CN113285952B - Network vulnerability plugging method, device, storage medium and processor - Google Patents

Network vulnerability plugging method, device, storage medium and processor Download PDF

Info

Publication number
CN113285952B
CN113285952B CN202110580982.6A CN202110580982A CN113285952B CN 113285952 B CN113285952 B CN 113285952B CN 202110580982 A CN202110580982 A CN 202110580982A CN 113285952 B CN113285952 B CN 113285952B
Authority
CN
China
Prior art keywords
target
firewall
blacklist
rule
address space
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110580982.6A
Other languages
Chinese (zh)
Other versions
CN113285952A (en
Inventor
李无言
葛柳飞
张昆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hillstone Networks Co Ltd
Original Assignee
Hillstone Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hillstone Networks Co Ltd filed Critical Hillstone Networks Co Ltd
Priority to CN202110580982.6A priority Critical patent/CN113285952B/en
Publication of CN113285952A publication Critical patent/CN113285952A/en
Application granted granted Critical
Publication of CN113285952B publication Critical patent/CN113285952B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application discloses a network vulnerability plugging method, a device, a storage medium and a processor. The method comprises the following steps: acquiring target interface parameters, and generating target IP address information based on the target interface parameters; generating a target plugging business rule based on the target IP address information; and sending the target blocking business rule to the firewall so that the firewall can intercept the target threat based on the target blocking business rule. By the method and the device, the problem of low threat interception efficiency of blocking business in the related technology is solved.

Description

Network vulnerability plugging method, device, storage medium and processor
Technical Field
The application relates to the technical field of network vulnerability testing, in particular to a network vulnerability plugging method, device, storage medium and processor.
Background
With the continuous development of technology, the enterprise has an increasing amount of information and an increasing value of information, so that the threat attack of the enterprise is more frequent, and the information security of the enterprise is more serious. In face of the problems, enterprises increase investment for protecting own information security, such as the mutual promotion development of spears and shields, threat attack technologies are continuously developed, and threat success efficiency is higher and higher. Therefore, the requirements on the capacity and the efficiency of the safety management platform for processing the threat blocking business are higher and higher, and the improvement on the blocking business efficiency becomes a main target.
Aiming at the problem of low threat interception efficiency of blocking business in the related technology, no effective solution is proposed at present.
Disclosure of Invention
The main purpose of the application is to provide a network vulnerability plugging method, device, storage medium and processor, so as to solve the problem of low threat interception efficiency of plugging business in the related technology.
In order to achieve the above object, according to one aspect of the present application, a network vulnerability plugging method is provided. The method comprises the following steps: acquiring target interface parameters, and generating target IP address information based on the target interface parameters; generating a target plugging business rule based on the target IP address information; and sending the target blocking business rule to the firewall so that the firewall can intercept the target threat based on the target blocking business rule.
Further, before acquiring the target interface parameter and generating the target IP address information based on the target interface parameter, the method further includes: starting a target policy mode of the firewall; if the target policy mode of the firewall contains a blacklist rule preconfigured by the firewall, judging whether an address space of the blacklist rule preconfigured by the firewall in the target policy mode of the firewall is smaller than a first preset address space; if the address space of the blacklist rule preconfigured by the firewall is smaller than the first preset address space, creating a first address space of the blacklist rule; the firewall preconfigured blacklist rules are stored in a first address space.
Further, after generating the target blocking service rule based on the target IP address information, the method further includes: judging whether the blacklist address book contains target blocking business rule address information or not; if the blacklist address book does not contain the target blocking business rule address information, judging whether the address space in the blacklist address book is smaller than a second preset address space, if the address space in the blacklist address book is smaller than the second preset address space, creating a second address space of the blacklist address book, and storing the target blocking business rule in the second address space; and if the blacklist address book contains target blocking business rule address information, sending a return value of the target interface parameter to the target platform.
Further, sending the target blocking business rule to the firewall so that the firewall performs target threat interception based on the target blocking business rule comprises: if the target blocking business rule is different from the blacklist rule matching result pre-configured by the firewall, the target blocking business rule is sent to the firewall so that the firewall can intercept the target threat based on the target blocking business rule.
Further, the method further comprises: if the target blocking business rule is the same as the matching result of the blacklist rule preconfigured by the firewall, the firewall intercepts the target threat based on the blacklist rule preconfigured by the firewall.
Further, the method further comprises: if the target policy mode of the firewall does not contain the preset blacklist rule of the firewall, creating the preset blacklist rule, and obtaining the created preset blacklist rule; judging whether the address space of a pre-configured blacklist rule after the firewall is established in a target policy mode of the firewall is smaller than a third preset address space; if the address space of the pre-configured blacklist rule after the firewall is created is smaller than the third preset address space, creating a third address space of the pre-configured blacklist rule after the firewall is created; and storing the pre-configured blacklist rule after the firewall is created in a third address space.
In order to achieve the above object, according to another aspect of the present application, there is provided a network leak blocking device. The device comprises: the first acquisition unit is used for acquiring the target interface parameters and generating target IP address information based on the target interface parameters; the first generation unit is used for generating a target plugging business rule based on the target IP address information; and the first sending unit is used for sending the target blocking business rule to the firewall so that the firewall can intercept the target threat based on the target blocking business rule.
Further, the apparatus further comprises: the first opening unit is used for opening a target strategy mode of the firewall before acquiring the target interface parameters and generating target IP address information based on the target interface parameters; the first judging unit is used for judging whether the address space of the blacklist rule preconfigured by the firewall in the target policy mode of the firewall is smaller than a first preset address space or not if the target policy mode of the firewall contains the blacklist rule preconfigured by the firewall; the first creating unit is used for creating a first address space of the blacklist rule if the address space of the blacklist rule pre-configured by the firewall is smaller than the first preset address space; and the first storage unit is used for storing the blacklist rule preconfigured by the firewall in the first address space.
Further, the apparatus further comprises: the second judging unit is used for judging whether the blacklist address book contains the address information of the target plugging business rule after the target plugging business rule is generated based on the target IP address information; the second creating unit is used for judging whether the address space in the blacklist address book is smaller than a second preset address space if the blacklist address book does not contain the target blocking business rule address information, and creating the second address space of the blacklist address book if the address space in the blacklist address book is smaller than the second preset address space, and storing the target blocking business rule in the second address space; and the second sending unit is used for sending the return value of the target interface parameter to the target platform if the blacklist address book contains the target blocking business rule address information.
Further, the first transmitting unit includes: and the first sending module is used for sending the target blocking business rule to the firewall if the matching result of the target blocking business rule and the blacklist rule pre-configured by the firewall is different, so that the firewall can intercept the target threat based on the target blocking business rule.
Further, the apparatus further comprises: and the first processing unit is used for intercepting the target threat by the firewall based on the blacklist rule preconfigured by the firewall if the target blocking business rule is the same as the blacklist rule preconfigured by the firewall in matching result.
Further, the apparatus further comprises: a third creating unit, configured to create a preconfigured blacklist rule if the target policy mode of the firewall does not include the preconfigured blacklist rule of the firewall, so as to obtain the created preconfigured blacklist rule; a third judging unit, configured to judge whether an address space of a pre-configured blacklist rule created by the firewall in the target policy mode of the firewall is smaller than a third preset address space; a fourth creating unit, configured to create a third address space of the pre-configured blacklist rule after the firewall is created if the address space of the pre-configured blacklist rule after the firewall is created is smaller than the third pre-configured address space; and the second storage unit is used for storing the pre-configured blacklist rule created by the firewall in a third address space.
Through the application, the following steps are adopted: acquiring target interface parameters, and generating target IP address information based on the target interface parameters; generating a target plugging business rule based on the target IP address information; and sending the target blocking business rule to the firewall so that the firewall can intercept the target threat based on the target blocking business rule. The problem of the threat interception efficiency of shutoff business is lower in the related art is solved. Target IP address information is generated through the target interface parameters, and target blocking business rules are generated based on the target IP address information, so that the rapid generation of the target blocking business rules is realized, and the effect of improving threat blocking efficiency of blocking business is further achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application, illustrate and explain the application and are not to be construed as limiting the application. In the drawings:
fig. 1 is a flowchart of a network vulnerability plugging method according to an embodiment of the present application;
fig. 2 is a schematic system operation diagram of a network vulnerability plugging method according to an embodiment of the present application;
FIG. 3 is a system implementation flowchart of a network vulnerability plugging method provided according to an embodiment of the present application; and
Fig. 4 is a schematic diagram of a network vulnerability plugging apparatus according to an embodiment of the present application.
Detailed Description
It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other. The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe the embodiments of the present application described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to the embodiment of the application, a network vulnerability plugging method is provided.
Fig. 1 is a flowchart of a network vulnerability plugging method according to an embodiment of the present application. As shown in fig. 1, the method comprises the steps of:
step S101, obtaining target interface parameters, and generating target IP address information based on the target interface parameters.
For example, the target interface parameter at least includes information of target threat information a and firewall B for defending the target threat information, if the target threat information a is tamper threat of the web page, the firewall B information is firewall information for preventing the web page from being tamper threat, and the target IP address information C is generated based on the target threat information a and the firewall B information for defending the target threat information, and the target IP address information C is IP address information of the firewall information for preventing the web page from being tamper threat, and effective defending rules are generated based on the target IP address information, so as to effectively intercept the target threat information a.
And step S102, generating a target blocking business rule based on the target IP address information.
For example, according to the target threat information a and the firewall information B for defending the target threat information, obtaining the target IP address information C, generating the target blocking business rule D based on the IP address information C, and if the target interface parameter information includes the tampered threat information a of the web page and the IP address information C for defending the tampered threat information is obtained, generating a corresponding defending rule based on the IP address information as the target blocking business rule D, where the defending rule is an effective interception tool or code formulated for the target threat.
And step S103, the target blocking business rule is sent to the firewall, so that the firewall can intercept the target threat based on the target blocking business rule.
By sending the target blocking business rule generated in the steps to the firewall and intercepting the target threat according to the target blocking business rule, the target blocking business rule is rapidly generated, and the threat interception efficiency of blocking business is improved.
Fig. 2 is a schematic system operation diagram of a network vulnerability plugging method according to an embodiment of the present application, as shown in fig. 2, a network situation awareness platform senses a threat and sends threat information to a security management platform through a target interface, and the security management platform opens a target policy mode of a firewall, that is, opens a plugging policy function mode of the firewall in the present application.
Optionally, in the network vulnerability plugging method provided in the embodiment of the present application, before obtaining the target interface parameter and generating the target IP address information based on the target interface parameter, the method further includes: starting a target policy mode of the firewall; if the target policy mode of the firewall contains a blacklist rule preconfigured by the firewall, judging whether an address space of the blacklist rule preconfigured by the firewall in the target policy mode of the firewall is smaller than a first preset address space; if the address space of the blacklist rule preconfigured by the firewall is smaller than the first preset address space, creating a first address space of the blacklist rule; the firewall preconfigured blacklist rules are stored in a first address space.
Specifically, after the blocking policy function mode of the firewall is started on the security management platform, checking whether the blocking policy function mode on the security management platform contains a blacklist rule preconfigured by the firewall, if the blocking policy function mode of the firewall contains the blacklist rule preconfigured by the firewall, judging whether the current security management platform has enough address space to store the blacklist rule preconfigured by the firewall, if the address space on the current security management platform is insufficient to store the blacklist rule preconfigured by the firewall, creating a first address space for storing the blacklist rule preconfigured by the firewall, so that the first address space meets the address space storage of the blacklist rule on the basis of the storage of the original blocking policy function mode, and after the address space of the blacklist rule is created, storing the blacklist rule preconfigured by the firewall in the first address space.
For example, if the blacklist rule preconfigured by the firewall includes A, B, C, D, after the blocking policy function mode of the firewall is started on the security management platform, checking whether the firewall configuration of the pre-led security management platform includes the complete blacklist rule preconfigured by the firewall, if the blocking policy function mode of the firewall includes the blacklist rule A, B, C, D preconfigured by the firewall, judging whether the current security management platform has enough address space to store the blacklist rule A, B, C, D preconfigured by the firewall, if the security management platform has insufficient address space, creating an address space (corresponding to the first address space in the application) of the security management platform, and storing the pre-led blacklist rule A, B, C, D. Through judging the address space of the blacklist rule preconfigured by the firewall on the security management platform, the storage space of the blacklist rule on the security management platform is effectively ensured to deal with the attack of the target threat.
Optionally, in the network vulnerability plugging method provided in the embodiment of the present application, the method further includes: if the target policy mode of the firewall does not contain the preset blacklist rule of the firewall, creating the preset blacklist rule, and obtaining the created preset blacklist rule; judging whether the address space of a pre-configured blacklist rule after the firewall is established in a target policy mode of the firewall is smaller than a third preset address space; if the address space of the pre-configured blacklist rule after the firewall is created is smaller than the third preset address space, creating a third address space of the pre-configured blacklist rule after the firewall is created; and storing the pre-configured blacklist rule after the firewall is created in a third address space. Specifically, if the blocking policy function mode of the firewall does not include the blacklist rule preconfigured by the firewall, the blacklist rule preconfigured by the firewall needs to be created. That is, a blacklist rule preconfigured by a firewall is created on the security management platform, after the creation is completed, whether the created preconfigured blacklist rule meets the address storage requirement in the plugging policy function mode of the current security management platform is also required, if the created preconfigured blacklist rule does not meet the storage requirement, a third address space for storing the blacklist rule preconfigured by the firewall is required to be created, so that the third address space stores the blacklist rule on the basis of the storage of the original plugging policy function mode, and the created blacklist rule is stored in the third address space.
For example, if the blacklist rule preconfigured by the firewall includes A, B, C, D, after the blocking policy function mode of the firewall is started on the security management platform, checking whether the firewall configuration of the pre-led security management platform includes the complete blacklist rule preconfigured by the firewall, if the blocking policy function mode of the firewall does not include the blacklist rule C, D preconfigured by the firewall, adding the blacklist rule C, D preconfigured by the firewall to the security management platform, after creating, judging on the security management platform whether the created preconfigured blacklist rule A, B, C, D meets the address storage requirement in the blocking policy function mode of the current security management platform, if not, creating an address space (corresponding to the third address space) storing the blacklist rule preconfigured by the firewall, and storing the created blacklist rule in the third address space. By judging whether the blacklist rules pre-configured by the firewall meet the requirement of the preset configuration number on the security management platform, the blacklist rules with enough quantity on the security management platform are effectively ensured to cope with the attack of the target threat. Specifically, the firewall in the function mode of ensuring the blocking policy includes a preconfigured blacklist rule and a storage space (namely a blacklist address book in the following) of the corresponding blacklist rule, when the network threat occurs, the network situation awareness platform calls an interface parameter form, generates target IP address information in the security management platform based on information carried by the interface parameter, and generates target blocking business rules based on the target IP address information. The interface parameter carrying information comprises network threat IP information and target firewall information corresponding to the network threat IP information; the target blocking business rule generates a corresponding target blocking business rule based on the target network threat IP information, and the target blocking business rule is sent to the firewall so that the firewall can intercept the target threat based on the target blocking business rule.
When the network threat appears, the network situation awareness platform in the application carries out target threat awareness and adds an interface, and sends interface parameter information carrying the target threat to the security management platform, and the security management platform responds to the interface request sent by the network situation awareness platform rapidly and safely, so that a target blocking business rule is accurately and rapidly generated and issued to a firewall to intercept the threat, and the blocking business efficiency effect when the target threat is intercepted is greatly improved.
For example, the network situational awareness platform discovers that the target threat is a: malicious tampering, unauthorized access, C: and eavesdropping, respectively adding interfaces corresponding to A, B, C, wherein the interface information carries A, B, C threat information, the interface information carried A, B, C is sent to a security management platform through a network situation awareness platform, and the security management platform rapidly and safely responds to an interface request sent by the network situation awareness platform to accurately and rapidly generate a target plugging business rule.
Optionally, in the network vulnerability blocking method provided in the embodiment of the present application, after generating the target blocking service rule based on the target IP address information, the method further includes: judging whether the blacklist address book contains target blocking business rule address information or not; if the blacklist address book does not contain the target blocking business rule address information, judging whether the address space in the blacklist address book is smaller than a second preset address space, if the address space in the blacklist address book is smaller than the second preset address space, creating a second address space of the blacklist address book, and storing the target blocking business rule in the second address space; and if the blacklist address book contains target blocking business rule address information, sending a return value of the target interface parameter to the target platform.
Fig. 3 is a system implementation flow chart of a network vulnerability blocking method according to an embodiment of the present application, where a firewall in the present application corresponds to FW in fig. 3, a network situation awareness platform in the present application corresponds to NSSA in fig. 3, as shown in fig. 3, after a target blocking service rule (corresponding to threat IP in fig. 3) generated by a security management platform is quickly matched with a blacklist address book by a prefix tree algorithm, if it is found that the blacklist address book does not include target blocking service rule address information, it may be determined that the blacklist rule preconfigured by the firewall does not include a target blocking service rule address, if it is not found that the address space in the current blacklist address book does not satisfy storage of target blocking service rules, a second preset address space is created to store target blocking service rules, if it is found that the address space in the current blacklist address book does not satisfy storage of target blocking service rules, if it is found that the blacklist address book includes target blocking service rules, it may be determined that the target blocking service rules are not include target blocking service rules address rules, and the firewall in the blacklist address book is sent to the security management platform, and the security management platform is further able to send the target blocking service rules to the security management platform.
For example, when the network situation awareness platform discovers that the target threat is malicious tampering of the webpage, the network situation awareness platform sends target interface parameter information to the security management platform, generates IP address information for defending the malicious tampering of the webpage on the security management platform, generates defending webpage malicious tampering rules (corresponding to target blocking business rules in the application) based on the IP address information, quickly matches a blacklist address book through a prefix tree algorithm, judges whether the address information for defending the webpage is contained in the blacklist address book based on the IP address information for defending the target blocking business rules for defending the webpage malicious tampering, if the address information for defending the webpage is not contained in the blacklist address book, then needs to judge whether address space storage for defending the webpage malicious tampering rules is satisfied in the address space in the current blacklist address book, if the address space in the current blacklist address book does not meet the address space storage of the rule that the defending webpage is tampered maliciously, the address space (corresponding to the second preset address space) is created to store the rule that the defending webpage is tampered maliciously, if the address information containing the rule that the defending webpage is tampered maliciously in the blacklist address book is found, the address that the defending webpage is tampered maliciously is contained in the blacklist rule preconfigured by the firewall, at the moment, the security management platform does not need to send the rule that the defending webpage is tampered maliciously to the target firewall any more, but directly adopts the rule that the defending webpage preconfigured by the firewall is tampered maliciously to intercept, and the target blocking business rule corresponding to the target threat is in the form of interface parameters through the security management platform, the method is sent to a network situation awareness platform to inform the network situation awareness platform of intercepting the threat, and the effect of improving the threat interception efficiency of the plugging service is achieved by rapidly generating and sending target plugging service rules to a target firewall to intercept the target threat.
Optionally, in the network vulnerability blocking method provided in the embodiment of the present application, sending the target blocking service rule to the firewall, so that the firewall performs target threat blocking based on the target blocking service rule includes: if the target blocking business rule is different from the blacklist rule matching result pre-configured by the firewall, the target blocking business rule is sent to the firewall so that the firewall can intercept the target threat based on the target blocking business rule. As shown in fig. 3, the generated target blocking rule needs to be matched and checked with the blacklist rule preconfigured by the firewall, if the matching result of the target blocking service rule and the blacklist rule preconfigured by the firewall is different, the target blocking service rule is proved to be different from the blacklist rule preconfigured by the firewall, that is, the target blocking service rule of no corresponding target threat in the blacklist rule library preconfigured by the firewall needs to be sent to the target firewall through the security management platform to intercept the target threat. Optionally, in the network vulnerability plugging method provided in the embodiment of the present application, the method further includes: if the target blocking business rule is the same as the matching result of the blacklist rule preconfigured by the firewall, the firewall intercepts the target threat based on the blacklist rule preconfigured by the firewall.
It should be noted that, the method is not limited to a generating mode of generating the target blocking service rule based on the target IP address information, if the target blocking service rule is not generated by using the target threat IP address information, whether the generated target blocking service rule needs to be issued to the firewall can be judged based on a matching result of the target blocking service rule and the blacklist rule preconfigured by the firewall, if the matching result of the target blocking service rule and the blacklist rule preconfigured by the firewall is the same, it is proved that the target blocking service rule of the corresponding target threat exists in the blacklist rule library preconfigured by the firewall, and at the moment, the security management platform does not need to send the target blocking rule to the target firewall any more, but directly adopts the blacklist rule preconfigured by the firewall to carry out threat interception.
In summary, according to the network vulnerability plugging method provided by the embodiment of the application, the target interface parameters are obtained, and the target IP address information is generated based on the target interface parameters; generating a target plugging business rule based on the target IP address information; and sending the target blocking business rule to the firewall so that the firewall can intercept the target threat based on the target blocking business rule. The problem of the threat interception efficiency of shutoff business is lower in the related art is solved. Target IP address information is generated through the target interface parameters, and target blocking business rules are generated based on the target IP address information, so that the rapid generation of the target blocking business rules is realized, and the effect of improving threat blocking efficiency of blocking business is further achieved.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
The embodiment of the application also provides a network leak plugging device, and it should be noted that the network leak plugging device of the embodiment of the application can be used for executing the network leak plugging method provided by the embodiment of the application. The following describes a network leak blocking device provided in an embodiment of the present application.
Fig. 4 is a schematic diagram of a network leak blocking device according to an embodiment of the present application. As shown in fig. 4, the apparatus includes: a first acquisition unit 401, a first generation unit 402, and a first transmission unit 403.
Specifically, the first obtaining unit 401 is configured to obtain a target interface parameter, and generate target IP address information based on the target interface parameter;
a first generating unit 402, configured to generate a target blocking service rule based on the target IP address information;
the first sending unit 403 is configured to send the target blocking service rule to the firewall, so that the firewall performs target threat interception based on the target blocking service rule.
In summary, in the network vulnerability plugging device provided in the embodiment of the present application, the first obtaining unit 401 obtains the target interface parameter, and generates the target IP address information based on the target interface parameter; the first generation unit 402 generates a target blocking service rule based on the target IP address information; the first sending unit 403 sends the target blocking service rule to the firewall, so that the firewall performs target threat interception based on the target blocking service rule, and the problem of low threat interception efficiency of blocking service in the related art is solved. Target IP address information is generated through the target interface parameters, and target blocking business rules are generated based on the target IP address information, so that the rapid generation of the target blocking business rules is realized, and the effect of improving threat blocking efficiency of blocking business is further achieved.
Optionally, in the network leak blocking apparatus provided in the embodiment of the present application, the apparatus further includes: the first opening unit is used for opening a target strategy mode of the firewall before acquiring the target interface parameters and generating target IP address information based on the target interface parameters; the first judging unit is used for judging whether the address space of the blacklist rule preconfigured by the firewall in the target policy mode of the firewall is smaller than a first preset address space or not if the target policy mode of the firewall contains the blacklist rule preconfigured by the firewall; the first creating unit is used for creating a first address space of the blacklist rule if the address space of the blacklist rule pre-configured by the firewall is smaller than the first preset address space; and the first storage unit is used for storing the blacklist rule preconfigured by the firewall in the first address space.
Optionally, in the network leak blocking apparatus provided in the embodiment of the present application, the apparatus further includes: the second judging unit is used for judging whether the blacklist address book contains the address information of the target plugging business rule after the target plugging business rule is generated based on the target IP address information; the second creating unit is used for judging whether the address space in the blacklist address book is smaller than a second preset address space if the blacklist address book does not contain the target blocking business rule address information, and creating the second address space of the blacklist address book if the address space in the blacklist address book is smaller than the second preset address space, and storing the target blocking business rule in the second address space; and the second sending unit is used for sending the return value of the target interface parameter to the target platform if the blacklist address book contains the target blocking business rule address information.
Optionally, in the network vulnerability plugging apparatus provided in the embodiment of the present application, the first sending unit 403 includes: and the first sending module is used for sending the target blocking business rule to the firewall if the matching result of the target blocking business rule and the blacklist rule pre-configured by the firewall is different, so that the firewall can intercept the target threat based on the target blocking business rule.
Optionally, in the network leak blocking apparatus provided in the embodiment of the present application, the apparatus further includes: and the first processing unit is used for intercepting the target threat by the firewall based on the blacklist rule preconfigured by the firewall if the target blocking business rule is the same as the blacklist rule preconfigured by the firewall in matching result.
Optionally, in the network leak blocking apparatus provided in the embodiment of the present application, the apparatus further includes: a third creating unit, configured to create a preconfigured blacklist rule if the target policy mode of the firewall does not include the preconfigured blacklist rule of the firewall, so as to obtain the created preconfigured blacklist rule; a third judging unit, configured to judge whether an address space of a pre-configured blacklist rule created by the firewall in the target policy mode of the firewall is smaller than a third preset address space; a fourth creating unit, configured to create a third address space of the pre-configured blacklist rule after the firewall is created if the address space of the pre-configured blacklist rule after the firewall is created is smaller than the third pre-configured address space; and the second storage unit is used for storing the pre-configured blacklist rule created by the firewall in a third address space.
The network leak blocking apparatus includes a processor and a memory, where the first obtaining unit 401, the first generating unit 402, the first transmitting unit 403, and the like are stored as program units, and the processor executes the program units stored in the memory to implement corresponding functions.
The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be provided with one or more than one, and network leak blocking is carried out by adjusting kernel parameters.
The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip.
The embodiment of the invention provides a storage medium, wherein a program is stored on the storage medium, and the program is executed by a processor to realize a network vulnerability plugging method.
The embodiment of the invention provides a processor, which is used for running a program, wherein the program runs to execute a network vulnerability plugging method.
The embodiment of the invention provides equipment, which comprises a processor, a memory and a program stored in the memory and capable of running on the processor, wherein the processor realizes the following steps when executing the program: acquiring target interface parameters, and generating target IP address information based on the target interface parameters; generating a target plugging business rule based on the target IP address information; and sending the target blocking business rule to the firewall so that the firewall can intercept the target threat based on the target blocking business rule.
The processor also realizes the following steps when executing the program: before acquiring target interface parameters and generating target IP address information based on the target interface parameters, starting a target strategy mode of the firewall; if the target policy mode of the firewall contains a blacklist rule preconfigured by the firewall, judging whether an address space of the blacklist rule preconfigured by the firewall in the target policy mode of the firewall is smaller than a first preset address space; if the address space of the blacklist rule preconfigured by the firewall is smaller than the first preset address space, creating a first address space of the blacklist rule; the firewall preconfigured blacklist rules are stored in a first address space.
The processor also realizes the following steps when executing the program: after generating the target blocking business rule based on the target IP address information, judging whether the blacklist address book contains the target blocking business rule address information; if the blacklist address book does not contain the target blocking business rule address information, judging whether the address space in the blacklist address book is smaller than a second preset address space, if the address space in the blacklist address book is smaller than the second preset address space, creating a second address space of the blacklist address book, and storing the target blocking business rule in the second address space; and if the blacklist address book contains target blocking business rule address information, sending a return value of the target interface parameter to the target platform.
The processor also realizes the following steps when executing the program: if the target blocking business rule is different from the blacklist rule matching result pre-configured by the firewall, the target blocking business rule is sent to the firewall so that the firewall can intercept the target threat based on the target blocking business rule.
The processor also realizes the following steps when executing the program: if the target blocking business rule is the same as the matching result of the blacklist rule preconfigured by the firewall, the firewall intercepts the target threat based on the blacklist rule preconfigured by the firewall.
The processor also realizes the following steps when executing the program: if the target policy mode of the firewall does not contain the preset blacklist rule of the firewall, creating the preset blacklist rule, and obtaining the created preset blacklist rule; judging whether the address space of a pre-configured blacklist rule after the firewall is established in a target policy mode of the firewall is smaller than a third preset address space; if the address space of the pre-configured blacklist rule after the firewall is created is smaller than the third preset address space, creating a third address space of the pre-configured blacklist rule after the firewall is created; and storing the pre-configured blacklist rule after the firewall is created in a third address space. The device herein may be a server, PC, PAD, cell phone, etc.
The present application also provides a computer program product adapted to perform, when executed on a data processing device, a program initialized with the method steps of: acquiring target interface parameters, and generating target IP address information based on the target interface parameters; generating a target plugging business rule based on the target IP address information; and sending the target blocking business rule to the firewall so that the firewall can intercept the target threat based on the target blocking business rule.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: before acquiring target interface parameters and generating target IP address information based on the target interface parameters, starting a target strategy mode of the firewall; if the target policy mode of the firewall contains a blacklist rule preconfigured by the firewall, judging whether an address space of the blacklist rule preconfigured by the firewall in the target policy mode of the firewall is smaller than a first preset address space; if the address space of the blacklist rule preconfigured by the firewall is smaller than the first preset address space, creating a first address space of the blacklist rule; the firewall preconfigured blacklist rules are stored in a first address space.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: after generating the target blocking business rule based on the target IP address information, judging whether the blacklist address book contains the target blocking business rule address information; if the blacklist address book does not contain the target blocking business rule address information, judging whether the address space in the blacklist address book is smaller than a second preset address space, if the address space in the blacklist address book is smaller than the second preset address space, creating a second address space of the blacklist address book, and storing the target blocking business rule in the second address space; and if the blacklist address book contains target blocking business rule address information, sending a return value of the target interface parameter to the target platform.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: if the target blocking business rule is different from the blacklist rule matching result pre-configured by the firewall, the target blocking business rule is sent to the firewall so that the firewall can intercept the target threat based on the target blocking business rule.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: if the target blocking business rule is the same as the matching result of the blacklist rule preconfigured by the firewall, the firewall intercepts the target threat based on the blacklist rule preconfigured by the firewall.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: if the target policy mode of the firewall does not contain the preset blacklist rule of the firewall, creating the preset blacklist rule, and obtaining the created preset blacklist rule; judging whether the address space of a pre-configured blacklist rule after the firewall is established in a target policy mode of the firewall is smaller than a third preset address space; if the address space of the pre-configured blacklist rule after the firewall is created is smaller than the third preset address space, creating a third address space of the pre-configured blacklist rule after the firewall is created; and storing the pre-configured blacklist rule after the firewall is created in a third address space.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.

Claims (8)

1. The network vulnerability plugging method is characterized by comprising the following steps of:
acquiring target interface parameters and generating target IP address information based on the target interface parameters, wherein the target interface parameters comprise target threat information and firewall information for defending the target threat information, and the target IP address information is the IP address information of the firewall;
generating a target blocking business rule based on the target IP address information;
sending the target blocking business rule to a firewall so that the firewall can intercept target threat based on the target blocking business rule;
wherein after generating the target blocking service rule based on the target IP address information, the method further comprises: judging whether the blacklist address book contains target blocking business rule address information or not; if the blacklist address book does not contain target blocking business rule address information, judging whether an address space in the blacklist address book is smaller than a second preset address space, if the address space in the blacklist address book is smaller than the second preset address space, creating a second address space of the blacklist address book, and storing the target blocking business rule in the second address space; and if the blacklist address book contains target blocking business rule address information, sending a return value of the target interface parameter to a target platform.
2. The method of claim 1, wherein prior to obtaining the target interface parameter and generating the target IP address information based on the target interface parameter, the method further comprises:
opening a target policy mode of the firewall;
if the target policy mode of the firewall contains the blacklist rule preconfigured by the firewall, judging whether the address space of the blacklist rule preconfigured by the firewall in the target policy mode of the firewall is smaller than a first preset address space; if the address space of the blacklist rule preconfigured by the firewall is smaller than the first preset address space, creating the first address space of the blacklist rule;
and storing the blacklist rule preconfigured by the firewall in the first address space.
3. The method of claim 1, wherein sending the target blocking business rule to a firewall to cause the firewall to target threat interception based on the target blocking business rule comprises:
and if the target blocking business rule is different from a blacklist rule matching result preconfigured by the firewall, sending the target blocking business rule to the firewall so that the firewall can intercept target threat based on the target blocking business rule.
4. A method according to claim 3, characterized in that the method further comprises:
and if the target blocking business rule is the same as the matching result of the blacklist rule preconfigured by the firewall, the firewall intercepts the target threat based on the blacklist rule preconfigured by the firewall.
5. The method according to claim 2, wherein the method further comprises:
if the target policy mode of the firewall does not contain the preset blacklist rule of the firewall, creating the preset blacklist rule, and obtaining the created preset blacklist rule;
judging whether the address space of the pre-configured blacklist rule created by the firewall in the target policy mode of the firewall is smaller than a third preset address space;
if the address space of the pre-configured blacklist rule after the firewall is created is smaller than the third preset address space, creating a third address space of the pre-configured blacklist rule after the firewall is created;
and storing the pre-configured blacklist rule after the firewall is created in the third address space.
6. A network vulnerability plugging device, comprising:
A first obtaining unit, configured to obtain a target interface parameter, and generate target IP address information based on the target interface parameter, where the target interface parameter includes target threat information and information of a firewall that defends the target threat information, and the target IP address information is the IP address information of the firewall;
the first generation unit is used for generating a target blocking business rule based on the target IP address information;
the first sending unit is used for sending the target blocking business rule to a firewall so that the firewall can intercept target threats based on the target blocking business rule;
the first judging unit is used for judging whether the blacklist address book contains target blocking business rule address information or not; if the blacklist address book does not contain target blocking business rule address information, judging whether an address space in the blacklist address book is smaller than a second preset address space, if the address space in the blacklist address book is smaller than the second preset address space, creating a second address space of the blacklist address book, and storing the target blocking business rule in the second address space; and if the blacklist address book contains target blocking business rule address information, sending a return value of the target interface parameter to a target platform.
7. The apparatus of claim 6, wherein the apparatus further comprises:
the first opening unit is used for opening a target strategy mode of the firewall before acquiring target interface parameters and generating target IP address information based on the target interface parameters;
a second judging unit, configured to judge whether an address space of the blacklist rule preconfigured by the firewall in the target policy mode of the firewall is smaller than a first preset address space if the target policy mode of the firewall includes the blacklist rule preconfigured by the firewall;
a first creating unit, configured to create a first address space of a blacklist rule if an address space of the blacklist rule preconfigured by the firewall is smaller than the first preset address space;
and the first storage unit is used for storing the blacklist rule preconfigured by the firewall in the first address space.
8. A storage medium for storing a program, wherein the program, when executed by a processor, controls a device in which the storage medium is located to perform the network vulnerability plugging method of any one of claims 1-5.
CN202110580982.6A 2021-05-26 2021-05-26 Network vulnerability plugging method, device, storage medium and processor Active CN113285952B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110580982.6A CN113285952B (en) 2021-05-26 2021-05-26 Network vulnerability plugging method, device, storage medium and processor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110580982.6A CN113285952B (en) 2021-05-26 2021-05-26 Network vulnerability plugging method, device, storage medium and processor

Publications (2)

Publication Number Publication Date
CN113285952A CN113285952A (en) 2021-08-20
CN113285952B true CN113285952B (en) 2023-06-06

Family

ID=77281984

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110580982.6A Active CN113285952B (en) 2021-05-26 2021-05-26 Network vulnerability plugging method, device, storage medium and processor

Country Status (1)

Country Link
CN (1) CN113285952B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113965355B (en) * 2021-09-27 2023-07-28 中盈优创资讯科技有限公司 Illegal IP (Internet protocol) intra-provincial network plugging method and device based on SOC (system on chip)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111600895A (en) * 2020-05-20 2020-08-28 北京北斗弘鹏科技有限公司 Network security protection method and device, storage medium and electronic equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103139184B (en) * 2011-12-02 2016-03-30 中国电信股份有限公司 Intelligent network firewall device and network attack protection method
CN112583843A (en) * 2020-12-23 2021-03-30 北京珞安科技有限责任公司 Joint protection system and method and computer equipment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111600895A (en) * 2020-05-20 2020-08-28 北京北斗弘鹏科技有限公司 Network security protection method and device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN113285952A (en) 2021-08-20

Similar Documents

Publication Publication Date Title
JP2020030866A (en) Sensitive information processing method, device and server, and security determination system
CN109818937A (en) For the control method of Android permission, device and storage medium, electronic device
CN111209575B (en) Data protection method, generation method, transmission method, device and storage medium
CN108833450B (en) Method and device for preventing server from being attacked
CN106873958A (en) The call method and device of a kind of API
KR102134898B1 (en) System and method for providing integrated security service for web server based on cloud
US20190272179A1 (en) Isolating applications at the edge
CN113179266A (en) Service request processing method and device, electronic equipment and storage medium
CN112700242A (en) Method, device and medium for detecting sensitive information of block chain in advance
CN111132172A (en) Method, device and medium for preventing telecommunication fraud based on block chain
CN110535857A (en) The method and apparatus of protecting network attack
CN110807191B (en) Safe operation method and device of application program
CN113285952B (en) Network vulnerability plugging method, device, storage medium and processor
CN114598520A (en) Method, device, equipment and storage medium for resource access control
CN113704211A (en) Data query method and device, electronic equipment and storage medium
CN112839052B (en) Virtual network security protection system, method, server and readable storage medium
CN114969832B (en) Private data management method and system based on server-free architecture
CN111131474A (en) Method, device and medium for managing user protocol based on block chain
CN112866265B (en) CSRF attack protection method and device
CN111818038B (en) Network data acquisition and identification method and device
CN115604103A (en) Configuration method and device of cloud computing system, storage medium and electronic equipment
Yang et al. A study on smartwork security technology based on cloud computing environment
CN114880300A (en) Processing method and device based on block chain file, processor and electronic equipment
CN114297630A (en) Malicious data detection method and device, storage medium and processor
CN102868690B (en) Method and system for WEB service isolation and detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant