CN113542264B - File transmission control method, device and equipment and readable storage medium - Google Patents
File transmission control method, device and equipment and readable storage medium Download PDFInfo
- Publication number
- CN113542264B CN113542264B CN202110789018.4A CN202110789018A CN113542264B CN 113542264 B CN113542264 B CN 113542264B CN 202110789018 A CN202110789018 A CN 202110789018A CN 113542264 B CN113542264 B CN 113542264B
- Authority
- CN
- China
- Prior art keywords
- file
- target
- confidential
- complete
- control method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Abstract
The application discloses a file transmission control method, a device, equipment and a readable storage medium, wherein the method comprises the following steps: performing flow packet capturing on all external links of the target network card to obtain a flow packet; screening a target flow packet with a file suffix name from the flow packets; merging the traffic fragments with the same file name in a plurality of target traffic packets to obtain a complete file; if the complete file is a confidential file, acquiring destination information corresponding to the complete file; and if the destination terminal information is not matched with the external connection white list, blocking network transmission corresponding to the complete file. The method and the device can protect the confidential document from being leaked.
Description
Technical Field
The present application relates to the field of storage security technologies, and in particular, to a method, an apparatus, a device, and a readable storage medium for controlling file transfer.
Background
Confidential documents such as key documents, internal documents, and core documents within a company or an organization are increasingly operated by the company. After the documents are finalized and sealed, the documents are basically not modified. Along with the problems of how to store and how to prevent leakage.
Files are usually stored in file storage servers such as SVN, FTP and the like, and then the confidential files are accessed by allocating different authorities of different users, and the possibility of accessing the confidential files can be reduced by limiting the login servers of some IPs. However, such access restriction policy cannot prevent the user with authority or the white list from logging in IP and causing the leakage of confidential documents through external devices or network transmission.
In summary, how to effectively solve the problems of document leakage prevention and the like is a technical problem which needs to be solved urgently by those skilled in the art at present.
Disclosure of Invention
The application aims to provide a file transmission control method, a file transmission control device, file transmission control equipment and a readable storage medium, wherein network transmission is effectively supervised, and illegal network transmission is blocked, so that confidential files are protected from being leaked.
In order to solve the technical problem, the application provides the following technical scheme:
a file protection method, comprising:
performing flow packet capturing on all external links of the target network card to obtain a flow packet;
screening a target flow packet with a file suffix name from the flow packets;
merging the traffic fragments with the same file name in the target traffic packets to obtain a complete file;
if the complete file is a confidential file, acquiring destination information corresponding to the complete file;
and if the destination terminal information is not matched with the external connection white list, blocking network transmission corresponding to the complete file.
Preferably, the obtaining destination information corresponding to the complete file includes:
acquiring destination end information from a target flow packet corresponding to the complete file; the destination information includes a destination IP address and/or a destination MAC address.
Preferably, the method further comprises the following steps:
receiving and analyzing a file copying request, and determining a target file to be copied and an external storage;
judging whether the target file is a confidential file or not;
if yes, verifying whether the peripheral storage is in a peripheral storage white list;
if so, copying the target file to the peripheral storage; if not, the target file is prohibited from being copied to the peripheral for storage.
Preferably, the storing of the peripheral device does not store a white list at the peripheral device, further comprising:
registering the peripheral storage;
if the registration is successful, copying the target file to the peripheral storage;
and if the registration fails, prohibiting copying the target file to the peripheral for storage.
Preferably, the determining whether the target document is a confidential document includes:
calculating a target MD5 value of the target file;
and if the target MD5 value is in the MD5 value corresponding to the machine-encrypted file, determining that the target file is a confidential file.
Preferably, the determining whether the target document is a confidential document includes:
reading header file information of the target file;
and if the header file information has the confidential identification, determining that the target file is a confidential file.
Preferably, the method further comprises the following steps:
downloading a white list from an EDR center server;
confidential documents are marked and locked.
A file transfer control apparatus comprising:
the packet capturing module is used for carrying out traffic packet capturing on all external links of the target network card to obtain a traffic packet;
the flow packet screening module is used for screening a target flow packet with a file suffix name from the flow packets;
the file merging module is used for merging the traffic fragments with the same file name in the target traffic packets to obtain a complete file;
the information acquisition module is used for acquiring destination terminal information corresponding to the complete file if the complete file is a confidential file;
and the transmission blocking module is used for blocking the network transmission corresponding to the complete file if the destination terminal information is not matched with the external connection white list.
An electronic device, comprising:
a memory for storing a computer program;
and the processor is used for realizing the steps of the file transmission control method when executing the computer program.
A readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the above-described file transfer control method.
By applying the method provided by the embodiment of the application, all external connections of the target network card are subjected to flow packet capturing to obtain a flow packet; screening a target flow packet with a file suffix name from the flow packets; merging the traffic fragments with the same file name in a plurality of target traffic packets to obtain a complete file; if the complete file is a confidential file, acquiring destination information corresponding to the complete file; and if the destination terminal information is not matched with the external connection white list, blocking network transmission corresponding to the complete file.
Firstly, traffic packet capturing is carried out on all external links needing a target network card, then the obtained traffic packets are screened, and the target traffic packets with file suffix names are left. And merging the flow fragments related to one file name in the target flow packet to obtain the complete file being transmitted or to be transmitted. And checking whether the complete file is a confidential file, if so, further acquiring destination end information corresponding to the complete file, and if not, directly blocking network transmission corresponding to the complete file, thereby ensuring that the complete file belonging to the confidential file is not illegally transmitted and protecting the confidential file from being leaked.
Accordingly, embodiments of the present application further provide a file transfer control apparatus, a device, and a readable storage medium corresponding to the file transfer control method, which have the above technical effects and are not described herein again.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments or related technologies of the present application, the drawings needed to be used in the description of the embodiments or related technologies are briefly introduced below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart illustrating an implementation of a file transfer control method according to an embodiment of the present application;
fig. 2 is a schematic diagram illustrating an embodiment of a file transfer control method according to the present application;
FIG. 3 is a schematic diagram illustrating an embodiment of multi-dimensional file protection;
FIG. 4 is a schematic structural diagram of a file transfer control apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device in an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device in an embodiment of the present application.
Detailed Description
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart illustrating a file transfer control method according to an embodiment of the present application, where the method can be applied to any terminal with file transfer. The following description will exemplify a file transfer control method applied to an EDR client. Among them, EDR (Endpoint Detection and Response) is an active security method, and can monitor an Endpoint in real time and search for threats penetrating into a company defense system.
The method comprises the following steps:
s101, performing traffic packet capturing on all external links of the target network card to obtain a traffic packet.
The EDR client can carry out flow packet capturing on a network card in a carrier computer of the EDR client. In order to avoid file leakage, in this embodiment, when performing traffic packet capturing processing on the target network card, traffic packet capturing may be performed on all external links of the target network card, so as to obtain a plurality of traffic packets to be transmitted/being transmitted.
S102, screening out target flow packets with file suffix names from the flow packets.
Generally, a traffic packet carrying a file will contain a file suffix name, but the present embodiment is also mainly used to prevent leakage of confidential files, so that a target traffic packet with a file suffix name can be first screened out from a plurality of traffic packets. In this embodiment, the suffix name may be a suffix name of a file type corresponding to the confidential file (e.g., docx, doc, xlsx, xls, pptx, ppt, txt, etc.).
S103, merging the traffic fragments with the same file name in the target traffic packets to obtain a complete file.
After the target traffic packets are screened, it is considered that the files generally need to be fragmented, so that transmission is achieved. In order to effectively discriminate whether the file is a confidential file, the scattered traffic fragments corresponding to the file in the target traffic packet are merged. Specifically, for how to merge the flows of the same file name respectively to obtain a complete file, a specific implementation scheme of file fragment transmission and file fragment merging may be referred to, and details are not repeated herein.
It should be noted that if a target traffic packet corresponds to a complete file, merging is not required. For the files needing merging processing, the number of the target traffic packets involved is not limited. That is, the specific size of the complete file is not limited.
And S104, if the complete file is a confidential file, acquiring destination information corresponding to the complete file.
In this embodiment, the confidential document may be labeled in advance, or the unique identifier (e.g., MD5 value) corresponding to the confidential document may be recorded in advance, and after the complete document is obtained, whether the complete document is the confidential document may be determined based on the document label or the uniformly recorded unique identifier of the confidential document.
The MD5 value is the output content obtained by calculating the file using the MD5 algorithm. The MD5(Message Digest Algorithm 5, version 5 of the Message Digest Algorithm) Algorithm has an input of a character string of any length (length is greater than or equal to 0, specifically a file in this embodiment), and an output of a character string of 128 bits (bit) (or 16 bytes) (i.e., an MD5 value).
After the complete file is determined to be a confidential file, the destination information corresponding to the complete file can be obtained. The destination information refers to the related information of the destination corresponding to the transmission of the complete file, which is obtained by the packet capturing identification.
Specifically, destination information is obtained from a target traffic packet corresponding to the complete file; the destination information includes a destination IP address and/or a destination MAC address. That is, the destination information may be only the IP address of the destination corresponding to the transmission of the complete file, may be only the MAC address of the destination corresponding to the transmission of the complete file, and may of course include the IP address and the MAC address of the destination. Specifically, the destination IP address and the destination MAC address may be directly obtained by parsing quintuple information in the destination traffic packet.
And S105, if the destination terminal information is not matched with the external connection white list, blocking network transmission corresponding to the complete file.
In this embodiment, an external white list may be preset, and the related information of the external terminal that allows the transmission of the confidential document, such as an IP address or a MAC address, may be recorded in the external white list.
Specifically, the white list can be downloaded from the EDR center server; confidential documents are marked and locked. The white list may specifically refer to an external white list, and may also specifically refer to an external white list and a peripheral storage white list. Marking confidential documents means that which documents are marked as confidential documents in advance. Locking a confidential file means that it is no longer permitted to be modified.
And after the destination terminal information is obtained, carrying out corresponding matching search on the destination terminal information and an external connection white list. For example, the target information is a target IP address, and if the target IP address is found in the external white list, it is determined that the matching is successful; the destination terminal information is a target MAC address, and if the MAC address is found in the external white list, the matching is determined to be successful; and the destination end address is a combination of a target IP address and a target MAC address, and if the combination is found in the external white list, the matching is determined to be successful.
When finding out the content matched with the destination terminal information from the external white list, determining that the transmission of the complete file to the terminal corresponding to the destination terminal information is legal, and at the moment, releasing a target flow packet corresponding to the complete file; otherwise, determining that the transmission of the complete file by the terminal corresponding to the destination terminal information is illegal, and at the moment, blocking the network transmission corresponding to the complete file, namely intercepting the transmission of the target traffic packet corresponding to the complete file.
The method provided by the embodiment of the application is applied to carry out traffic packet capturing on all external connections of the target network card to obtain a traffic packet; screening a target flow packet with a file suffix name from the flow packets; merging the traffic fragments with the same file name in the target traffic packets to obtain a complete file; if the complete file is a confidential file, acquiring destination end information corresponding to the complete file; and if the destination terminal information is not matched with the external connection white list, blocking network transmission corresponding to the complete file.
Firstly, traffic packet capturing is carried out on all external links needing a target network card, then the obtained traffic packets are screened, and the target traffic packets with file suffix names are left. And merging the flow fragments related to one file name in the target flow packet to obtain the complete file being transmitted or to be transmitted. And checking whether the complete file is a confidential file, if the complete file is the confidential file, further acquiring destination terminal information corresponding to the complete file, and if the terminal information is not matched with the external white list, directly blocking network transmission corresponding to the complete file, thereby ensuring that the complete file belonging to the confidential file is not illegally transmitted and protecting the confidential file from being leaked.
It should be noted that, based on the above embodiments, the embodiments of the present application also provide corresponding improvements. In the preferred/improved embodiment, the same steps as those in the above embodiment or corresponding steps may be referred to each other, and corresponding advantageous effects may also be referred to each other, which are not described in detail in the preferred/improved embodiment herein.
In one embodiment of the present application, it is considered that the file is transmitted not only by a network but also by a copy of an external storage (such as a flash disk, a hard disk, etc.). Therefore, on the basis of the above embodiments, it is also proposed to effectively control the copy transmission corresponding to the peripheral storage, and to effectively protect the confidential documents from leakage from the dimension of the copy transmission of the peripheral storage.
Referring to fig. 2, fig. 2 is a schematic diagram illustrating an embodiment of a file transfer control method according to the present application. The specific implementation process comprises the following steps:
s201, receiving and analyzing a file copying request, and determining a target file to be copied and an external storage.
In this embodiment, the file copy request may be received and parsed, so as to determine a target file that needs to be copied and to which peripheral storage the target file is copied. In this embodiment, the peripheral storage may be a common computer external removable storage device such as a flash disk or a flash disk.
S202, judging whether the target file is a confidential file or not.
After determining the target file to be copied, first determining whether the target file is a confidential file.
In this embodiment, the ways of determining whether the complete file is a confidential file include, but are not limited to, the following two ways:
mode 1: the judgment is carried out based on the MD5 value, and the specific implementation process comprises the following steps:
step one, calculating a target MD5 value of a target file;
and step two, if the target MD5 value is in the MD5 value corresponding to the confidential file, determining that the target file is the confidential file.
For convenience of description, the above two steps will be described in combination.
First, the target MD5 value of the target file is calculated. Then, the MD5 value corresponding to the confidential file is read, whether the target MD5 value is in the MD5 value corresponding to the confidential file is detected, if yes, the target file is determined to be the confidential file, and otherwise, the target file is determined to be the non-confidential file.
Mode 2: determining whether the target file is a confidential file or not based on the header file information, wherein the specific implementation process comprises the following steps:
reading header file information of a target file;
and step two, if the header file information has the confidential identification, determining that the target file is the confidential file.
For convenience of description, the above two steps will be described in combination.
Note that, in embodiment 2, the secret identifier needs to be defined in advance in the custom field of the header information. Therefore, whether the target file is a confidential file can be determined by reading the header file information of the target file and judging whether the target file has the corresponding confidential identifier.
If the target file is a confidential file, the process proceeds to step S203, and if the target file is not a confidential file, the target file may be directly copied to the peripheral storage, that is, the process proceeds to step S204.
S203, verifying whether the peripheral storage is in the peripheral storage white list.
In order to facilitate management, in this embodiment, a peripheral storage white list may be set in advance, and a legally registered peripheral storage, that is, a peripheral storage allowing a confidential file to be copied, is recorded in the peripheral storage white list.
After the target file is determined to be a confidential file, whether the peripheral storage is in the peripheral storage white list or not can be verified, if so, the target file copied this time is legal, the operation of the step S204 is executed subsequently, and if not, the operation of the step S205 is executed subsequently.
And S204, storing the copy target file to the external device.
That is, the copy target file is allowed to be stored to the peripheral this time.
And S205, prohibiting the copy target file from being stored in the peripheral.
That is, the copy target file is stored only in the current external device.
Preferably, it is considered that in practical applications, as the actual demand changes, it may be necessary to store the copy confidential file to the peripheral devices other than the white list. To meet this requirement, in this embodiment, a new peripheral storage may be registered with the peripheral storage white list. Specifically, the peripheral storage does not store the white list in the peripheral storage, and the following steps can be further performed:
step one, registering external storage;
step two, if the registration is successful, storing the copy target file to the external device;
and step three, if the registration fails, the target file is prohibited from being copied to the peripheral for storage.
For convenience of description, the above three steps will be described in combination.
The peripheral storage is registered, i.e. an attempt is made to add the peripheral storage to the peripheral storage white list. Or the registered peripheral storage is automatically added to the peripheral storage white list.
Whether the registration is passed or not can be carried out in a manual auditing mode. Under the condition of successful registration, the target file can be legally obtained by the peripheral storage, so that the target file can be copied to the peripheral storage; if the registration fails, it indicates that the peripheral storage cannot legally acquire the target file, and thus the copy of the target file to the peripheral storage is prohibited.
In practical application, the leakage-proof maintenance strategy for network transmission dimension and file copying to the peripheral storage dimension of the confidential file can be started simultaneously, so that the omnibearing protection is realized. In order to facilitate those skilled in the art to better understand how to implement the method, the following describes the file transfer control method in detail with reference to a specific application scenario as an example.
Referring to fig. 3, fig. 3 is a schematic diagram illustrating an implementation of multi-dimensional file protection according to an embodiment of the present disclosure.
Before implementing the file transfer control method, the following preliminary work is required:
1. and deploying EDR center server software, and accessing the EDR asset management and control center through Web service. And downloading the EDR client installation package.
2. And installing EDR client software on a computer to be monitored, and establishing communication connection between the client and the center.
3. And the user logs in a Web interface of the central server and sets an external white list IP or IP section for the client.
4. The user selects the confidential file to be labeled (labeling by adding the file MD5 matching to the file name and the like) by traversing the directory of the client at the central server. And the selected confidential file is occupied in an exclusive mode by using a client process, namely, the confidential file cannot be edited any more. In addition, the setup does not allow the same file to land. I.e. not possible to copy the confidential file on the local disk.
5. After the peripheral storage (such as a U disk) is connected to the server, the client initiates the registration of the peripheral storage to the central server, and the central server receives the registration application and then manually approves the application. And after the approval is passed, the peripheral storage is the peripheral storage white list.
After the preparation is completed, the file transfer control method provided by the embodiment of the present application may be implemented.
Namely, the specific implementation that the user inserts the peripheral storage (such as a U disk) and copies the confidential file into the peripheral storage is as follows: the client process firstly judges whether the peripheral storage is registered, and if not, the copying operation is not allowed. If registered, a copy operation is allowed, i.e., the confidential files are allowed to be copied to the peripheral storage. The user unregistered peripheral storage can initiate the operation of applying for registration on the client interface. And after receiving the peripheral storage registration information, the central server is subjected to manual approval. If the manual approval is the storage of the peripheral equipment registered by the white list, the confidential files can be stored.
The user transmits files in the computer and transmits the files through various networks such as SVN, FTP, SCP, mail attachments, HTTP/http POST uploading and the like. The EDR client monitors all network flow of the network card in the computer. And performing traffic packet capture analysis on each TCP external connection. Firstly, analyzing whether the flow of the confidential file with the attachment exists or not, namely, the flow of each TCP external connection is analyzed by a client process, the flow with the file suffix name of the TCP flow is processed independently, the flow fragments with the same file name in a plurality of flows are combined, the combined flow is extracted into a complete file, and then the MD5 value of the file is judged to judge whether the complete file is the confidential file or not; if the flow data is confidential file, extracting the destination IP of the flow, otherwise discarding the flow data. And matching an external white list through at least one of the analyzed target IP and MAC addresses, and judging whether the external white list exists in a white list library, wherein if the external white list exists in the white list library, the network transmission can be allowed if the target IP and MAC addresses for network transmission are white list addresses. If not, the network transmission is blocked, and the transmission is not allowed.
Corresponding to the above method embodiments, the embodiments of the present application further provide a file transfer control device, and the file transfer control device described below and the file transfer control method described above may be referred to in a corresponding manner.
Referring to fig. 4, the apparatus includes the following modules:
the packet capturing module 101 is used for performing traffic packet capturing on all external links of the target network card to obtain a traffic packet;
the flow packet screening module 102 is configured to screen a target flow packet with a file suffix name from the flow packets;
the file merging module 103 is configured to merge traffic segments with the same file name in multiple target traffic packets to obtain a complete file;
the information acquisition module 104 is configured to acquire destination information corresponding to the complete file if the complete file is a confidential file;
and the transmission blocking module 105 is configured to block network transmission corresponding to the complete file if the destination information is not matched with the external white list.
The device provided by the embodiment of the application is applied to carry out traffic packet capturing on all external connections of the target network card to obtain a traffic packet; screening a target flow packet with a file suffix name from the flow packets; merging the traffic fragments with the same file name in the target traffic packets to obtain a complete file; if the complete file is a confidential file, acquiring destination information corresponding to the complete file; and if the destination terminal information is not matched with the external connection white list, blocking network transmission corresponding to the complete file.
Firstly, traffic packet capturing is carried out on all external links needing a target network card, then the obtained traffic packets are screened, and the target traffic packets with file suffix names are left. And merging the flow fragments related to one file name in the target flow packet to obtain the complete file being transmitted or to be transmitted. And checking whether the complete file is a confidential file, if so, further acquiring destination end information corresponding to the complete file, and if not, directly blocking network transmission corresponding to the complete file, thereby ensuring that the complete file belonging to the confidential file is not illegally transmitted and protecting the confidential file from being leaked.
In a specific embodiment of the present application, the information obtaining module 104 is specifically configured to obtain destination information from a target traffic packet corresponding to a complete file; the destination information includes a destination IP address and/or a destination MAC address.
In one embodiment of the present application, the method further includes:
the copy transmission control module is used for receiving and analyzing the file copy request and determining a target file to be copied and an external storage; judging whether the target file is a confidential file or not; if yes, verifying whether the peripheral storage is in a peripheral storage white list; if yes, storing the copy target file to the external device; if not, the target file is prohibited from being copied to the peripheral for storage.
In a specific embodiment of the present application, the copy transmission control module is further configured to register the peripheral storage without storing a white list in the peripheral storage; if the registration is successful, storing the copy target file to the external device; and if the registration fails, prohibiting copying the target file to the peripheral for storage.
In one embodiment of the present application, the copy transfer control module is specifically configured to calculate a target MD5 value of the target file; and if the target MD5 value is in the MD5 value corresponding to the machine-encrypted file, determining that the target file is a confidential file.
In a specific embodiment of the present application, the copy transmission control module is specifically configured to read header information of a target file; and if the header file information has the confidential identification, determining that the target file is a confidential file.
In one embodiment of the present application, the method further includes:
the preprocessing module is used for downloading a white list from the EDR center server; confidential documents are marked and locked.
Corresponding to the above method embodiment, an electronic device is further provided in the embodiments of the present application, and the electronic device described below and the file transfer control method described above may be referred to in a corresponding manner.
Referring to fig. 5, the electronic device includes:
a memory 332 for storing computer programs;
a processor 322 for implementing the steps of the file transfer control method of the above-described method embodiments when executing the computer program.
Specifically, referring to fig. 6, fig. 6 is a schematic structural diagram of an electronic device provided in this embodiment, which may generate relatively large differences due to different configurations or performances, and may include one or more processors (CPUs) 322 (e.g., one or more processors) and a memory 332, where the memory 332 stores one or more computer applications 342 or data 344. Memory 332 may be, among other things, transient or persistent storage. The program stored in memory 332 may include one or more modules (not shown), each of which may include a sequence of instructions operating on a data processing device. Still further, the central processor 322 may be configured to communicate with the memory 332 to execute a series of instruction operations in the memory 332 on the electronic device 301.
The electronic device 301 may also include one or more power sources 326, one or more wired or wireless network interfaces 350, one or more input-output interfaces 358, and/or one or more operating systems 341.
The steps in the file transfer control method described above may be implemented by the structure of the electronic device.
Corresponding to the above method embodiment, the present application further provides a readable storage medium, and a readable storage medium described below and a file transfer control method described above may be referred to correspondingly.
A readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the file transfer control method of the above-mentioned method embodiment.
The readable storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and various other readable storage media capable of storing program codes.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
Claims (10)
1. A file transfer control method, comprising:
performing flow packet capturing on all external links of the target network card to obtain a flow packet;
screening a target flow packet with a file suffix name from the flow packets;
merging the traffic fragments with the same file name in the target traffic packets to obtain a complete file;
if the complete file is a confidential file, acquiring destination end information corresponding to the complete file;
and if the destination terminal information is not matched with the external connection white list, blocking network transmission corresponding to the complete file.
2. The method according to claim 1, wherein the obtaining destination information corresponding to the complete file includes:
acquiring destination end information from a target flow packet corresponding to the complete file; the destination information includes a destination IP address and/or a destination MAC address.
3. The file transfer control method according to claim 1, further comprising:
receiving and analyzing a file copying request, and determining a target file to be copied and an external storage;
judging whether the target file is a confidential file or not;
if yes, verifying whether the peripheral storage is in a peripheral storage white list;
if so, copying the target file to the peripheral storage; if not, the target file is prohibited from being copied to the peripheral for storage.
4. The file transfer control method of claim 3, wherein the peripheral storage is not storing a white list at the peripheral storage, further comprising:
registering the peripheral storage;
if the registration is successful, copying the target file to the peripheral storage;
and if the registration fails, prohibiting copying the target file to the peripheral for storage.
5. The file transfer control method according to claim 3, wherein determining whether the target file is a confidential file comprises:
calculating a target MD5 value of the target file;
and if the target MD5 value is in the MD5 value corresponding to the machine-encrypted file, determining that the target file is a confidential file.
6. The file transfer control method according to claim 3, wherein determining whether the target file is a confidential file includes:
reading header file information of the target file;
and if the header file information has the confidential identification, determining that the target file is a confidential file.
7. The file transfer control method according to any one of claims 1 to 6, characterized by further comprising:
downloading a white list from an EDR center server;
confidential documents are marked and locked.
8. A file transfer control apparatus, comprising:
the packet capturing module is used for capturing the traffic of all external links of the target network card to obtain a traffic packet;
the flow packet screening module is used for screening a target flow packet with a file suffix name from the flow packets;
the file merging module is used for merging the traffic fragments with the same file name in the target traffic packets to obtain a complete file;
the information acquisition module is used for acquiring destination terminal information corresponding to the complete file if the complete file is a confidential file;
and the transmission blocking module is used for blocking the network transmission corresponding to the complete file if the destination terminal information is not matched with the external connection white list.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the file transfer control method according to any one of claims 1 to 7 when executing the computer program.
10. A readable storage medium, characterized in that the readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the file transfer control method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110789018.4A CN113542264B (en) | 2021-07-13 | 2021-07-13 | File transmission control method, device and equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110789018.4A CN113542264B (en) | 2021-07-13 | 2021-07-13 | File transmission control method, device and equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113542264A CN113542264A (en) | 2021-10-22 |
| CN113542264B true CN113542264B (en) | 2022-08-26 |
Family
ID=78098777
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110789018.4A Active CN113542264B (en) | 2021-07-13 | 2021-07-13 | File transmission control method, device and equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113542264B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102957673A (en) * | 2011-08-24 | 2013-03-06 | 腾讯科技(深圳)有限公司 | Method, device and system for processing information |
| CN104869174A (en) * | 2015-06-15 | 2015-08-26 | 北京邮电大学 | File transmission method based on third party message-oriented middle-ware |
| CN105843916A (en) * | 2016-03-24 | 2016-08-10 | 上海上讯信息技术股份有限公司 | Sensitive data detection method and equipment based on file merging |
| CN106302383A (en) * | 2016-07-22 | 2017-01-04 | 北京奇虎科技有限公司 | The processing method of data access request and processing means |
| CN106453358A (en) * | 2016-11-02 | 2017-02-22 | 四川秘无痕信息安全技术有限责任公司 | MAC protocol realization method and device for adjusting working cycles based on energy states |
| CN106533836A (en) * | 2016-11-29 | 2017-03-22 | 杭州迪普科技股份有限公司 | Method and apparatus for displaying data packet contents |
| CN107733834A (en) * | 2016-08-10 | 2018-02-23 | 中国移动通信集团甘肃有限公司 | A kind of leakage prevention method and device |
| CN108881211A (en) * | 2018-06-11 | 2018-11-23 | 杭州盈高科技有限公司 | A kind of illegal external connection detection method and device |
| CN108933805A (en) * | 2017-05-26 | 2018-12-04 | 武汉斗鱼网络科技有限公司 | A kind of document transmission method and system |
| CN109361754A (en) * | 2018-11-05 | 2019-02-19 | 中国广核电力股份有限公司 | A kind of document transmission method and device based on browser |
| CN109804610A (en) * | 2017-03-23 | 2019-05-24 | 柏思科技有限公司 | Limit the method and system of the data traffic transmission of the equipment with network function |
| CN112398916A (en) * | 2020-10-29 | 2021-02-23 | 北京华云安信息技术有限公司 | File transmission method and device based on HTTP (hyper text transport protocol) |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4854000B2 (en) * | 2005-11-02 | 2012-01-11 | 株式会社日立ソリューションズ | Confidential file protection method |
| EP2963864B1 (en) * | 2014-07-04 | 2019-04-24 | Volkswagen Aktiengesellschaft | Computing system and method for identifying files transmitted to an external network |
-
2021
- 2021-07-13 CN CN202110789018.4A patent/CN113542264B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102957673A (en) * | 2011-08-24 | 2013-03-06 | 腾讯科技(深圳)有限公司 | Method, device and system for processing information |
| CN104869174A (en) * | 2015-06-15 | 2015-08-26 | 北京邮电大学 | File transmission method based on third party message-oriented middle-ware |
| CN105843916A (en) * | 2016-03-24 | 2016-08-10 | 上海上讯信息技术股份有限公司 | Sensitive data detection method and equipment based on file merging |
| CN106302383A (en) * | 2016-07-22 | 2017-01-04 | 北京奇虎科技有限公司 | The processing method of data access request and processing means |
| CN107733834A (en) * | 2016-08-10 | 2018-02-23 | 中国移动通信集团甘肃有限公司 | A kind of leakage prevention method and device |
| CN106453358A (en) * | 2016-11-02 | 2017-02-22 | 四川秘无痕信息安全技术有限责任公司 | MAC protocol realization method and device for adjusting working cycles based on energy states |
| CN106533836A (en) * | 2016-11-29 | 2017-03-22 | 杭州迪普科技股份有限公司 | Method and apparatus for displaying data packet contents |
| CN109804610A (en) * | 2017-03-23 | 2019-05-24 | 柏思科技有限公司 | Limit the method and system of the data traffic transmission of the equipment with network function |
| CN108933805A (en) * | 2017-05-26 | 2018-12-04 | 武汉斗鱼网络科技有限公司 | A kind of document transmission method and system |
| CN108881211A (en) * | 2018-06-11 | 2018-11-23 | 杭州盈高科技有限公司 | A kind of illegal external connection detection method and device |
| CN109361754A (en) * | 2018-11-05 | 2019-02-19 | 中国广核电力股份有限公司 | A kind of document transmission method and device based on browser |
| CN112398916A (en) * | 2020-10-29 | 2021-02-23 | 北京华云安信息技术有限公司 | File transmission method and device based on HTTP (hyper text transport protocol) |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113542264A (en) | 2021-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106230851B (en) | Data security method and system based on block chain | |
| US7490149B2 (en) | Security management apparatus, security management system, security management method, and security management program | |
| US8844016B2 (en) | System and method for monitoring unauthorized transport of digital content | |
| JP4405248B2 (en) | Communication relay device, communication relay method, and program | |
| RU2680736C1 (en) | Malware files in network traffic detection server and method | |
| JP2009543163A (en) | Software vulnerability exploit prevention shield | |
| US20130173782A1 (en) | Method and system for ensuring authenticity of ip data served by a service provider | |
| US20070192857A1 (en) | System and method for enforcing a security context on a downloadable | |
| CN112165455A (en) | Data access control method and device, computer equipment and storage medium | |
| US9444830B2 (en) | Web server/web application server security management apparatus and method | |
| CN110880983A (en) | Penetration testing method and device based on scene, storage medium and electronic device | |
| CN105359156A (en) | Unauthorized-access detection system and unauthorized-access detection method | |
| CN113179271A (en) | Intranet security policy detection method and device | |
| Van Horenbeeck | Deception on the network: thinking differently about covert channels | |
| JP2005527905A (en) | Tamper evident removable media for storing executable code | |
| CN113542264B (en) | File transmission control method, device and equipment and readable storage medium | |
| KR20140011518A (en) | Method and system to prevent malware code | |
| KR20190028597A (en) | Matching method of high speed snort rule and yara rule based on fpga | |
| CN114866532A (en) | Method, device, equipment and medium for uploading security check result information of endpoint file | |
| CN113923021A (en) | Sandbox-based encrypted flow processing method, system, device and medium | |
| KR101934516B1 (en) | E-mail Processing System for Time of Open Protection | |
| KR101980568B1 (en) | Preventing Security Control Duplication Method In Association With 3-tier Cloud Access Security Broker | |
| KR101614189B1 (en) | Method and device for prevention of illegal application deployment | |
| KR102218079B1 (en) | Method for excluding sites not accessible from secure socket layer decryption apparatus | |
| KR102618922B1 (en) | Apparatus and method for Preventing SW reverse engineering of embedded system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |