CN114254378A - File uploading and downloading control system and method based on Windows - Google Patents
File uploading and downloading control system and method based on Windows Download PDFInfo
- Publication number
- CN114254378A CN114254378A CN202110954018.5A CN202110954018A CN114254378A CN 114254378 A CN114254378 A CN 114254378A CN 202110954018 A CN202110954018 A CN 202110954018A CN 114254378 A CN114254378 A CN 114254378A
- Authority
- CN
- China
- Prior art keywords
- uploading
- downloading
- control
- file
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Quality & Reliability (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a Windows-based file uploading and downloading control system.A policy configuration module is used for an administrator to issue control rules to each uploading and downloading control module, each uploading and downloading control module carries out control limitation on user behaviors according to the control rules and uploads audit records to an audit module, and the audit module is used for the administrator to check the uploading and downloading records of all users. The invention also discloses a file uploading and downloading control method based on Windows, and an administrator configures a control strategy; judging the uploading and downloading behaviors of the user by utilizing a hook technology in combination with a control strategy, directly alarming and intercepting if the uploading and downloading behaviors are not matched, and performing corresponding audit if the uploading and downloading behaviors are released; and for the intercepted uploading and downloading behaviors, the user initiates an application, and the administrator modifies and reviews the application content. According to the technical scheme, file uploading and downloading behaviors of the user can be effectively limited, the uploaded and downloaded files are safely controlled, auditing efficiency can be improved, and loss of sensitive data divulgence to a company is prevented.
Description
Technical Field
The invention belongs to the technical field of data security transmission, and particularly relates to a file uploading and downloading management and control system and method based on Windows.
Background
The internet technology provides great convenience for information communication and transmission of people, and because of the openness and convenience of the internet, company staff can intentionally or negligibly divulge confidential documents through an outgoing path, and if the company does not have related control measures, the company is greatly lost; on the other hand, if the company releases employees to download files at the website at will, some virus files or software can be easily downloaded due to the fact that the files cannot be distinguished, so that risks are brought, the network security of the whole company is threatened, in addition, any downloading can occupy the bandwidth of the company, the utilization rate of network resources is influenced, and the overall management of the company is influenced.
At present, when company employees upload and download files in a Windows environment, blocking detection is usually adopted to perform sensitive detection on the files, some files are also backed up at the same time for later inquiry, however, the blocking detection mode affects the uploading and downloading efficiency and needs to be improved.
Disclosure of Invention
The invention aims to provide a file uploading and downloading control system and method based on Windows, which can effectively limit file uploading and downloading behaviors of users, perform safety control on uploaded and downloaded files, improve auditing efficiency and prevent sensitive data from causing loss to companies due to divulgence.
In order to achieve the above purpose, the solution of the invention is:
a file uploading and downloading management and control system based on Windows comprises a strategy configuration module, an auditing module and a plurality of uploading and downloading management and control modules, wherein the strategy configuration module is used for an administrator to issue management and control rules to each uploading and downloading management and control module, each uploading and downloading management and control module is used for carrying out management and control limitation on user behaviors according to the management and control rules and uploading auditing records to the auditing module, and the auditing module is used for the administrator to check the uploading and downloading records of all users.
A file uploading and downloading control method based on Windows comprises the following steps:
step 1, an administrator configures a management and control strategy;
step 2, utilizing a hook technology to judge the uploading and downloading behaviors of the user in combination with a control strategy, directly giving an alarm and intercepting if the uploading and downloading behaviors are not matched, and making corresponding audit if the uploading and downloading behaviors are released;
and 3, for the intercepted uploading and downloading behaviors, the user initiates an application, and the administrator modifies and reviews the application content according to the actual situation.
In the step 1, the management and control policy includes a process white list, a file white list, a sensitive detection policy configuration, and a policy time validity.
In the step 3, the condition for the user to initiate the application is multidimensional, and includes a process white list, a file white list, a sensitive detection policy configuration and a policy time validity.
In the step 2, a hook technology is adopted to manage and control file downloading and uploading actions of a user from file selection, copy cutting, dragging, downloading and saving.
In the step 2, the judgment is performed by combining the control strategy, if the judgment belongs to the strategy interception range, whether the judgment belongs to the examination and approval allowable range is further judged, if the judgment does not belong to the strategy interception range, direct alarm and interception are performed, and if the judgment is released, corresponding audit is performed.
In the step 3, the administrator can check the uploading and downloading records of all users, including the recording time, the user information and the file content.
After the scheme is adopted, the invention has the following improvements:
(1) the invention can limit the uploading and downloading of the files, control the uploading and downloading behaviors of the files from a multi-dimensional angle, and support the safety behaviors of the approval and release part, so that an administrator can better and reasonably arrange, thereby not influencing the normal work of employees and ensuring the confidentiality and the safety of company units;
(2) the invention can also generate audit records and backup files for the uploaded and downloaded files, and is convenient for managers to track the uploading and downloading behaviors of the employees in the future.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
The technical solution and the advantages of the present invention will be described in detail with reference to the accompanying drawings.
The invention provides a Windows-based file uploading and downloading control system which comprises a strategy configuration module, an uploading and downloading control module and an auditing module, wherein the strategy configuration module and the auditing module are both arranged at a manager, and a plurality of uploading and downloading control modules are respectively corresponding to staff users needing to control file transmission and are respectively introduced below.
The policy configuration module is used for the administrator to issue specific control restriction policies to all the upload and download control modules and process the upload and download approval requests, and comprises the following steps:
1) the process white list supports all forbidding, forbids according to types (specifically configurable, such as a browser, a chat tool and the like), permits the process white list to be released, and prevents leakage caused by sending confidential files outside through an untrusted process;
2) the file white list supports all prohibition, and is configured in various modes to effectively prevent confidential files from leaking according to the modes of type prohibition (files, pictures or specific formats), white list release and the like;
3) the method has the advantages that sensitive detection strategy configuration is realized, keywords, regularization, ocr picture identification and the like are supported, sensitive detection can be performed on files and picture contained contents, and warning or blocking can be performed on uploading and downloading of some sensitive files under the condition that a white list strategy is not added;
4) the strategy time validity comprises a control strategy and document approval, can be subdivided into specific time periods of each day every week, and can be configured with a permanent strategy or a timeliness strategy.
The uploading and downloading control module adopts a hook technology, controls file downloading and uploading actions of a user in modes of file selection, copy shearing, dragging, downloading and storing and the like, judges whether to block or alarm according to rules configured by the strategy configuration module, and audits released actions. The user can mention and apply for the prohibited uploading and downloading behaviors and is approved by an administrator, and the user can normally use the system after approval is passed, so that the normal use of the user is not influenced and is in a controllable range.
And the auditing module is used for an administrator to check the uploading and downloading records of all users, comprises recording time, user information, file contents and the like, and is convenient for evaluating the security risk of each user and searching a source for the leaked files in the future.
As shown in fig. 1, the present invention further provides a file uploading/downloading control method based on Windows, which includes the following steps:
s1, the administrator can configure different control strategies including a process white list, a file white list, file content sensitive detection, strategy time validity and the like for each uploading and downloading control module according to actual requirements, so that confidential files are prevented from being leaked through an outgoing path, and some virus files are prevented from being downloaded and spread in company units;
and S2, when the user uploads the downloaded file, the uploading and downloading management and control module analyzes and intercepts the data by using the hook technology. Firstly, judging by combining a control strategy, if the file belongs to a strategy interception range, further judging whether the file belongs to an approval allowable range, if the file does not belong to the strategy interception range, directly alarming and intercepting, and if the file is released, making corresponding audit to prevent unsafe file uploading and downloading;
s3, for prohibited uploading and downloading behaviors, a user can initiate an application to an administrator through an uploading and downloading management and control module, and the application conditions are also multidimensional and comprise a process white list, a file white list, strategy time validity and the like;
s4, the administrator modifies and examines the application content according to the actual situation aiming at the file application initiated by the uploading and downloading control module, and the normal work of the user is ensured to be not interfered and controllable on the premise of preventing the document leakage.
To sum up, the invention relates to a file uploading and downloading control system and method based on Windows, wherein, a strategy configuration module is mainly used for providing different file uploading and downloading control rules configured by an administrator according to the actual situation and issuing the rules to a specific terminal; the uploading and downloading control module, namely the terminal module, is responsible for controlling and limiting the terminal user behavior according to the rules issued by the administrator and uploading the audit records; the auditing module is mainly used for collecting and displaying records of all terminals, so that an administrator can conveniently review and adjust rule strategies. The method and the system mainly aim to prevent confidential documents from being divulged in an uploading and downloading mode, evaluate the security risk of each user and search a source for the divulged documents in the future.
The above embodiments are only for illustrating the technical idea of the present invention, and the protection scope of the present invention is not limited thereby, and any modifications made on the basis of the technical scheme according to the technical idea of the present invention fall within the protection scope of the present invention.
Claims (7)
1. A file uploading and downloading management and control system based on Windows is characterized in that: the system comprises a strategy configuration module, an audit module and a plurality of uploading and downloading management and control modules, wherein the strategy configuration module is used for an administrator to issue management and control rules to each uploading and downloading management and control module, each uploading and downloading management and control module is used for carrying out management and control limitation on user behaviors according to the management and control rules and uploading audit records to the audit module, and the audit module is used for the administrator to check the uploading and downloading records of all users.
2. A file uploading and downloading control method based on Windows is characterized by comprising the following steps:
step 1, an administrator configures a management and control strategy;
step 2, utilizing a hook technology to judge the uploading and downloading behaviors of the user in combination with a control strategy, directly giving an alarm and intercepting if the uploading and downloading behaviors are not matched, and making corresponding audit if the uploading and downloading behaviors are released;
and 3, for the intercepted uploading and downloading behaviors, the user initiates an application, and the administrator modifies and reviews the application content according to the actual situation.
3. The Windows-based file upload and download management and control method according to claim 2, wherein: in the step 1, the control policy includes a process white list, a file white list, a sensitive detection policy configuration, and a policy time validity.
4. The Windows-based file upload and download management and control method according to claim 3, wherein: in step 3, the condition for the user to initiate the application is multidimensional, and includes a process white list, a file white list, a sensitive detection policy configuration and a policy time validity.
5. The Windows-based file upload and download management and control method according to claim 2, wherein: in the step 2, a hook technology is adopted to manage and control file downloading and uploading actions of a user in file selection, copy cutting, dragging, downloading and storing.
6. The Windows-based file upload and download management and control method according to claim 5, wherein: in the step 2, the judgment is performed by combining the control strategy, if the judgment belongs to the strategy interception range, whether the judgment belongs to the examination and approval allowable range is further judged, if the judgment does not belong to the strategy interception range, direct alarm and interception are performed, and if the judgment is released, corresponding audit is performed.
7. The Windows-based file upload and download management and control method according to claim 2, wherein: in the step 3, the administrator can check the uploading and downloading records of all users, including the recording time, the user information and the file content.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110954018.5A CN114254378A (en) | 2021-08-19 | 2021-08-19 | File uploading and downloading control system and method based on Windows |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110954018.5A CN114254378A (en) | 2021-08-19 | 2021-08-19 | File uploading and downloading control system and method based on Windows |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114254378A true CN114254378A (en) | 2022-03-29 |
Family
ID=80791266
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110954018.5A Pending CN114254378A (en) | 2021-08-19 | 2021-08-19 | File uploading and downloading control system and method based on Windows |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114254378A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115130096A (en) * | 2022-06-20 | 2022-09-30 | 北京全息智信科技有限公司 | Method for preventing malicious operation, misoperation and illegal operation through real-time examination |
| CN116886441A (en) * | 2023-08-28 | 2023-10-13 | 北京火山引擎科技有限公司 | Website detection method and device, electronic equipment and readable medium |
-
2021
- 2021-08-19 CN CN202110954018.5A patent/CN114254378A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115130096A (en) * | 2022-06-20 | 2022-09-30 | 北京全息智信科技有限公司 | Method for preventing malicious operation, misoperation and illegal operation through real-time examination |
| CN115130096B (en) * | 2022-06-20 | 2023-03-07 | 北京全息智信科技有限公司 | Method for preventing malicious operation, misoperation and illegal operation through real-time examination |
| CN116886441A (en) * | 2023-08-28 | 2023-10-13 | 北京火山引擎科技有限公司 | Website detection method and device, electronic equipment and readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2553648C (en) | Adaptive transparent encryption | |
| EP1977364B1 (en) | Securing data in a networked environment | |
| US8769605B2 (en) | System and method for dynamically enforcing security policies on electronic files | |
| US8286253B1 (en) | Data leakage prevention for resource limited device | |
| CN103632080B (en) | A kind of mobile data applications method for security protection based on USBKey | |
| CN103246834B (en) | Control method and electronic equipment | |
| CN106446707A (en) | Dynamic data leakage prevention system and method | |
| US20060143447A1 (en) | Managing elevated rights on a network | |
| US20080183603A1 (en) | Policy enforcement over heterogeneous assets | |
| CN114254378A (en) | File uploading and downloading control system and method based on Windows | |
| CN114003943B (en) | Safe double-control management platform for computer room trusteeship management | |
| CN103413088A (en) | Computer document operational safety audit system | |
| CN104462997A (en) | Method, device and system for protecting work data in mobile terminal | |
| CN104978543A (en) | Mobile terminal information safety protection system and method | |
| CN111914300A (en) | Document encryption device and method for preventing file leakage | |
| CN108390857A (en) | A kind of method and apparatus of high sensitive network to low sensitive network export | |
| CN112948870A (en) | Electronic document security management method and management system based on big data | |
| CN113810366A (en) | Website uploaded file safety identification system and method | |
| Menascé | The insider threat security architecture: a framework for an integrated, inseparable, and uninterrupted self-protection mechanism | |
| CN105631357A (en) | System and method for protecting information security of mobile terminals | |
| Choi et al. | A HIPAA security and privacy compliance audit and risk assessment mitigation approach | |
| Wu et al. | Enterprise information security management based on context-aware RBAC and communication monitoring technology | |
| CN115935424A (en) | File unified storage management method and device based on file security and personnel permission | |
| Wang et al. | MobileGuardian: A security policy enforcement framework for mobile devices | |
| CN114282229A (en) | Gradient-based non-sensing encryption and decryption system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |