CN112738114A - Configuration method of network security policy - Google Patents
Configuration method of network security policy Download PDFInfo
- Publication number
- CN112738114A CN112738114A CN202011626889.6A CN202011626889A CN112738114A CN 112738114 A CN112738114 A CN 112738114A CN 202011626889 A CN202011626889 A CN 202011626889A CN 112738114 A CN112738114 A CN 112738114A
- Authority
- CN
- China
- Prior art keywords
- network
- policy
- strategy
- network object
- network security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method for configuring a network security policy, which is characterized in that the policy is configured according to the action of the policy, if the action of the policy is allowable, whether a source network object and a target network object of the policy belong to the same network area is judged, if yes, the policy is configured on corresponding network security equipment; if not, configuring according to a specific network security strategy on the network security equipment where the source network object is located, and simultaneously releasing access of IP from all internal network segments to the network segment governed by the equipment according to a loose strategy configured on the network security equipment where the target network object is located; and if the policy action is rejection, configuring the policy only on the network security equipment where the source network object is located. The invention effectively reduces the number of network security strategies by configuring the security protection devices related to the network security strategies by using a unified principle, does not need to reduce the protection capability at all, well promotes the subsequent management and optimizes the working efficiency.
Description
Technical Field
The invention relates to the technical field of network information security, in particular to a configuration method of a network security policy.
Background
With the rapid development of the internet, the malicious behaviors on the network are increased, and the network security policy is used as a main means for network security prevention and protection, so that the security of a network system is maintained and network resources are protected from being illegally accessed. For enterprises and public institutions, different network areas can be divided in enterprises, and according to related network security regulations, network security equipment needs to be deployed at the boundary of the network area for security protection, wherein a network security policy plays the most basic role in protection.
The existing configuration methods of the network security policy are generally divided into two types, one type is configured according to a large network segment, and the method has the advantages of simple policy, small quantity, difficulty in change and convenience for subsequent maintenance and management; the disadvantage is that the protection granularity is relatively coarse by taking a network segment as granularity, so that the protection capability of a network security strategy is directly reduced; the other is configured according to the detailed IP, and the method has the advantages that the configuration is carried out according to the requirement, and the protection capability is strong; the method has the disadvantages that the number of the strategies is large, and the strategies are configured according to needs, so that maintenance personnel are required to frequently change the configuration of the network security strategies under the scene that the updating of the access relation of the system application is fast, the operation is complicated, and the later maintenance management is troublesome.
Disclosure of Invention
The invention aims to provide a configuration method of a network security policy, which solves the problem that the existing configuration method of the network security policy cannot combine the characteristics of stronger protection capability and convenient operation, maintenance and management.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
a configuration method of network security policy comprises the following steps:
(1) preprocessing all network security policies to be configured; the network security policy comprises an active network object, a target network object, a port and an action;
(2) after preprocessing, configuring each strategy according to the action of the strategy, if the action of the strategy is allowed, firstly judging whether a source network object and a target network object of the strategy belong to the same network area, if so, configuring the strategy on corresponding network security equipment; if not, executing the step (3); if the policy action is rejection, configuring the policy only on the network security equipment where the source network object is located, and not configuring the policy on the network security equipment where the destination network object is located;
(3) configuring according to a specific network security strategy on the network security equipment where the source network object is located, and simultaneously releasing access of IP from all internal network segments to the network segment governed by the equipment according to a loose strategy configured on the network security equipment where the target network object is located;
(4) and (4) recycling the steps (1) to (3).
Further, when each policy is configured, the larger the policy ID, the higher the priority.
Specifically, the pretreatment process in step (1) is as follows:
(a) analyzing the IP contained in the source network object and the IP contained in the target network object in the network security policy;
(b) if the IP in the source network object belongs to the same network area and the IP in the target network object belongs to the same network area, executing the step (2); otherwise, performing different processing according to the IP attribution condition and then executing the step (2), specifically as follows:
case 1: splitting the strategy according to the network area to which the IP of the target network object belongs if the IP of the source network object belongs to the same network area and the IP of the target network object does not belong to the same network area;
case 2: if the IP of the target network object belongs to the same network area, splitting the strategy according to the network area to which the IP of the source network object belongs;
case 3: the IP in the source network object does not belong to the same network area, the IP of the target network object does not belong to the same network area, the original strategy is split according to the network area to which the IP of the source network object belongs, the processed strategy is the same as the condition 1, and then the strategy is split by secondary processing according to the condition 1; or splitting the original policy according to the network area to which the IP of the target network object belongs, and performing secondary processing splitting on the policy according to the condition 2 after the processed policy is the same as the condition 2.
Compared with the prior art, the invention has the following beneficial effects:
the invention considers the configuration strategy of the network security equipment associated with the network security strategy when configuring the network security strategy, namely: the configuration is performed by using a unified principle (strictly in and out) among safety protection devices involved in the network safety policy. Therefore, the invention not only ensures the effectiveness of the strategies, but also greatly reduces the number of the strategies (tests show that half of the configuration items of the network security strategies can be reduced to the maximum extent), and the protection capability does not need to be reduced at all, thereby laying a good foundation for the subsequent management and optimization work efficiency of the network security strategies.
Drawings
FIG. 1 is a schematic flow chart of the present invention.
Detailed Description
The invention discloses a configuration method of network security policies, which has the core idea that all the policies related to the network security policies are preprocessed and configured according to the strict 'wide-in' principle by analyzing the network security protection equipment related to each network security policy, and the specific flow is shown in figure 1.
Firstly, preprocessing all network security policies to be configured; the network security policy includes an active network object, a destination network object, a port, and an action.
The invention preprocesses the strategy, aiming at leading the IP in the source network object and the IP in the target network object to belong to the same network area, the processing mode is that the IP contained in the source network object and the IP contained in the target network object in the network security strategy are analyzed, and then different processing is carried out according to the IP attribution condition, which is concretely as follows:
case 1: splitting the strategy according to the network area to which the IP of the target network object belongs if the IP of the source network object belongs to the same network area and the IP of the target network object does not belong to the same network area;
case 2: if the IP of the target network object belongs to the same network area, splitting the strategy according to the network area to which the IP of the source network object belongs;
case 3: the IP in the source network object does not belong to the same network area, the IP of the target network object does not belong to the same network area, the original strategy is split according to the network area to which the IP of the source network object belongs, the processed strategy is the same as the condition 1, and then the strategy is split by secondary processing according to the condition 1; or splitting the original strategy according to the network area to which the IP of the target network object belongs, wherein the processed strategy is the same as the case 2, and then splitting the strategy by secondary processing according to the case 2;
case 4: the IP in the source network object belongs to the same network object, and the IP in the target network object belongs to the same network area without processing.
Then, the configuration of each strategy is realized according to the action of the strategy, if the action of the strategy is allowed, whether the source network object and the target network object of the strategy belong to the same network area is judged, if yes, the strategy is configured on the corresponding network security equipment; if not, the network security equipment (such as a firewall) on which the source network object is located is configured according to a specific network security strategy, and meanwhile, the network security equipment on which the target network object is located is configured with a loose strategy to release the access of the IP from all internal network segments to the network segment governed by the equipment.
If the policy action is rejection, the policy is configured only on the network security device where the source network object is located, and the policy is not configured on the network security device where the destination network object is located.
The present invention is further illustrated by the following examples, which include, but are not limited to, the following examples.
Examples
The scenario of multiple firewalls can be extended, illustrated with three firewalls.
Assume that the network area governed by firewall F1 is 1.1.0.0/16, the network area governed by firewall F2 is 1.2.0.0/16, and the network area governed by firewall F3 is 1.3.0.0/16.
According to the service scenario, the following network security policies need to be configured:
(1)permit src host 1.1.1.1/31to dst host 1.1.2.1tcp port 3306
(2)permit src host 1.1.2.1to dst host 1.2.2.1tcp port 3306
(3)deny src host 1.1.1.1to dst host 1.1.3.1tcp port 443
(4)permit src host 1.2.1.1and 1.3.1.1to host 1.2.10.1tcp port 22
initially, three firewalls were configured with default rejection policies, as shown in table 1:
TABLE 1
For the first policy, since the source network object and the destination network object are both on the firewall F1, the policy is configured directly on the firewall F1, and a default denial policy is added, after the configuration is completed, the network security policy on the current firewall F1 is as follows
Shown in Table 2:
TABLE 2
For the second policy, since the source network object and the destination network object are respectively on the firewalls F1 and F2, and the policy action is pass (allow), a detail policy is configured on the wall F1 where the source network object is located, a loose policy is configured on the wall F2 where the destination network object is located, and the policies of the firewalls F1 and F2 after the configuration is completed are shown in table 3:
TABLE 3
For the third policy, the source network object and the destination network object are respectively in firewalls F1 and F3, and the action is denial, so the denial policy of the detail IP is configured on the firewall F1, and the configuration of the policy is not performed on the firewall F3, and after the configuration is completed, as shown in table 4:
TABLE 4
For the fourth policy, because the IP in the source network object does not belong to the same firewall, the policy is preprocessed and split into two policies 4.1 and 4.2:
4.1:permit src host 1.2.1.1to host 1.2.10.1tcp port 22
4.2:permit src host 1.3.1.1to host 1.2.10.1tcp port 22
for 4.1, the source network object and the destination network object belong to the same firewall F2, so the policy only needs to be configured on F2 according to 4.1;
for 4.2, the source network object and the destination network object do not belong to the same firewall, so it is sufficient to configure a detailed policy on the wall F3 where the source and destination network objects are located, and configure a rough policy on the wall F2 where the destination network object is located, and after configuration is completed, as shown in table 5:
TABLE 5
The larger the policy ID is, the higher the priority is in this embodiment.
Through the ingenious design, the configuration of the network security policy has the characteristics of strong protection capability and convenient operation and maintenance management, and lays a good foundation for the subsequent management and optimization work efficiency of the network security policy. The scheme of the invention seems to be simple, is not easy to think of in fact, and can break through the limitation of the prior art by the simplest and most effective means only by deeply researching the network security characteristics and combining practice and theory, thereby realizing the maximization of the effect. Therefore, compared with the prior art, the invention has outstanding substantive features and remarkable progress.
The above-mentioned embodiments are only preferred embodiments of the present invention, and should not be construed as limiting the scope of the present invention, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
Claims (3)
1. A configuration method of network security policy is characterized by comprising the following steps:
(1) preprocessing all network security policies to be configured; the network security policy comprises an active network object, a target network object, a port and an action;
(2) after preprocessing, configuring each strategy according to the action of the strategy, if the action of the strategy is allowed, firstly judging whether a source network object and a target network object of the strategy belong to the same network area, if so, configuring the strategy on corresponding network security equipment; if not, executing the step (3); if the policy action is rejection, configuring the policy only on the network security equipment where the source network object is located, and not configuring the policy on the network security equipment where the destination network object is located;
(3) configuring according to a specific network security strategy on the network security equipment where the source network object is located, and simultaneously releasing access of IP from all internal network segments to the network segment governed by the equipment according to a loose strategy configured on the network security equipment where the target network object is located;
(4) and (4) recycling the steps (1) to (3).
2. The method of claim 1, wherein the higher the policy ID, the higher the priority when configuring each policy.
3. The method for configuring network security policy according to claim 1 or 2, wherein the preprocessing in the step (1) is as follows:
(a) analyzing the IP contained in the source network object and the IP contained in the target network object in the network security policy;
(b) if the IP in the source network object belongs to the same network area and the IP in the target network object belongs to the same network area, executing the step (2); otherwise, performing different processing according to the IP attribution condition and then executing the step (2), specifically as follows:
case 1: splitting the strategy according to the network area to which the IP of the target network object belongs if the IP of the source network object belongs to the same network area and the IP of the target network object does not belong to the same network area;
case 2: if the IP of the target network object belongs to the same network area, splitting the strategy according to the network area to which the IP of the source network object belongs;
case 3: the IP in the source network object does not belong to the same network area, the IP of the target network object does not belong to the same network area, the original strategy is split according to the network area to which the IP of the source network object belongs, the processed strategy is the same as the condition 1, and then the strategy is split by secondary processing according to the condition 1; or splitting the original policy according to the network area to which the IP of the target network object belongs, and performing secondary processing splitting on the policy according to the condition 2 after the processed policy is the same as the condition 2.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011626889.6A CN112738114B (en) | 2020-12-31 | 2020-12-31 | Configuration method of network security policy |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011626889.6A CN112738114B (en) | 2020-12-31 | 2020-12-31 | Configuration method of network security policy |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112738114A true CN112738114A (en) | 2021-04-30 |
CN112738114B CN112738114B (en) | 2023-04-07 |
Family
ID=75609756
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011626889.6A Active CN112738114B (en) | 2020-12-31 | 2020-12-31 | Configuration method of network security policy |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112738114B (en) |
Citations (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050010820A1 (en) * | 1998-06-25 | 2005-01-13 | Jacobson Andrea M. | Network policy management and effectiveness system |
CN1604564A (en) * | 2004-10-29 | 2005-04-06 | 江苏南大苏富特软件股份有限公司 | Policy tree based packet filtering and management method |
CN1838592A (en) * | 2006-04-26 | 2006-09-27 | 南京大学 | Firewall method and system based on high-speed network data processing platform |
US20060218544A1 (en) * | 2005-03-25 | 2006-09-28 | Microsoft Corporation | Mechanism to store information describing a virtual machine in a virtual disk image |
JP2008219150A (en) * | 2007-02-28 | 2008-09-18 | Hitachi Ltd | Mobile communication system, gateway device and mobile terminal |
WO2008127124A2 (en) * | 2007-04-16 | 2008-10-23 | Kubekit As | Method and apparatus for verification of information access in ict- systems having multiple security dimensions and multiple security levels |
CN101640614A (en) * | 2009-09-03 | 2010-02-03 | 成都市华为赛门铁克科技有限公司 | Method and device for configuring IPSEC security strategy |
CN102210158A (en) * | 2008-12-24 | 2011-10-05 | Lg电子株式会社 | An iptv receiver and method for controlling an application in the iptv receiver |
CN102362283A (en) * | 2008-12-05 | 2012-02-22 | 社会传播公司 | Managing interactions in a network communications environment |
CN102725748A (en) * | 2010-01-26 | 2012-10-10 | 社会传播公司 | Web browser interface for spatial communication environments |
CN103856350A (en) * | 2012-12-04 | 2014-06-11 | 国际商业机器公司 | Object Oriented Networks |
US20140302834A1 (en) * | 2012-04-04 | 2014-10-09 | Port Nexus Corporation | Mobile device tracking monitoring system and device for enforcing organizational policies and no distracted driving protocols |
CN104811437A (en) * | 2015-03-16 | 2015-07-29 | 南京麦伦思科技有限公司 | Industrial control network safety strategy generation system and method |
CN104901960A (en) * | 2015-05-26 | 2015-09-09 | 汉柏科技有限公司 | Device and method for network security management based on alarm strategy |
CN105049347A (en) * | 2015-09-01 | 2015-11-11 | 重庆邮电大学 | Routing method of DTN (Delay Tolerant Network) based on social network task distribution model |
CN105099730A (en) * | 2014-04-23 | 2015-11-25 | 北京奇虎科技有限公司 | Terminal equipment and network flow calculation method and system based on terminal equipment |
CN105991562A (en) * | 2015-02-05 | 2016-10-05 | 华为技术有限公司 | IPSec acceleration method, apparatus and system |
CN106789873A (en) * | 2016-11-11 | 2017-05-31 | 国家电网公司 | A kind of inspection method of hierarchical protection secure border |
CN107948205A (en) * | 2017-12-31 | 2018-04-20 | 中国移动通信集团江苏有限公司 | Firewall strategy-generating method, device, equipment and medium |
CN108667776A (en) * | 2017-03-31 | 2018-10-16 | 中兴通讯股份有限公司 | A kind of network service diagnostic method |
CN109413088A (en) * | 2018-11-19 | 2019-03-01 | 中国科学院信息工程研究所 | Threat Disposal Strategies decomposition method and system in a kind of network |
CN110719256A (en) * | 2019-09-04 | 2020-01-21 | 贵阳忆联网络有限公司 | IP fragment attack defense method and device and network attack defense equipment |
CN110870278A (en) * | 2017-06-29 | 2020-03-06 | 亚马逊技术有限公司 | Security policy monitoring service |
CN111147528A (en) * | 2020-04-03 | 2020-05-12 | 四川新网银行股份有限公司 | Method for managing network security policy |
CN111163062A (en) * | 2019-12-12 | 2020-05-15 | 之江实验室 | Multi-network address hopping security defense method for cross fire attack |
CN111368095A (en) * | 2020-02-28 | 2020-07-03 | 河海大学 | Decision support system architecture and method based on water conservancy knowledge-affair coupling network |
CN111600912A (en) * | 2020-07-22 | 2020-08-28 | 四川新网银行股份有限公司 | Network security policy management system |
CN111935186A (en) * | 2020-10-09 | 2020-11-13 | 四川新网银行股份有限公司 | Optimization method of network security policy |
-
2020
- 2020-12-31 CN CN202011626889.6A patent/CN112738114B/en active Active
Patent Citations (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050010820A1 (en) * | 1998-06-25 | 2005-01-13 | Jacobson Andrea M. | Network policy management and effectiveness system |
CN1604564A (en) * | 2004-10-29 | 2005-04-06 | 江苏南大苏富特软件股份有限公司 | Policy tree based packet filtering and management method |
US20060218544A1 (en) * | 2005-03-25 | 2006-09-28 | Microsoft Corporation | Mechanism to store information describing a virtual machine in a virtual disk image |
CN1838592A (en) * | 2006-04-26 | 2006-09-27 | 南京大学 | Firewall method and system based on high-speed network data processing platform |
JP2008219150A (en) * | 2007-02-28 | 2008-09-18 | Hitachi Ltd | Mobile communication system, gateway device and mobile terminal |
WO2008127124A2 (en) * | 2007-04-16 | 2008-10-23 | Kubekit As | Method and apparatus for verification of information access in ict- systems having multiple security dimensions and multiple security levels |
CN102362283A (en) * | 2008-12-05 | 2012-02-22 | 社会传播公司 | Managing interactions in a network communications environment |
CN102210158A (en) * | 2008-12-24 | 2011-10-05 | Lg电子株式会社 | An iptv receiver and method for controlling an application in the iptv receiver |
CN101640614A (en) * | 2009-09-03 | 2010-02-03 | 成都市华为赛门铁克科技有限公司 | Method and device for configuring IPSEC security strategy |
CN102725748A (en) * | 2010-01-26 | 2012-10-10 | 社会传播公司 | Web browser interface for spatial communication environments |
US20140302834A1 (en) * | 2012-04-04 | 2014-10-09 | Port Nexus Corporation | Mobile device tracking monitoring system and device for enforcing organizational policies and no distracted driving protocols |
CN103856350A (en) * | 2012-12-04 | 2014-06-11 | 国际商业机器公司 | Object Oriented Networks |
CN105099730A (en) * | 2014-04-23 | 2015-11-25 | 北京奇虎科技有限公司 | Terminal equipment and network flow calculation method and system based on terminal equipment |
CN105991562A (en) * | 2015-02-05 | 2016-10-05 | 华为技术有限公司 | IPSec acceleration method, apparatus and system |
CN104811437A (en) * | 2015-03-16 | 2015-07-29 | 南京麦伦思科技有限公司 | Industrial control network safety strategy generation system and method |
CN104901960A (en) * | 2015-05-26 | 2015-09-09 | 汉柏科技有限公司 | Device and method for network security management based on alarm strategy |
CN105049347A (en) * | 2015-09-01 | 2015-11-11 | 重庆邮电大学 | Routing method of DTN (Delay Tolerant Network) based on social network task distribution model |
CN106789873A (en) * | 2016-11-11 | 2017-05-31 | 国家电网公司 | A kind of inspection method of hierarchical protection secure border |
CN108667776A (en) * | 2017-03-31 | 2018-10-16 | 中兴通讯股份有限公司 | A kind of network service diagnostic method |
CN110870278A (en) * | 2017-06-29 | 2020-03-06 | 亚马逊技术有限公司 | Security policy monitoring service |
CN107948205A (en) * | 2017-12-31 | 2018-04-20 | 中国移动通信集团江苏有限公司 | Firewall strategy-generating method, device, equipment and medium |
CN109413088A (en) * | 2018-11-19 | 2019-03-01 | 中国科学院信息工程研究所 | Threat Disposal Strategies decomposition method and system in a kind of network |
CN110719256A (en) * | 2019-09-04 | 2020-01-21 | 贵阳忆联网络有限公司 | IP fragment attack defense method and device and network attack defense equipment |
CN111163062A (en) * | 2019-12-12 | 2020-05-15 | 之江实验室 | Multi-network address hopping security defense method for cross fire attack |
CN111368095A (en) * | 2020-02-28 | 2020-07-03 | 河海大学 | Decision support system architecture and method based on water conservancy knowledge-affair coupling network |
CN111147528A (en) * | 2020-04-03 | 2020-05-12 | 四川新网银行股份有限公司 | Method for managing network security policy |
CN111600912A (en) * | 2020-07-22 | 2020-08-28 | 四川新网银行股份有限公司 | Network security policy management system |
CN111935186A (en) * | 2020-10-09 | 2020-11-13 | 四川新网银行股份有限公司 | Optimization method of network security policy |
Non-Patent Citations (2)
Title |
---|
KAI LAI: "《Data Safety Policy Considerations in Educational Information Management Systems》", 《2012 SIXTH INTERNATIONAL CONFERENCE ON INTERNET COMPUTING FOR SCIENCE AND ENGINEERING》 * |
谭龙: "《无线分组元网络中资源公平调度策略的研究》", 《中国优秀硕士学位论文全文数据库》 * |
Also Published As
Publication number | Publication date |
---|---|
CN112738114B (en) | 2023-04-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20230208811A1 (en) | Rule Swapping in a Packet Network | |
US9342691B2 (en) | Internet protocol threat prevention | |
US7830898B2 (en) | Method and apparatus for inter-layer binding inspection | |
CN103746996A (en) | Packet filtering method for firewall | |
CN105282169A (en) | DDoS attack warning method and system based on SDN controller threshold | |
CN102123396A (en) | Cloud detection method of virus and malware of mobile phone based on communication network | |
CN103475653A (en) | Method for detecting network data package | |
Smys et al. | Data elimination on repetition using a blockchain based cyber threat intelligence | |
WO2023041039A1 (en) | Secure access control method, system and apparatus based on dns resolution, and device | |
CN112738114B (en) | Configuration method of network security policy | |
CN107451469A (en) | A kind of process management system and method | |
Patidar et al. | Information theory-based techniques to detect DDoS in SDN: A survey | |
Brahmi et al. | A Snort-based mobile agent for a distributed intrusion detection system | |
CN107493279B (en) | nginx-based safety protection method and device | |
CN110581843B (en) | Mimic Web gateway multi-application flow directional distribution method | |
CN109756456B (en) | Method for improving network equipment safety, network equipment and readable storage medium | |
Luo | Security protection to industrial control system based on Defense-in-Depth strategy | |
Kassim et al. | An analysis on bandwidth utilization and traffic pattern for network security management | |
CN113518067A (en) | Security analysis method based on original message | |
Patel et al. | Approach of data security in local network using distributed firewalls | |
Wang | Research on firewall technology and its application in computer network security strategy | |
CN107623684B (en) | Method for controlling access of network service combination by using ABAC model | |
Gao | Research on cloud security control mechanism based on big data | |
Yun et al. | Design and Implementation of Power Network Security Protection System Based on Internet of Things | |
Klymash et al. | Monitoring of web service availability in distributed infocommunication systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |