CN113836577A - Intranet and extranet access control method and access control system of confidential computer - Google Patents
Intranet and extranet access control method and access control system of confidential computer Download PDFInfo
- Publication number
- CN113836577A CN113836577A CN202111057053.3A CN202111057053A CN113836577A CN 113836577 A CN113836577 A CN 113836577A CN 202111057053 A CN202111057053 A CN 202111057053A CN 113836577 A CN113836577 A CN 113836577A
- Authority
- CN
- China
- Prior art keywords
- access
- network
- client
- intranet
- extranet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 230000008569 process Effects 0.000 claims description 27
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 9
- 230000000903 blocking effect Effects 0.000 claims description 7
- 238000001914 filtration Methods 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 230000004075 alteration Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
Abstract
The invention provides an internal and external network access control method and an access control system of a confidential computer, wherein the method comprises the following steps: setting a client network access strategy at a server, wherein the client network access strategy comprises that an internal network is forbidden to be accessed, an external network is forbidden to be accessed, a cloud control server is informed when the external network is connected, the client is quitted when the external network is connected, and a mail is sent when the external network is connected; the client comprises an application layer and a driving layer; and the application layer loads the client network access strategy to the driver layer so that the driver layer performs network access control according to the loaded client network access strategy. For the confidential computers, the data security of the computers where the client side is located accessing the internal and external networks is ensured by setting different network access strategies.
Description
Technical Field
The invention relates to the field of computer security access, in particular to an intranet and extranet access control method and an intranet and extranet access control system of a confidential computer.
Background
The method is used for controlling the access of the internal network and the external network of the confidential computer, and ensures the data security of the confidential computer.
Disclosure of Invention
Aiming at the technical problems in the prior art, the invention provides an intranet and extranet access control method and an access control system of a confidential computer.
According to a first aspect of the present invention there is provided a secret-related computer method comprising: setting a client network access strategy at a server, wherein the client network access strategy comprises that an internal network is forbidden to be accessed, an external network is forbidden to be accessed, a cloud control server is informed when the external network is connected, the client is quitted when the external network is connected, and a mail is sent when the external network is connected; wherein the client comprises an application layer and a driver layer; and the application layer loads the client network access strategy to the driver layer so that the driver layer performs network access control according to the loaded client network access strategy.
On the basis of the technical scheme, the invention can be improved as follows.
Optionally, the loading, by the application layer, the client network access policy to the driver layer, so that the driver layer performs network access control according to the loaded client network access policy, where the loading includes: when the client application layer is started, whether a computer is connected with an external network or not is judged according to a set client network access strategy, if so, whether a cloud control server needs to be informed or not, whether a client is started or not or whether a mail is sent to a designated mailbox or not is judged according to the client network access strategy when the computer is connected with the external network.
Optionally, when the client application layer judges whether to connect to the external network according to the set client network access policy, but the computer where the client is located is not currently connected to the external network, the network monitoring monitor is started for monitoring the network state of the computer where the client is located in real time; and when the state of the computer network where the client is located is monitored to be connected with an external network, informing the cloud control server according to the judgment whether the cloud control server is required to be informed, starting the client or sending a mail to a specified mailbox to execute corresponding operation.
Optionally, the method further includes: the client side automatically encrypts the confidential data to obtain the encrypted confidential data, the confidential data cannot be opened when leaving the confidential environment, and the client side cannot access the confidential data when quitting.
Optionally, the network access control is performed by the driver layer according to the loaded client network access policy, including: the client side driving layer is started, a filtering layer is added to filter all accesses of a computer where the client side is located, and when the computer where the client side is located has network access, an access port, an access process and an access destination IP are obtained through the filtering layer;
based on the access port, the access process and the access destination IP, judging the access type of the network, wherein the access type of the network comprises exception access, intranet access and extranet access;
and allowing the corresponding network access or blocking the corresponding network access based on the access type of the network and the set client network access policy.
Optionally, determining the access type of the network based on the access port, the access process, and the access destination IP includes: and judging whether the access is an exceptional access according to the access port and the access process, and judging whether the access is an intranet access IP or an extranet access IP according to the access destination IP.
Optionally, filtering all network accesses, and allowing or blocking network access based on the access type of the network and the set client network access policy, including:
when the access is exceptional access, the corresponding network access is allowed;
when the set client network access policy is to forbid intranet access and forbid extranet access, the corresponding network access is prevented;
when the set client network access strategy is that intranet access is forbidden but extranet access is allowed, if the access destination IP is the intranet access IP, the corresponding network access is prevented, and if the access destination IP is the extranet access IP, the corresponding network access is allowed;
when the set client network access policy is to allow intranet access and allow extranet access, corresponding network access is allowed;
and when the set client network access strategy is to allow intranet access but forbid extranet access, if the access destination IP is extranet access IP, preventing corresponding network access, and if the access destination IP is intranet access IP, allowing corresponding network access.
Optionally, the cloud control server is deployed in an external network, records relevant information of the confidential computer illegally connected to the external network, and sends a short message to the specified mobile phone according to the relevant information of the confidential computer illegally connected to the external network.
According to a second aspect of the present invention, an intranet and extranet access control system of a confidential computer is provided, including a server and a client, where the client includes an application layer and a driver layer;
the server is used for setting a client network access strategy, wherein the client network access strategy comprises that an internal network is forbidden to be accessed, an external network is forbidden to be accessed, a cloud control server is informed when the external network is connected, the client is quitted when the external network is connected, and a mail is sent when the external network is connected;
and the application layer of the client is used for loading the client network access strategy to the driver layer so as to enable the driver layer to carry out network access control according to the loaded client network access strategy.
Optionally, the client driver layer is started, and is further configured to add a filter layer to filter all network accesses of the computer where the client is located, and when the machine where the client is located has network access, the filter layer is used to obtain an access port, an access process, and an access destination IP;
the client driver layer is further used for judging the access type of the network based on the access port, the access process and the access destination IP, wherein the access type of the network comprises exception access, intranet access and extranet access; and filtering all network accesses based on the access types of the networks and the set client network access policy, and allowing the corresponding network access or preventing the corresponding network access.
The invention provides an internal and external network access control method and an access control system of a confidential computer.A client network access strategy is set at a server, wherein the client comprises an application layer and a drive layer; the application layer loads the client network access strategy to the driver layer so that the driver layer performs network access control according to the loaded client network access strategy.
Drawings
FIG. 1 is a flow chart of an intranet and extranet access control method for a confidential computer according to the present invention;
FIG. 2 is a schematic diagram of a client network access policy;
FIG. 3 is a flow chart of network access according to a set client network access policy;
FIG. 4 is a flow chart of network access according to a set client network access policy and an access destination IP;
fig. 5 is a schematic structural diagram of an intranet and extranet access control system of a confidential computer provided in the present invention.
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
Fig. 1 is a flowchart of an intranet and extranet access control method for a confidential computer provided in the present invention, and as shown in fig. 1, the method includes: 101. setting a client network access strategy at a server, wherein the client network access strategy comprises that an internal network is forbidden to be accessed, an external network is forbidden to be accessed, a cloud control server is informed when the external network is connected, the client is quitted when the external network is connected, and a mail is sent when the external network is connected; wherein the client comprises an application layer and a driver layer; 102. and the application layer loads the client network access strategy to the driver layer so that the driver layer performs network access control according to the loaded client network access strategy.
It can be understood that, based on the defects in the background art, the embodiment of the present invention provides a method capable of ensuring the secure network access of a confidential computer, specifically, when a client computer accesses a network, a network access policy of a computer where each client is located may be set at a server, where the network access policy mainly includes network access policies such as prohibiting access to an intranet, prohibiting access to an extranet, notifying a cloud control server when the extranet is connected, quitting the client when the extranet is connected, and sending a mail when the extranet is connected, and a schematic diagram of setting the client network access policy at the server may refer to fig. 2.
And the application layer of the client loads the client network access strategy into the driver layer according to the set client network access strategy, and the driver layer performs network access control according to the loaded client network access strategy.
For the confidential computers, the data security of the computers where the clients are located when accessing the internal and external networks is ensured by setting different network access strategies of the clients.
In a possible embodiment, the loading, by the application layer, the client network access policy to the driver layer, so that the driver layer performs network access control according to the loaded client network access policy includes: when the client application layer is started, whether the computer is connected with an external network is judged according to the set client network access strategy, if so, whether the cloud control server needs to be informed, whether the client is started or not or whether a mail is sent to a designated mailbox is judged according to the client network access strategy when the computer is connected with the external network.
It can be understood that when the client accesses the network, the client application layer is started, and whether the computer is connected to the external network is judged according to the set client network access policy, and if so, whether the cloud control server needs to be notified, whether the client is started, and whether the mail is sent to the designated mailbox is judged according to the client network access policy. When the computer is not connected with the external network currently, the client starts the network monitoring monitor to monitor the network change state of the computer in real time. When the computer is monitored to be connected with the external network, corresponding operations are executed according to the three control items (i.e. whether to notify the cloud control server, whether to start the client or whether to send a mail to a designated mailbox), as shown in fig. 3.
In a possible implementation manner, the method further includes: the client side automatically encrypts the confidential data to obtain the encrypted confidential data, the confidential data cannot be opened when leaving the confidential environment, and the confidential data cannot be accessed when the client side quits.
In order to improve the security of the confidential data of the confidential computer, the client has a transparent encryption and decryption function and can automatically encrypt and decrypt the confidential data, the encrypted confidential data cannot be opened when leaving the confidential environment, and the ciphertext of the local computer cannot be accessed when the client quits.
In a possible embodiment, the method for controlling network access by the driver layer according to the network access policy loaded by the client application layer includes: the client driving layer is started, a filter layer is added to filter all network accesses of a computer where the client is located, and when the computer where the client is located has network accesses, an access port, an access process and an access destination IP are obtained through the filter layer; judging the access type of the network based on an access port, an access process and an access destination IP (Internet Protocol Address), wherein the access type of the network comprises exception access, intranet access and extranet access; and allowing the corresponding network access or blocking the corresponding network access based on the access type of the network and the set client network access policy.
It can be understood that when the computer where the client is located has network access, it needs to determine whether the network access type is intranet or extranet or exception access. Specifically, referring to fig. 4, when the WFP driver is started, an ALE CONNECT filter layer is added, an ICMP \ RDP \ TCP \ UDP Filters are added, all network accesses of the computer where the client is located are filtered, and when a network access exists, the driver performs an ALE CONNECT callback to obtain information such as a network access destination IP/port/process. And judging the access type of the network based on the access port, the access process and the access destination IP, wherein the access type of the network comprises exception access, intranet access and extranet access. And then filtering the network access based on the network access type and the set client network access policy, and allowing the corresponding network access or preventing the corresponding network access.
The method for judging the network access type based on the access port, the access process and the access destination IP comprises the following steps: and judging whether the access is an exceptional access according to the access port and the access process, and judging whether the access is an intranet access IP or an extranet access IP according to the access destination IP.
It is understood that, for example, whether the current access is an exceptional access is determined according to the process name or the domain name resolution port of the access, and whether the access destination IP is an intranet access IP or an extranet access IP is determined according to the access destination IP.
In a possible embodiment, the network access control process for the computer where the client is located may be as shown in fig. 4, and based on the network access type and the set client network access policy, allowing the corresponding network access or blocking the corresponding network access includes: when the access is exceptional access, the corresponding network access is allowed; when the set client network access policy is to forbid intranet access and forbid extranet access, the corresponding network access is prevented; when the set client network access strategy is to forbid intranet access but allow extranet access, if the access destination IP is the intranet access IP, the corresponding network access is prevented, and if the access destination IP is the extranet access IP, the network access of the confidential computer process is allowed; when the set client network access policy is to allow intranet access and allow extranet access, corresponding network access is allowed; and when the set client network access strategy is to allow intranet access but prohibit extranet access, if the access destination IP is extranet access IP, the corresponding network access is prevented, and if the access destination IP is intranet access IP, the corresponding network access is allowed.
In order to ensure normal access of the client and the server, the drive layer is exceptional from internal and external network access of a client process, namely, when the client process is judged, corresponding network access is directly allowed, and meanwhile, an exceptional internal network machine name resolution port and an exceptional external network domain name resolution port are driven, so that normal resolution of computer names or domain names of internal and external networks is ensured when the client process is not forbidden. The client does not influence the access control function of the drive to the internal network and the external network when exiting. The client side can authorize offline use, and the policy of the local cache can be loaded when the client side is used offline.
In a possible embodiment mode, the cloud control server is deployed in an external network, records relevant information of a secret-involved computer illegally connected with the external network, sends a short message to a specified mobile phone according to the relevant information of the secret-involved computer illegally connected with the external network, and can take measures for the secret-involved computer illegally connected with the external network.
Fig. 5 is a structural diagram of an intranet and extranet access control system of a confidential computer according to an embodiment of the present invention, including a server 51 and a client 52, where the client 52 includes an application layer 521 and a driver layer 522;
and the server 51 is used for setting a client network access policy, wherein the client network access policy comprises that an intranet is forbidden to be accessed, an extranet is forbidden to be accessed, a cloud control server is informed when the extranet is connected, the client is quitted when the extranet is connected, and a mail is sent when the extranet is connected.
The application layer 521 of the client is configured to load the client network access policy to the driver layer 522, so that the driver layer 522 performs network access control according to the loaded client network access policy.
In order to ensure the security of the confidential data of the confidential computer, the client 52 is configured to: the confidential data is automatically encrypted to obtain encrypted confidential data, the confidential data cannot be opened when leaving the confidential environment, and the confidential data cannot be accessed when the client 52 exits.
The client driver layer 522 is further configured to add a filter layer during startup to filter all network accesses of the computer where the client is located, and obtain an access port, an access process, and an access destination IP through the filter layer when all computers of the client access the network.
The client driver layer 522 is further configured to determine a network access type based on the access port, the access process, and the access destination IP, where the network access type includes an exception access, an intranet access, and an extranet access; and allowing the corresponding network access or blocking the corresponding network access based on the network access type and the set client network access policy.
It can be understood that the intranet and extranet access control system of the confidential computer provided by the present invention corresponds to the intranet and extranet access control method of the confidential computer provided by the foregoing embodiments, and the relevant technical features of the intranet and extranet access control system of the confidential computer may refer to the relevant technical features of the intranet and extranet access control method of the confidential computer, and are not described herein again.
The embodiment of the invention provides an internal and external network access control method and an access control system of a confidential computer.A client network access strategy is set at a server, wherein the client comprises an application layer and a drive layer; the application layer loads the client network access strategy to the driver layer so that the driver layer performs network access control according to the loaded client network access strategy.
It should be noted that, in the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to relevant descriptions of other embodiments for parts that are not described in detail in a certain embodiment.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow or block of the flowchart illustrations or block diagrams, and combinations of flows or blocks in the flowchart illustrations or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. An intranet and extranet access control method of a confidential computer is characterized by comprising the following steps:
setting a client network access strategy at a server, wherein the client network access strategy comprises that an internal network is forbidden to be accessed, an external network is forbidden to be accessed, a cloud control server is informed when the external network is connected, the client is quitted when the external network is connected, and a mail is sent when the external network is connected; wherein the client comprises an application layer and a driver layer;
and the application layer loads the client network access strategy to the driver layer so that the driver layer performs network access control according to the loaded client network access strategy.
2. The intranet and extranet access control method of a confidential computer according to claim 1, wherein the application layer loads the client network access policy to the driver layer, so that the driver layer performs network access control according to the loaded client network access policy, comprising:
when the client application layer is started, whether the external network is connected is judged according to the set client network access strategy, if so, whether the cloud control server needs to be informed, whether the client is started or not or whether the mail is sent to the designated mailbox is judged according to the client network access strategy when the external network is connected.
3. The intranet and extranet access control method of a confidential computer according to claim 2, wherein when the client application layer judges that an extranet is connected according to the set client network access policy, but the client is not currently connected to the extranet, a network monitoring monitor is started for monitoring the network state of the computer where the client is located in real time;
when the network state of the computer where the client is located is monitored to be connected with an external network, whether a cloud control server needs to be informed or not, whether the client is started or whether a mail is sent to a designated mailbox or not is judged according to the network access strategy loaded by the client to execute corresponding operation.
4. The intranet and extranet access control method of a confidential computer according to any one of claims 1 to 3, further comprising:
the client side automatically encrypts the confidential data to obtain the encrypted confidential data, the confidential data cannot be opened when leaving the confidential environment, and the client side cannot access the confidential data when quitting.
5. The intranet and extranet access control method of a confidential computer according to claim 2, wherein the network access control is performed by the driver layer according to the loaded client network access policy, and the method comprises the following steps:
the client driving layer is started, a filter layer is added to filter all network accesses of a computer where the client is located, and when the computer where the client is located has network accesses, an access port, an access process and an access destination IP are obtained through the filter layer;
based on the access port, the access process and the access destination IP, judging the access type of the network, wherein the access type of the network comprises exception access, intranet access and extranet access;
and filtering all network accesses based on the access types of the networks and the network access policies loaded by the clients, and allowing the corresponding network accesses or preventing the corresponding network accesses.
6. The intranet and extranet access control method of a confidential computer according to claim 5, wherein the determining the access type of the network based on the access port, the access process and the access destination IP comprises:
and judging whether the access is an exceptional access or not according to the access port and the access process, and judging whether the access is an intranet access IP or an extranet access IP according to the access destination IP.
7. The intranet and extranet access control method of a confidential computer according to claim 5 or 6, wherein filtering all network accesses based on the network access type and the set client network access policy, and allowing or blocking the corresponding network access comprises:
when the access is exceptional access, the network access is allowed;
when the set client network access policy is to forbid intranet access and forbid extranet access, the corresponding network access is prevented;
when the set client network access strategy is that intranet access is forbidden but extranet access is allowed, if the access destination IP is the intranet access IP, the corresponding network access is prevented, and if the access destination IP is the extranet access IP, the corresponding network access is allowed;
when the set client network access policy is to allow intranet access and allow extranet access, corresponding network access is allowed;
and when the set client network access strategy is to allow intranet access but forbid extranet access, if the access destination IP is extranet access IP, preventing corresponding network access, and if the access destination IP is intranet access IP, allowing corresponding network access.
8. The method for controlling access to the internal and external networks of the confidential computer according to claim 7, wherein the cloud control server is deployed in the external network, records the relevant information of the confidential computer illegally connected to the external network, and sends the short message to the specified mobile phone according to the need.
9. The internal and external network access control system of the confidential computer is characterized by comprising a server and a client, wherein the client comprises an application layer and a drive layer;
the server is used for setting a client network access strategy, wherein the client network access strategy comprises that an internal network is forbidden to be accessed, an external network is forbidden to be accessed, a cloud control server is informed when the external network is connected, the client is quitted when the external network is connected, and a mail is sent when the external network is connected;
and the application layer of the client is used for loading the client network access strategy to the driver layer so as to enable the driver layer to carry out network access control according to the loaded client network access strategy.
10. The Intranet and Intranet access control system for confidential computers according to claim 8,
the client side driving layer is started and is also used for adding a filter layer to filter all network accesses of a computer where the client side is located, and when the computer where the client side is located has network accesses, an access port, an access process and an access destination IP are obtained through the filter layer;
the client driver layer is further used for judging the access type of the network based on the access port, the access process and the access destination IP, wherein the access type of the network comprises exception access, intranet access and extranet access; and allowing network access or blocking network access based on the access type of the network and the set network access policy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111057053.3A CN113836577A (en) | 2021-09-09 | 2021-09-09 | Intranet and extranet access control method and access control system of confidential computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111057053.3A CN113836577A (en) | 2021-09-09 | 2021-09-09 | Intranet and extranet access control method and access control system of confidential computer |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113836577A true CN113836577A (en) | 2021-12-24 |
Family
ID=78958873
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111057053.3A Pending CN113836577A (en) | 2021-09-09 | 2021-09-09 | Intranet and extranet access control method and access control system of confidential computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113836577A (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6678828B1 (en) * | 2002-07-22 | 2004-01-13 | Vormetric, Inc. | Secure network file access control system |
| JP2008083886A (en) * | 2006-09-27 | 2008-04-10 | Hitachi Software Eng Co Ltd | Confidential information leakage prevention method and system |
| CN101594360A (en) * | 2009-07-07 | 2009-12-02 | 清华大学 | LAN system and the method for safeguarding LAN information safety |
| WO2011062342A1 (en) * | 2009-11-18 | 2011-05-26 | 주식회사 반딧불 | Method and apparatus for controlling a network by analyzing a personal computer network packet |
| CN102594814A (en) * | 2012-02-10 | 2012-07-18 | 福建升腾资讯有限公司 | Terminal-based network access control system |
| US8560709B1 (en) * | 2004-02-25 | 2013-10-15 | F5 Networks, Inc. | System and method for dynamic policy based access over a virtual private network |
| CN103391216A (en) * | 2013-07-15 | 2013-11-13 | 中国科学院信息工程研究所 | Alarm and blocking method for illegal external connections |
| CN104239802A (en) * | 2014-10-15 | 2014-12-24 | 浪潮电子信息产业股份有限公司 | Design method for trusted server on basis of cloud data center |
| CN105577668A (en) * | 2015-12-25 | 2016-05-11 | 北京奇虎科技有限公司 | Network connection control method and device |
| CN106936846A (en) * | 2017-04-10 | 2017-07-07 | 北京明朝万达科技股份有限公司 | A kind of method for network access control and device based on WFP platforms |
| US20180227366A1 (en) * | 2013-05-28 | 2018-08-09 | International Business Machines Corporation | Providing access to a resource for a computer from within a restricted network |
| CN108989290A (en) * | 2018-06-21 | 2018-12-11 | 上海二三四五网络科技有限公司 | A kind of control method and control device for realizing server network access limitation in outer net |
| CN109889502A (en) * | 2019-01-22 | 2019-06-14 | 深圳市永达电子信息股份有限公司 | A kind of network security computer system and its implementation |
| KR102020178B1 (en) * | 2019-03-21 | 2019-09-09 | 김상환 | Fire wall system for dynamic control of security policy |
| CN111901360A (en) * | 2020-08-10 | 2020-11-06 | 西安交通大学 | Control system suitable for safe access of intranet data |
-
2021
- 2021-09-09 CN CN202111057053.3A patent/CN113836577A/en active Pending
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6678828B1 (en) * | 2002-07-22 | 2004-01-13 | Vormetric, Inc. | Secure network file access control system |
| US8560709B1 (en) * | 2004-02-25 | 2013-10-15 | F5 Networks, Inc. | System and method for dynamic policy based access over a virtual private network |
| JP2008083886A (en) * | 2006-09-27 | 2008-04-10 | Hitachi Software Eng Co Ltd | Confidential information leakage prevention method and system |
| CN101594360A (en) * | 2009-07-07 | 2009-12-02 | 清华大学 | LAN system and the method for safeguarding LAN information safety |
| WO2011062342A1 (en) * | 2009-11-18 | 2011-05-26 | 주식회사 반딧불 | Method and apparatus for controlling a network by analyzing a personal computer network packet |
| CN102594814A (en) * | 2012-02-10 | 2012-07-18 | 福建升腾资讯有限公司 | Terminal-based network access control system |
| US20180227366A1 (en) * | 2013-05-28 | 2018-08-09 | International Business Machines Corporation | Providing access to a resource for a computer from within a restricted network |
| CN103391216A (en) * | 2013-07-15 | 2013-11-13 | 中国科学院信息工程研究所 | Alarm and blocking method for illegal external connections |
| CN104239802A (en) * | 2014-10-15 | 2014-12-24 | 浪潮电子信息产业股份有限公司 | Design method for trusted server on basis of cloud data center |
| CN105577668A (en) * | 2015-12-25 | 2016-05-11 | 北京奇虎科技有限公司 | Network connection control method and device |
| CN106936846A (en) * | 2017-04-10 | 2017-07-07 | 北京明朝万达科技股份有限公司 | A kind of method for network access control and device based on WFP platforms |
| CN108989290A (en) * | 2018-06-21 | 2018-12-11 | 上海二三四五网络科技有限公司 | A kind of control method and control device for realizing server network access limitation in outer net |
| CN109889502A (en) * | 2019-01-22 | 2019-06-14 | 深圳市永达电子信息股份有限公司 | A kind of network security computer system and its implementation |
| KR102020178B1 (en) * | 2019-03-21 | 2019-09-09 | 김상환 | Fire wall system for dynamic control of security policy |
| CN111901360A (en) * | 2020-08-10 | 2020-11-06 | 西安交通大学 | Control system suitable for safe access of intranet data |
Non-Patent Citations (1)
| Title |
|---|
| 关慧;郭义喜;: "内网访问控制策略执行风险度量", 信息安全与通信保密, no. 04 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11604861B2 (en) | Systems and methods for providing real time security and access monitoring of a removable media device | |
| US10652745B2 (en) | System and method for filtering access points presented to a user and locking onto an access point | |
| US20190158512A1 (en) | Lightweight anti-ransomware system | |
| US8949827B2 (en) | Tracking a virtual machine | |
| US8392972B2 (en) | Protected access control method for shared computer resources | |
| US8108923B1 (en) | Assessing risk based on offline activity history | |
| US20040250107A1 (en) | In-context security advisor in a computing environment | |
| US9413778B1 (en) | Security policy creation in a computing environment | |
| US20060259775A2 (en) | Policy-protection proxy | |
| US20090241194A1 (en) | Virtual machine configuration sharing between host and virtual machines and between virtual machines | |
| US9369492B1 (en) | Out-of band network security management | |
| GB2570065A (en) | A multi-part internal-external process system for providing virtualization security protection | |
| US20080256634A1 (en) | Target data detection in a streaming environment | |
| US10375076B2 (en) | Network device location information validation for access control and information security | |
| CN107305613B (en) | System and method for protecting audio data transmission from microphone to application process | |
| US10375099B2 (en) | Network device spoofing detection for information security | |
| EP3065333A1 (en) | Shared keys in a computerized system | |
| US20150082374A1 (en) | Method and system for selective application of device policies | |
| US20070150951A1 (en) | Methods, communication networks, and computer program products for managing application(s) on a vulnerable network element due to an untrustworthy network element by sending a command to an application to reduce the vulnerability of the network element | |
| WO2015176394A1 (en) | File encryption method and device, and encrypted file reading method, device and terminal | |
| TWI573079B (en) | Information security management system and method for electronic document | |
| CN113836577A (en) | Intranet and extranet access control method and access control system of confidential computer | |
| JP2004303094A (en) | Network system test method, network system test program, and network device | |
| US20090037582A1 (en) | Method And System For Managing Access To A Resource Over A Network Using Status Information Of A Principal | |
| US20210409454A1 (en) | Dynamic application-level compliance enforcement |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |