CN113285952A - Network vulnerability blocking method and device, storage medium and processor - Google Patents

Network vulnerability blocking method and device, storage medium and processor Download PDF

Info

Publication number
CN113285952A
CN113285952A CN202110580982.6A CN202110580982A CN113285952A CN 113285952 A CN113285952 A CN 113285952A CN 202110580982 A CN202110580982 A CN 202110580982A CN 113285952 A CN113285952 A CN 113285952A
Authority
CN
China
Prior art keywords
target
firewall
rule
blacklist
address space
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110580982.6A
Other languages
Chinese (zh)
Other versions
CN113285952B (en
Inventor
李无言
葛柳飞
张昆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hillstone Networks Co Ltd
Original Assignee
Hillstone Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hillstone Networks Co Ltd filed Critical Hillstone Networks Co Ltd
Priority to CN202110580982.6A priority Critical patent/CN113285952B/en
Publication of CN113285952A publication Critical patent/CN113285952A/en
Application granted granted Critical
Publication of CN113285952B publication Critical patent/CN113285952B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application discloses a network leak plugging method and device, a storage medium and a processor. The method comprises the following steps: acquiring target interface parameters, and generating target IP address information based on the target interface parameters; generating a target plugging service rule based on the target IP address information; and sending the target blocking business rule to a firewall so that the firewall blocks the target threat based on the target blocking business rule. By the method and the device, the problem of low threat interception efficiency of the blocking service in the related technology is solved.

Description

Network vulnerability blocking method and device, storage medium and processor
Technical Field
The present application relates to the field of network vulnerability testing technologies, and in particular, to a network vulnerability sealing method, an apparatus, a storage medium, and a processor.
Background
With the continuous development of the technology, the amount of information owned by enterprises is continuously increased and the information value is continuously improved, so that the enterprises are more frequently threatened and attacked, and the information security examination of the enterprises is increasingly severe. In the face of the problems, enterprises increase the investment of protecting the information security of the enterprises, for example, spears and shields promote and develop mutually, the threat attack technology is continuously developed, and the threat success efficiency is higher and higher. Therefore, the requirements on the capability and efficiency of the security management platform for processing the threat blocking service are higher and higher, and the improvement of the efficiency of the blocking service becomes a main target.
Aiming at the problem of low threat interception efficiency of blocking service in the related technology, no effective solution is provided at present.
Disclosure of Invention
The present application mainly aims to provide a method, an apparatus, a storage medium, and a processor for network leak blocking, so as to solve the problem of low threat interception efficiency of blocking services in the related art.
In order to achieve the above object, according to an aspect of the present application, a network leak blocking method is provided. The method comprises the following steps: acquiring target interface parameters, and generating target IP address information based on the target interface parameters; generating a target plugging service rule based on the target IP address information; and sending the target blocking business rule to a firewall so that the firewall blocks the target threat based on the target blocking business rule.
Further, before obtaining the target interface parameter and generating the target IP address information based on the target interface parameter, the method further includes: starting a target strategy mode of the firewall; if the target strategy mode of the firewall contains the blacklist rule preconfigured by the firewall, judging whether the address space of the blacklist rule preconfigured by the firewall in the target strategy mode of the firewall is smaller than a first preset address space or not; if the address space of the blacklist rule configured in advance by the firewall is smaller than a first preset address space, establishing a first address space of the blacklist rule; and storing the blacklist rule pre-configured by the firewall in the first address space.
Further, after generating the target blocking service rule based on the target IP address information, the method further includes: judging whether the blacklist address book contains target blocking service rule address information or not; if the blacklist address book does not contain the address information of the target blocking service rule, judging whether the address space in the blacklist address book is smaller than a second preset address space or not, if the address space in the blacklist address book is smaller than the second preset address space, creating a second address space of the blacklist address book, and storing the target blocking service rule in the second address space; and if the blacklist address book contains the target blocking service rule address information, sending a return value of the target interface parameter to the target platform.
Further, sending the target blocking business rule to the firewall so that the firewall performs target threat interception based on the target blocking business rule includes: and if the target blocking business rule is different from the blacklist rule matching result pre-configured by the firewall, sending the target blocking business rule to the firewall so that the firewall blocks the target threat based on the target blocking business rule.
Further, the method further comprises: and if the target blocking service rule is the same as the matching result of the pre-configured blacklist rule of the firewall, the firewall carries out target threat interception based on the pre-configured blacklist rule of the firewall.
Further, the method further comprises: if the target strategy mode of the firewall does not contain the pre-configured blacklist rule of the firewall, creating the pre-configured blacklist rule to obtain the created pre-configured blacklist rule; judging whether the address space of a pre-configured blacklist rule after the firewall is established in a target strategy mode of the firewall is smaller than a third preset address space or not; if the address space of the pre-configured blacklist rule after the firewall is established is smaller than a third preset address space, establishing a third address space of the pre-configured blacklist rule after the firewall is established; and storing the pre-configured blacklist rule after the firewall is created in a third address space.
In order to achieve the above object, according to another aspect of the present application, a network leak plugging device is provided. The device includes: the first acquisition unit is used for acquiring target interface parameters and generating target IP address information based on the target interface parameters; the first generating unit is used for generating a target plugging service rule based on the target IP address information; and the first sending unit is used for sending the target blocking business rule to the firewall so that the firewall blocks the target threat based on the target blocking business rule.
Further, the apparatus further comprises: the first starting unit is used for starting a target strategy mode of the firewall before acquiring target interface parameters and generating target IP address information based on the target interface parameters; the first judgment unit is used for judging whether the address space of the blacklist rule preconfigured by the firewall in the target strategy mode of the firewall is smaller than a first preset address space or not if the target strategy mode of the firewall contains the blacklist rule preconfigured by the firewall; the first creating unit is used for creating a first address space of the blacklist rule if the address space of the blacklist rule configured in advance by the firewall is smaller than a first preset address space; the first storage unit is used for storing the blacklist rule pre-configured by the firewall in the first address space.
Further, the apparatus further comprises: the second judgment unit is used for judging whether the blacklist address book contains the address information of the target blocking service rule or not after the target blocking service rule is generated based on the target IP address information; the second creating unit is used for judging whether the address space in the blacklist address book is smaller than a second preset address space or not if the blacklist address book does not contain the address information of the target blocking service rule, creating the second address space of the blacklist address book if the address space in the blacklist address book is smaller than the second preset address space, and storing the target blocking service rule in the second address space; and the second sending unit is used for sending the return value of the target interface parameter to the target platform if the blacklist address book contains the target blocking service rule address information.
Further, the first transmission unit includes: and the first sending module is used for sending the target blocking business rule to the firewall if the matching result of the target blocking business rule is different from the blacklist rule preset by the firewall so as to intercept the target threat by the firewall based on the target blocking business rule.
Further, the apparatus further comprises: and the first processing unit is used for intercepting the target threat by the firewall based on the pre-configured blacklist rule of the firewall if the matching result of the target blocking service rule is the same as the pre-configured blacklist rule of the firewall.
Further, the apparatus further comprises: a third creating unit, configured to create a pre-configured blacklist rule if the target policy mode of the firewall does not include a blacklist rule pre-configured by the firewall, so as to obtain the created pre-configured blacklist rule; the third judging unit is used for judging whether the address space of the pre-configured blacklist rule after the firewall is established in the target strategy mode of the firewall is smaller than a third preset address space or not; the fourth creating unit is used for creating a third address space of the created pre-configured blacklist rule if the address space of the pre-configured blacklist rule created by the firewall is smaller than the third preset address space; and the second storage unit is used for storing the pre-configured blacklist rule after the firewall is created in a third address space.
Through the application, the following steps are adopted: acquiring target interface parameters, and generating target IP address information based on the target interface parameters; generating a target plugging service rule based on the target IP address information; and sending the target blocking business rule to a firewall so that the firewall blocks the target threat based on the target blocking business rule. The problem of low threat interception efficiency of blocking service in the related technology is solved. Target IP address information is generated through the target interface parameters, and a target blocking service rule is generated based on the target IP address information, so that the target blocking service rule is rapidly generated, and the effect of improving the threat interception efficiency of the blocking service is achieved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the application and, together with the description, serve to explain the application and are not intended to limit the application. In the drawings:
fig. 1 is a flowchart of a network leak blocking method provided according to an embodiment of the present application;
fig. 2 is a system operation diagram of a network leak blocking method according to an embodiment of the present application;
FIG. 3 is a flow chart of a system implementation of a network vulnerability sealing method provided in accordance with an embodiment of the present application; and
fig. 4 is a schematic diagram of a network vulnerability sealing apparatus provided according to an embodiment of the present application.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be used. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to the embodiment of the application, a network leak plugging method is provided.
Fig. 1 is a flowchart of a network leak blocking method according to an embodiment of the present application. As shown in fig. 1, the method comprises the steps of:
step S101, obtaining target interface parameters, and generating target IP address information based on the target interface parameters.
For example, the target interface parameters at least include target threat information a and information of a firewall B for defending the target threat information, if the target threat information a is a webpage tampered threat, the information of the firewall B is firewall information for preventing the webpage from being tampered with, target IP address information C is generated based on the target threat information a and the information of the firewall B for defending the target threat information, the target IP address information C is IP address information of the firewall information for preventing the webpage from being tampered with, and an effective defense rule is subsequently generated based on the target IP address information, so that effective interception of the target threat information a is realized.
And step S102, generating a target blocking business rule based on the target IP address information.
For example, according to target threat information a and information of a firewall B for defending the target threat information, target IP address information C is obtained, a target blocking service rule D is generated based on the IP address information C, if the target interface parameter information includes the tampered webpage threat information a at this time and the IP address information C capable of defending the tampered webpage threat information is obtained, a corresponding defense rule is generated based on the IP address information as the target blocking service rule D, wherein the defense rule is an effective interception tool or code formulated for the target threat.
And step S103, sending the target blocking business rule to a firewall so that the firewall blocks the target threat based on the target blocking business rule.
The target blocking business rule generated in the steps is sent to the firewall, and the firewall intercepts the target threat according to the target blocking business rule, so that the target blocking business rule is quickly generated, and the effect of improving the threat intercepting efficiency of the blocking business is achieved.
Fig. 2 is a schematic system operation diagram of a network vulnerability blocking method according to an embodiment of the present application, and as shown in fig. 2, a network situation awareness platform senses a threat and sends threat information to a security management platform through a target interface, and the security management platform starts a target policy mode of a firewall, that is, a blocking policy function mode of the firewall is started in the present application.
Optionally, in the method for blocking a network leak provided in the embodiment of the present application, before obtaining a target interface parameter and generating target IP address information based on the target interface parameter, the method further includes: starting a target strategy mode of the firewall; if the target strategy mode of the firewall contains the blacklist rule preconfigured by the firewall, judging whether the address space of the blacklist rule preconfigured by the firewall in the target strategy mode of the firewall is smaller than a first preset address space or not; if the address space of the blacklist rule configured in advance by the firewall is smaller than a first preset address space, establishing a first address space of the blacklist rule; and storing the blacklist rule pre-configured by the firewall in the first address space.
Specifically, after the blocking policy function mode of the firewall is started on the security management platform, whether the blocking policy function mode on the security management platform contains the blacklist rule pre-configured by the firewall is checked, if the blocking policy function mode of the firewall contains the blacklist rule pre-configured by the firewall, judging whether the current security management platform has enough address space to store the pre-configured blacklist rule of the firewall, if the current security management platform has insufficient address space to store the pre-configured blacklist rule of the firewall, and then a first address space for storing the blacklist rule pre-configured by the firewall needs to be created, so that the first address space meets the address space storage of the blacklist rule on the basis of the storage of the original blocking strategy function mode, and after the address space of the blacklist rule is created, the blacklist rule pre-configured by the firewall is stored in the first address space.
For example, if the pre-configured blacklist rule of the firewall includes A, B, C, D, after the blocking policy function mode of the firewall is opened on the security management platform, it is checked whether the firewall configuration pre-imported into the security management platform includes a complete blacklist rule pre-configured by the firewall, if the blocking policy function mode of the firewall includes the blacklist rule A, B, C, D pre-configured by the firewall, it is determined whether the current security management platform has a sufficient address space to store the blacklist rule A, B, C, D pre-configured by the firewall, and if the address space of the security management platform is insufficient, it is necessary to create an address space (corresponding to the first address space in the present application) for the security management platform, and store the pre-imported blacklist rule A, B, C, D. By judging the address space of the blacklist rule pre-configured by the firewall on the security management platform, the sufficient storage space of the blacklist rule on the security management platform is effectively ensured to deal with the attack of the target threat.
Optionally, in the network leak plugging method provided in the embodiment of the present application, the method further includes: if the target strategy mode of the firewall does not contain the pre-configured blacklist rule of the firewall, creating the pre-configured blacklist rule to obtain the created pre-configured blacklist rule; judging whether the address space of a pre-configured blacklist rule after the firewall is established in a target strategy mode of the firewall is smaller than a third preset address space or not; if the address space of the pre-configured blacklist rule after the firewall is established is smaller than a third preset address space, establishing a third address space of the pre-configured blacklist rule after the firewall is established; and storing the pre-configured blacklist rule after the firewall is created in a third address space. Specifically, if the blocking policy function mode of the firewall does not include the pre-configured blacklist rule of the firewall, the pre-configured blacklist rule of the firewall needs to be created. That is, a blacklist rule preconfigured by a firewall is created on a security management platform, after the creation is completed, whether the created blacklist rule preconfigured by the firewall meets the address storage requirement under the blocking policy function mode of the current security management platform needs to be judged, if the created blacklist rule preconfigured by the firewall does not meet the storage requirement, a third address space for storing the blacklist rule preconfigured by the firewall needs to be created, so that the blacklist rule preconfigured by the firewall can be stored in the third address space on the basis of the storage of the original blocking policy function mode.
For example, if the pre-configured blacklist rule of the firewall includes A, B, C, D, after the blocking policy function mode of the firewall is opened on the security management platform, check whether the firewall configuration pre-imported into the security management platform includes a complete pre-configured blacklist rule of the firewall, if the blocking policy function mode of the firewall does not include the pre-configured blacklist rule C, D of the firewall, it is necessary to add the pre-configured blacklist rule C, D of the firewall on the security management platform, after the creation is completed, it is also necessary to determine whether the created pre-configured blacklist rule A, B, C, D meets the address storage requirement in the blocking policy function mode of the current security management platform, if the created pre-configured blacklist rule A, B, C, D does not meet the storage requirement, it is necessary to create an address space (corresponding to the third address space of the present application) for storing the pre-configured blacklist rule of the firewall, and storing the blacklist rule configured in advance by the created firewall in a third address space. By judging whether the blacklist rules pre-configured by the firewall meet the requirement of the preset configuration number on the security management platform, the sufficient number of blacklist rules on the security management platform are effectively ensured to deal with the attack of the target threat. Specifically, when a network threat occurs, the firewall under the blocking policy function mode includes a pre-configured blacklist rule and a storage space of the corresponding blacklist rule (that is, a blacklist address book hereinafter), a form of an interface parameter is called through a network situation awareness platform, target IP address information is generated on a security management platform based on information carried by the interface parameter, and a target blocking service rule is generated based on the target IP address information. The interface parameter carried information comprises network threat IP information and target firewall information corresponding to the network threat IP information; and the target blocking business rule generates a corresponding target blocking business rule based on the target network threat IP information, and sends the target blocking business rule to the firewall so that the firewall intercepts the target threat based on the target blocking business rule.
It should be noted that, when a network threat occurs, the network situation awareness platform in the present application performs target threat awareness and simultaneously adds an interface, and sends interface parameter information carrying the target threat to the security management platform, and the security management platform quickly and safely responds to an interface request sent by the network situation awareness platform, accurately and quickly generates a target blocking service rule, and sends the target blocking service rule to a firewall for threat interception, so as to greatly improve the effect of blocking service efficiency when intercepting the target threat.
For example, the network situation awareness platform finds that the target threat is a: malicious tampering, B, unauthorized access, C: and eavesdropping, namely adding A, B, C corresponding interfaces respectively, wherein the interface information carries A, B, C threat information respectively, sending the A, B, C carried interface information to a safety management platform through a network situation awareness platform, and the safety management platform rapidly and safely responds to an interface request sent by the network situation awareness platform to accurately and rapidly generate a target blocking business rule.
Optionally, in the network vulnerability sealing method provided in the embodiment of the present application, after generating the target sealing service rule based on the target IP address information, the method further includes: judging whether the blacklist address book contains target blocking service rule address information or not; if the blacklist address book does not contain the address information of the target blocking service rule, judging whether the address space in the blacklist address book is smaller than a second preset address space or not, if the address space in the blacklist address book is smaller than the second preset address space, creating a second address space of the blacklist address book, and storing the target blocking service rule in the second address space; and if the blacklist address book contains the target blocking service rule address information, sending a return value of the target interface parameter to the target platform.
Fig. 3 is a flow chart of a system implementation of a network vulnerability sealing method according to an embodiment of the present application, where a firewall in the present application corresponds to FW in fig. 3, a network situation awareness platform in the present application corresponds to NSSA in fig. 3, as shown in fig. 3, after a target sealing service rule (corresponding to threat IP in fig. 3) generated by a security management platform, the security management platform matches a blacklist address book quickly through a prefix tree algorithm, determines whether a blacklist address book includes target sealing service rule address information based on IP address information of the target sealing service rule, and if the blacklist address book does not include the target sealing service rule address information, it may be determined that a pre-configured blacklist of the firewall does not include the target sealing service rule address, it is necessary to determine whether storage of the target sealing service rule is satisfied in an address space in the current blacklist address book, if the address space in the current blacklist address book does not meet the storage of the target blocking service rule, a second preset address space is created to store the target blocking service rule, if the address space in the blacklist address book contains the address information of the target blocking service rule, the blacklist rule pre-configured by the firewall can be judged to contain the target blocking service rule address, at the moment, the safety management platform does not need to send the target blocking service rule address to the target firewall, and the return value of the interface parameter of the target threat is sent to the network situation perception platform, so that the memory resource is saved, and the generation efficiency of the blocking service is improved.
For example, when the network situation awareness platform finds that the target threat is that the webpage is maliciously tampered, the network situation awareness platform sends target interface parameter information to the security management platform, generates IP address information for defending the webpage from maliciously tampered on the security management platform, generates rules (corresponding to the target blocking business rules in the application) for defending the webpage from maliciously tampered based on the IP address information, quickly matches a blacklist address book through a prefix tree algorithm, judges whether the address information of the rules for defending the webpage from maliciously tampered is included in the blacklist address book or not based on the IP address information of the rules for defending the webpage from maliciously tampered, and if the address information of the rules for defending the webpage from maliciously tampered is not included in the blacklist address book, needs to judge whether address space storage meeting the rules for defending the webpage from maliciously tampered in the address space in the current blacklist address book is stored, if the address space in the current blacklist address book does not meet the storage of the address space of the rule that the defense webpage is maliciously tampered with, an address space (corresponding to a second preset address space in the application) is created to store the rule that the defense webpage is maliciously tampered with, if address information containing the rule that the defense webpage is maliciously tampered with in the blacklist address book is found, the address that the defense webpage is maliciously tampered with in the blacklist rule preconfigured by the firewall is judged to contain the address of the rule that the defense webpage is maliciously tampered with, at the moment, the security management platform does not need to send the rule that the defense webpage is maliciously tampered with to the target firewall, but directly adopts the rule that the defense webpage preconfigured by the firewall is maliciously tampered with to carry out threat interception, and sends a target blocking service rule corresponding to the target threat to a network situation perception platform in the form of interface parameters through the security management platform to inform the network situation perception platform of carrying out threat interception, by means of the method for rapidly generating and sending the target blocking service rules to the target firewall to intercept the target threats, the threat interception efficiency of the blocking services is improved.
Optionally, in the network vulnerability blocking method provided in the embodiment of the present application, sending the target blocking service rule to the firewall, so that the firewall performs target threat interception based on the target blocking service rule includes: and if the target blocking business rule is different from the blacklist rule matching result pre-configured by the firewall, sending the target blocking business rule to the firewall so that the firewall blocks the target threat based on the target blocking business rule. As shown in fig. 3, the generated target blocking rule needs to be matched and checked with a blacklist rule preconfigured by a firewall, and if the matching result of the target blocking service rule is different from the blacklist rule preconfigured by the firewall, it is proved that the target blocking service rule is different from the blacklist rule preconfigured by the firewall, that is, the target blocking service rule of the target threat does not exist in a blacklist rule base preconfigured by the firewall, the target blocking service rule needs to be sent to the target firewall through a security management platform for intercepting the target threat. Optionally, in the network leak plugging method provided in the embodiment of the present application, the method further includes: and if the target blocking service rule is the same as the matching result of the pre-configured blacklist rule of the firewall, the firewall carries out target threat interception based on the pre-configured blacklist rule of the firewall.
It should be noted that the present application is not limited to the generation manner of generating the target blocking service rule based on the target IP address information, if the target blocking service rule is not generated based on the target threat IP address information, it can be determined whether the generated target blocking service rule needs to be issued to the firewall or not based on the matching result of the target blocking service rule and the pre-configured blacklist rule of the firewall, if the matching result of the target blocking service rule is the same as the pre-configured blacklist rule of the firewall, it is proved that the target blocking service rule of the corresponding target threat exists in the pre-configured blacklist rule base of the firewall, at this time, the security management platform does not send the target blocking rule to the target firewall, but directly adopts the pre-configured blacklist rule of the firewall to perform threat interception, the present application verifies the matching result of the target blocking service rule and the pre-configured blacklist rule of the firewall, memory resources are saved, and the effect of improving the threat interception efficiency of the blocking service is achieved.
In summary, the network leak blocking method provided by the embodiment of the present application generates target IP address information based on target interface parameters by obtaining the target interface parameters; generating a target plugging service rule based on the target IP address information; and sending the target blocking business rule to a firewall so that the firewall blocks the target threat based on the target blocking business rule. The problem of low threat interception efficiency of blocking service in the related technology is solved. Target IP address information is generated through the target interface parameters, and a target blocking service rule is generated based on the target IP address information, so that the target blocking service rule is rapidly generated, and the effect of improving the threat interception efficiency of the blocking service is achieved.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
The embodiment of the present application further provides a network leak plugging device, and it should be noted that the network leak plugging device according to the embodiment of the present application may be used to execute the method for plugging a network leak provided by the embodiment of the present application. The network leak plugging device provided by the embodiment of the application is introduced below.
Fig. 4 is a schematic diagram of a network leak plugging device according to an embodiment of the present application. As shown in fig. 4, the apparatus includes: a first acquisition unit 401, a first generation unit 402, a first transmission unit 403.
Specifically, the first obtaining unit 401 is configured to obtain a target interface parameter, and generate target IP address information based on the target interface parameter;
a first generating unit 402, configured to generate a target blocking service rule based on the target IP address information;
a first sending unit 403, configured to send the target blocking service rule to the firewall, so that the firewall performs target threat interception based on the target blocking service rule.
To sum up, in the network leak plugging device provided in the embodiment of the present application, the first obtaining unit 401 obtains the target interface parameter, and generates the target IP address information based on the target interface parameter; the first generating unit 402 generates a target blocking service rule based on the target IP address information; the first sending unit 403 sends the target blocking service rule to the firewall, so that the firewall performs target threat interception based on the target blocking service rule, thereby solving the problem of low threat interception efficiency of the blocking service in the related art. Target IP address information is generated through the target interface parameters, and a target blocking service rule is generated based on the target IP address information, so that the target blocking service rule is rapidly generated, and the effect of improving the threat interception efficiency of the blocking service is achieved.
Optionally, in the network leak plugging device provided in the embodiment of the present application, the device further includes: the first starting unit is used for starting a target strategy mode of the firewall before acquiring target interface parameters and generating target IP address information based on the target interface parameters; the first judgment unit is used for judging whether the address space of the blacklist rule preconfigured by the firewall in the target strategy mode of the firewall is smaller than a first preset address space or not if the target strategy mode of the firewall contains the blacklist rule preconfigured by the firewall; the first creating unit is used for creating a first address space of the blacklist rule if the address space of the blacklist rule configured in advance by the firewall is smaller than a first preset address space; the first storage unit is used for storing the blacklist rule pre-configured by the firewall in the first address space.
Optionally, in the network leak plugging device provided in the embodiment of the present application, the device further includes: the second judgment unit is used for judging whether the blacklist address book contains the address information of the target blocking service rule or not after the target blocking service rule is generated based on the target IP address information; the second creating unit is used for judging whether the address space in the blacklist address book is smaller than a second preset address space or not if the blacklist address book does not contain the address information of the target blocking service rule, creating the second address space of the blacklist address book if the address space in the blacklist address book is smaller than the second preset address space, and storing the target blocking service rule in the second address space; and the second sending unit is used for sending the return value of the target interface parameter to the target platform if the blacklist address book contains the target blocking service rule address information.
Optionally, in the network vulnerability sealing apparatus provided in this embodiment of the present application, the first sending unit 403 includes: and the first sending module is used for sending the target blocking business rule to the firewall if the matching result of the target blocking business rule is different from the blacklist rule preset by the firewall so as to intercept the target threat by the firewall based on the target blocking business rule.
Optionally, in the network leak plugging device provided in the embodiment of the present application, the device further includes: and the first processing unit is used for intercepting the target threat by the firewall based on the pre-configured blacklist rule of the firewall if the matching result of the target blocking service rule is the same as the pre-configured blacklist rule of the firewall.
Optionally, in the network leak plugging device provided in the embodiment of the present application, the device further includes: a third creating unit, configured to create a pre-configured blacklist rule if the target policy mode of the firewall does not include a blacklist rule pre-configured by the firewall, so as to obtain the created pre-configured blacklist rule; the third judging unit is used for judging whether the address space of the pre-configured blacklist rule after the firewall is established in the target strategy mode of the firewall is smaller than a third preset address space or not; the fourth creating unit is used for creating a third address space of the created pre-configured blacklist rule if the address space of the pre-configured blacklist rule created by the firewall is smaller than the third preset address space; and the second storage unit is used for storing the pre-configured blacklist rule after the firewall is created in a third address space.
The network leak plugging device includes a processor and a memory, the first acquiring unit 401, the first generating unit 402, the first sending unit 403, and the like are all stored in the memory as program units, and the processor executes the program units stored in the memory to implement corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more, and network leak plugging is carried out by adjusting kernel parameters.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
An embodiment of the present invention provides a storage medium, on which a program is stored, where the program, when executed by a processor, implements a network leak blocking method.
The embodiment of the invention provides a processor, which is used for running a program, wherein a network vulnerability blocking method is executed when the program runs.
The embodiment of the invention provides equipment, which comprises a processor, a memory and a program which is stored on the memory and can run on the processor, wherein the processor executes the program and realizes the following steps: acquiring target interface parameters, and generating target IP address information based on the target interface parameters; generating a target plugging service rule based on the target IP address information; and sending the target blocking business rule to a firewall so that the firewall blocks the target threat based on the target blocking business rule.
The processor executes the program and further realizes the following steps: before target interface parameters are obtained and target IP address information is generated based on the target interface parameters, a target strategy mode of a firewall is started; if the target strategy mode of the firewall contains the blacklist rule preconfigured by the firewall, judging whether the address space of the blacklist rule preconfigured by the firewall in the target strategy mode of the firewall is smaller than a first preset address space or not; if the address space of the blacklist rule configured in advance by the firewall is smaller than a first preset address space, establishing a first address space of the blacklist rule; and storing the blacklist rule pre-configured by the firewall in the first address space.
The processor executes the program and further realizes the following steps: after a target blocking service rule is generated based on the target IP address information, whether the blacklist address book contains the target blocking service rule address information or not is judged; if the blacklist address book does not contain the address information of the target blocking service rule, judging whether the address space in the blacklist address book is smaller than a second preset address space or not, if the address space in the blacklist address book is smaller than the second preset address space, creating a second address space of the blacklist address book, and storing the target blocking service rule in the second address space; and if the blacklist address book contains the target blocking service rule address information, sending a return value of the target interface parameter to the target platform.
The processor executes the program and further realizes the following steps: and if the target blocking business rule is different from the blacklist rule matching result pre-configured by the firewall, sending the target blocking business rule to the firewall so that the firewall blocks the target threat based on the target blocking business rule.
The processor executes the program and further realizes the following steps: and if the target blocking service rule is the same as the matching result of the pre-configured blacklist rule of the firewall, the firewall carries out target threat interception based on the pre-configured blacklist rule of the firewall.
The processor executes the program and further realizes the following steps: if the target strategy mode of the firewall does not contain the pre-configured blacklist rule of the firewall, creating the pre-configured blacklist rule to obtain the created pre-configured blacklist rule; judging whether the address space of a pre-configured blacklist rule after the firewall is established in a target strategy mode of the firewall is smaller than a third preset address space or not; if the address space of the pre-configured blacklist rule after the firewall is established is smaller than a third preset address space, establishing a third address space of the pre-configured blacklist rule after the firewall is established; and storing the pre-configured blacklist rule after the firewall is created in a third address space. The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device: acquiring target interface parameters, and generating target IP address information based on the target interface parameters; generating a target plugging service rule based on the target IP address information; and sending the target blocking business rule to a firewall so that the firewall blocks the target threat based on the target blocking business rule.
When executed on a data processing device, is further adapted to perform a procedure for initializing the following method steps: before target interface parameters are obtained and target IP address information is generated based on the target interface parameters, a target strategy mode of a firewall is started; if the target strategy mode of the firewall contains the blacklist rule preconfigured by the firewall, judging whether the address space of the blacklist rule preconfigured by the firewall in the target strategy mode of the firewall is smaller than a first preset address space or not; if the address space of the blacklist rule configured in advance by the firewall is smaller than a first preset address space, establishing a first address space of the blacklist rule; and storing the blacklist rule pre-configured by the firewall in the first address space.
When executed on a data processing device, is further adapted to perform a procedure for initializing the following method steps: after a target blocking service rule is generated based on the target IP address information, whether the blacklist address book contains the target blocking service rule address information or not is judged; if the blacklist address book does not contain the address information of the target blocking service rule, judging whether the address space in the blacklist address book is smaller than a second preset address space or not, if the address space in the blacklist address book is smaller than the second preset address space, creating a second address space of the blacklist address book, and storing the target blocking service rule in the second address space; and if the blacklist address book contains the target blocking service rule address information, sending a return value of the target interface parameter to the target platform.
When executed on a data processing device, is further adapted to perform a procedure for initializing the following method steps: and if the target blocking business rule is different from the blacklist rule matching result pre-configured by the firewall, sending the target blocking business rule to the firewall so that the firewall blocks the target threat based on the target blocking business rule.
When executed on a data processing device, is further adapted to perform a procedure for initializing the following method steps: and if the target blocking service rule is the same as the matching result of the pre-configured blacklist rule of the firewall, the firewall carries out target threat interception based on the pre-configured blacklist rule of the firewall.
When executed on a data processing device, is further adapted to perform a procedure for initializing the following method steps: if the target strategy mode of the firewall does not contain the pre-configured blacklist rule of the firewall, creating the pre-configured blacklist rule to obtain the created pre-configured blacklist rule; judging whether the address space of a pre-configured blacklist rule after the firewall is established in a target strategy mode of the firewall is smaller than a third preset address space or not; if the address space of the pre-configured blacklist rule after the firewall is established is smaller than a third preset address space, establishing a third address space of the pre-configured blacklist rule after the firewall is established; and storing the pre-configured blacklist rule after the firewall is created in a third address space.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A network vulnerability sealing method is characterized by comprising the following steps:
acquiring target interface parameters, and generating target IP address information based on the target interface parameters;
generating a target blocking service rule based on the target IP address information;
and sending the target blocking business rule to a firewall so that the firewall carries out target threat interception based on the target blocking business rule.
2. The method of claim 1, wherein prior to obtaining target interface parameters and generating target IP address information based on the target interface parameters, the method further comprises:
starting a target strategy mode of the firewall;
if the target policy mode of the firewall contains the blacklist rule preconfigured by the firewall, judging whether the address space of the blacklist rule preconfigured by the firewall in the target policy mode of the firewall is smaller than a first preset address space; if the address space of the blacklist rule preconfigured by the firewall is smaller than the first preset address space, creating a first address space of the blacklist rule;
and storing the blacklist rule pre-configured by the firewall in the first address space.
3. The method of claim 1, wherein after generating the target blocking traffic rule based on the target IP address information, the method further comprises:
judging whether the blacklist address book contains target blocking service rule address information or not;
if the blacklist address book does not contain target blocking service rule address information, judging whether an address space in the blacklist address book is smaller than a second preset address space, if so, creating a second address space of the blacklist address book, and storing the target blocking service rule in the second address space;
and if the blacklist address book contains target blocking service rule address information, sending a return value of the target interface parameter to a target platform.
4. The method of claim 1, wherein sending the target blocking business rule to a firewall to enable the firewall to perform target threat interception based on the target blocking business rule comprises:
and if the target blocking business rule is different from a blacklist rule matching result pre-configured by the firewall, sending the target blocking business rule to the firewall so that the firewall performs target threat interception based on the target blocking business rule.
5. The method of claim 4, further comprising:
and if the target blocking service rule is the same as the matching result of the pre-configured blacklist rule of the firewall, the firewall carries out target threat interception based on the pre-configured blacklist rule of the firewall.
6. The method of claim 2, further comprising:
if the target strategy mode of the firewall does not contain the pre-configured blacklist rule of the firewall, creating the pre-configured blacklist rule to obtain the created pre-configured blacklist rule;
judging whether the address space of a pre-configured blacklist rule established by the firewall in the target strategy mode of the firewall is smaller than a third preset address space or not;
if the address space of the pre-configured blacklist rule after the firewall is established is smaller than the third preset address space, establishing a third address space of the pre-configured blacklist rule after the firewall is established;
and storing the pre-configured blacklist rule after the firewall is created in the third address space.
7. A network leak plugging device, comprising:
the first acquisition unit is used for acquiring target interface parameters and generating target IP address information based on the target interface parameters;
the first generating unit is used for generating a target plugging service rule based on the target IP address information;
and the first sending unit is used for sending the target blocking business rule to a firewall so that the firewall can intercept the target threat based on the target blocking business rule.
8. The apparatus of claim 7, further comprising:
the first starting unit is used for starting a target strategy mode of the firewall before target interface parameters are obtained and target IP address information is generated based on the target interface parameters;
the first judging unit is used for judging whether the address space of the blacklist rule preconfigured by the firewall in the target strategy mode of the firewall is smaller than a first preset address space or not if the blacklist rule preconfigured by the firewall in the target strategy mode of the firewall is included;
a first creating unit, configured to create a first address space of the blacklist rule if an address space of the blacklist rule preconfigured by the firewall is smaller than the first preset address space;
and the first storage unit is used for storing the blacklist rule pre-configured by the firewall in the first address space.
9. A processor, characterized in that the processor is configured to run a program, wherein the program when running performs the method of any of claims 1 to 6.
10. A storage medium, characterized in that the storage medium comprises a stored program, wherein the program performs the method of any one of claims 1 to 6.
CN202110580982.6A 2021-05-26 2021-05-26 Network vulnerability plugging method, device, storage medium and processor Active CN113285952B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110580982.6A CN113285952B (en) 2021-05-26 2021-05-26 Network vulnerability plugging method, device, storage medium and processor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110580982.6A CN113285952B (en) 2021-05-26 2021-05-26 Network vulnerability plugging method, device, storage medium and processor

Publications (2)

Publication Number Publication Date
CN113285952A true CN113285952A (en) 2021-08-20
CN113285952B CN113285952B (en) 2023-06-06

Family

ID=77281984

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110580982.6A Active CN113285952B (en) 2021-05-26 2021-05-26 Network vulnerability plugging method, device, storage medium and processor

Country Status (1)

Country Link
CN (1) CN113285952B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113965355A (en) * 2021-09-27 2022-01-21 中盈优创资讯科技有限公司 SOC-based illegal IP (Internet protocol) provincial network plugging method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103139184A (en) * 2011-12-02 2013-06-05 中国电信股份有限公司 Intelligent network firewall device and network attack protection method
CN111600895A (en) * 2020-05-20 2020-08-28 北京北斗弘鹏科技有限公司 Network security protection method and device, storage medium and electronic equipment
CN112583843A (en) * 2020-12-23 2021-03-30 北京珞安科技有限责任公司 Joint protection system and method and computer equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103139184A (en) * 2011-12-02 2013-06-05 中国电信股份有限公司 Intelligent network firewall device and network attack protection method
CN111600895A (en) * 2020-05-20 2020-08-28 北京北斗弘鹏科技有限公司 Network security protection method and device, storage medium and electronic equipment
CN112583843A (en) * 2020-12-23 2021-03-30 北京珞安科技有限责任公司 Joint protection system and method and computer equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113965355A (en) * 2021-09-27 2022-01-21 中盈优创资讯科技有限公司 SOC-based illegal IP (Internet protocol) provincial network plugging method and device
CN113965355B (en) * 2021-09-27 2023-07-28 中盈优创资讯科技有限公司 Illegal IP (Internet protocol) intra-provincial network plugging method and device based on SOC (system on chip)

Also Published As

Publication number Publication date
CN113285952B (en) 2023-06-06

Similar Documents

Publication Publication Date Title
CN103607385B (en) Method and apparatus for security detection based on browser
CN112054996B (en) Attack data acquisition method and device for honeypot system
JP2020030866A (en) Sensitive information processing method, device and server, and security determination system
EP2839406A1 (en) Detection and prevention of installation of malicious mobile applications
CN109379347B (en) Safety protection method and equipment
CN113179266A (en) Service request processing method and device, electronic equipment and storage medium
CN111132172A (en) Method, device and medium for preventing telecommunication fraud based on block chain
JP7531816B2 (en) Image-based malicious code detection method and device and artificial intelligence-based endpoint threat detection and response system using the same
CN106873958A (en) The call method and device of a kind of API
CN112700242A (en) Method, device and medium for detecting sensitive information of block chain in advance
CN110535857A (en) The method and apparatus of protecting network attack
CN113285952B (en) Network vulnerability plugging method, device, storage medium and processor
Rong‐na et al. Provenance‐based data flow control mechanism for Internet of things
WO2024125108A1 (en) On-demand enabling method and apparatus for security aspect of mobile terminal
CN113704211A (en) Data query method and device, electronic equipment and storage medium
CN112839052B (en) Virtual network security protection system, method, server and readable storage medium
CN109391689A (en) A kind of method and device that micro services application programming interface is called
CN114567678B (en) Resource calling method and device for cloud security service and electronic equipment
CN114189865B (en) Network attack protection method in communication network, computer device and storage medium
CN115604103A (en) Configuration method and device of cloud computing system, storage medium and electronic equipment
CN114697052B (en) Network protection method and device
CN114880300A (en) Processing method and device based on block chain file, processor and electronic equipment
CN113748658B (en) Equipment protection method and equipment
CN114297639A (en) Method and device for monitoring interface calling behavior, electronic equipment and medium
US11343279B2 (en) System and methods for developing secure platform to deliver end-to-end protection and safety for transactions using multi-dimensional, multi-layered security control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant