMB traffic flowing into the workstation;
creating a DENY SMB policy for a first class server to DENY SMB traffic from flowing from the workstation to the first class server; the first class server comprises a domain control server, a file server and a log record server which are communicated with the workstation;
creating an ASR rule for the second class server to block SMB flow lateral movement of the host layer; the second class of servers are high risk servers.
2. A method of blocking SMB lateral movement according to claim 1, wherein said ranking servers includes:
dividing a domain control server into the highest grade, dividing the workstation into the lowest grade, and dividing other servers except the domain control server and the workstation into intermediate grades;
accordingly, inhibiting a server that is ranked higher than the workstation from logging into the workstation comprises:
and forbidding the domain control server and the other servers to log in the workstation.
3. A method of blocking SMB lateral movement in accordance with claim 1, wherein said shutting down a server port of said workstation comprises:
the 139 and 445 ports of the workstation are closed.
4. The method of blocking SMB lateral movement of claim 2, further comprising:
assigning permissions allowing local login to administrator groups and user groups of the workstation;
assigning a right to allow local login to an administrator group of the domain control server.
5. The method of blocking SMB lateral movement of claim 2, further comprising:
and setting an administrator and a backup operator for the other servers.
6. A device for blocking SMB lateral movement, comprising:
the grading module is used for grading the servers; wherein the workstation is at a lowest level;
the forbidding module is used for forbidding a server with a higher level than the workstation to log in the workstation;
the closing module is used for closing a server port of the workstation to refuse SMB flow to flow into the workstation;
the first establishing module is used for establishing a DENY SMB strategy for a first class server so as to refuse SMB flow to flow into the first class server from the workstation; the first class server comprises a domain control server, a file server and a log record server which are communicated with the workstation;
the second establishing module is used for establishing an ASR rule for the second class server so as to block the SMB flow of the host layer from moving transversely; the second class of servers are high risk servers.
7. The device for blocking SMB lateral movement according to claim 6, wherein the classification module is specifically configured to classify a domain control server into a highest class, classify the workstation into a lowest class, and classify other servers except the domain control server and the workstation into an intermediate class;
correspondingly, the forbidding module is specifically configured to forbid the domain control server and the other servers from logging in to the workstation.
8. Device for blocking SMB lateral movement according to claim 7, characterised in that the shut-down module is specifically adapted to shut down 139 and 445 ports of the workstation.
9. An apparatus for blocking SMB lateral movement, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the method of blocking SMB lateral movement of any one of claims 1 to 5 when said computer program is executed.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, carries out the steps of the method of blocking SMB lateral movement of any one of claims 1 to 5.
CN202011445119.1A 2020-12-11 2020-12-11 Method and related device for blocking SMB lateral movement Active CN112615832B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011445119.1A CN112615832B (en) 2020-12-11 2020-12-11 Method and related device for blocking SMB lateral movement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011445119.1A CN112615832B (en) 2020-12-11 2020-12-11 Method and related device for blocking SMB lateral movement

Publications (2)

Publication Number Publication Date
CN112615832A CN112615832A (en) 2021-04-06
CN112615832B true CN112615832B (en) 2022-08-02

Family

ID=75232891

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011445119.1A Active CN112615832B (en) 2020-12-11 2020-12-11 Method and related device for blocking SMB lateral movement

Country Status (1)

Country Link
CN (1) CN112615832B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102362281A (en) * 2009-03-18 2012-02-22 日本电气株式会社 Policy generation and conversion system, policy distribution system, and method and program therefor
CN103391273A (en) * 2012-05-08 2013-11-13 孙玮 Method and device for controlling access authority of internet website user information
US9264395B1 (en) * 2012-04-11 2016-02-16 Artemis Internet Inc. Discovery engine
CN110933094A (en) * 2019-12-04 2020-03-27 深信服科技股份有限公司 Network security equipment and smb vulnerability detection method, device and medium thereof

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7711835B2 (en) * 2004-09-30 2010-05-04 Citrix Systems, Inc. Method and apparatus for reducing disclosure of proprietary data in a networked environment
WO2010045089A1 (en) * 2008-10-08 2010-04-22 Sourcefire, Inc. Target-based smb and dce/rpc processing for an intrusion detection system or intrusion prevention system
CN102972004B (en) * 2010-06-25 2016-01-20 日本电气株式会社 Confidential information is revealed the leakage of anti-locking system, confidential information leak-preventing method and confidential information and is prevented program
US9473532B2 (en) * 2012-07-19 2016-10-18 Box, Inc. Data loss prevention (DLP) methods by a cloud service including third party integration architectures
CN103780684B (en) * 2014-01-10 2017-04-05 清华大学 Data sharing method between the smart machine based on file system
CN104539611B (en) * 2014-12-26 2016-09-07 深圳市奇付通科技有限公司 Share the method for file management, Apparatus and system
US11290489B2 (en) * 2019-03-07 2022-03-29 Microsoft Technology Licensing, Llc Adaptation of attack surface reduction clusters

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102362281A (en) * 2009-03-18 2012-02-22 日本电气株式会社 Policy generation and conversion system, policy distribution system, and method and program therefor
US9264395B1 (en) * 2012-04-11 2016-02-16 Artemis Internet Inc. Discovery engine
CN103391273A (en) * 2012-05-08 2013-11-13 孙玮 Method and device for controlling access authority of internet website user information
CN110933094A (en) * 2019-12-04 2020-03-27 深信服科技股份有限公司 Network security equipment and smb vulnerability detection method, device and medium thereof

Also Published As

Publication number Publication date
CN112615832A (en) 2021-04-06

Similar Documents

Publication Publication Date Title
US11222123B2 (en) Securing privileged virtualized execution instances from penetrating a virtual host environment
JP5203969B2 (en) Securing data in a networked environment
US8407240B2 (en) Autonomic self-healing network
US8499330B1 (en) Enterprise desktop security management and compliance verification system and method
US7343488B2 (en) Method and apparatus for providing discrete data storage security
CN113169975A (en) Automatic generation of security rules for network micro-and nano-segments
US8087065B2 (en) Method and system for implementing mandatory file access control in native discretionary access control environments
US10467058B2 (en) Sandboxing for multi-tenancy
CN101594360B (en) Local area network system and method for maintaining safety thereof
TWI430613B (en) Bi-planar network architecture
US20230069738A1 (en) Systems and Methods for Automated Risk-Based Network Security Focus
CN109219949B (en) Method and apparatus for configuring security domains in a network function virtualization infrastructure
CN105183504A (en) Software server based process white-list updating method
US10911487B2 (en) On-device network protection
US20220400116A1 (en) Systems and methods for resilient ztna micro-segmentation policy generation
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
US11757888B2 (en) Systems and methods for fine grained forward testing for a ZTNA environment
CN112615832B (en) Method and related device for blocking SMB lateral movement
US12022292B2 (en) Partial limitation of a mobile network device
CN111212077B (en) Host access system and method
CN113407941A (en) Edge cloud node and terminal user security management method
CN112912879A (en) Apparatus and method for inter-process secure messaging
CN112823501A (en) System and method for determining data connections between software applications
CN117354060B (en) Method, system and medium for detecting loopholes of cloud computing IaaS layer
US20230132611A1 (en) Abnormal classic authorization detection systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant