CN114257407A - White list-based equipment connection control method and device and computer equipment - Google Patents
White list-based equipment connection control method and device and computer equipment Download PDFInfo
- Publication number
- CN114257407A CN114257407A CN202111363405.8A CN202111363405A CN114257407A CN 114257407 A CN114257407 A CN 114257407A CN 202111363405 A CN202111363405 A CN 202111363405A CN 114257407 A CN114257407 A CN 114257407A
- Authority
- CN
- China
- Prior art keywords
- host terminal
- white list
- library
- intranet
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application relates to a white list-based device connection control method and device, computer equipment and a storage medium. Starting a central server program, performing login authentication on an internet connection channel of the host terminal successfully matched with the white list library of the host terminal according to a login authentication program, improving the safety of the host terminal when the host terminal is connected with an intranet or the internet, matching the internet connection channel after the authentication with an external black and white list IP library to obtain a matching signal, to instruct the client to allow or disconnect the connection between the host terminal corresponding to the authenticated Internet connection channel and the Internet, so as to achieve the purpose of preventing illegal external connection, and at the same time, the client is installed in the host terminal and is self-started along with the start of the host terminal, so that the client can always guard the host terminal, and the user can not realize illegal external connection by actively closing the client, thereby further improving the reliability and safety of the host terminal when being connected with the intranet or the internet.
Description
Technical Field
The present application relates to the field of digital information transmission technologies, and in particular, to a white list-based device connection control method and apparatus, a computer device, and a storage medium.
Background
With the rapid development of the information networking era, computers have spread to various fields in daily life and become indispensable tools in the information society. The computer can realize the functions of information acquisition, transmission and the like, but is accompanied by some network security threats, such as virus intrusion, hacker attack and the like.
At present, the occurrence of the Leso virus and the mine digging virus is a huge potential safety hazard faced by computers and even internal networks, and the Leso virus or the mine digging virus can enter the internal networks through the modes of ordering mails, advertising promotion and the like by users. Once the lean virus or the mine digging virus invades one computer of the intranet, 139 and 445 ports of all the hosts of the intranet are continuously detected in a mode of starting an abnormal process or injecting a normal process. At this time, if the port is opened or the corresponding patch is not installed, the virus can quickly permeate to another computer until all hosts of the intranet are infected; or the external connection is carried out to a malicious address to download a malicious script and the malicious script is started in the computer, so that all documents in the internal network are encrypted or resources such as a CPU (Central processing Unit), a memory and the like are exhausted.
Based on this, a method for monitoring the process external connection condition is often adopted, that is, the spread of the Lesox virus and the mining virus in the intranet is prevented by blocking the abnormal external connection behavior of the process. However, the method has the problem of incomplete blocking of abnormal processes, so that the safety is poor and the use is unreliable.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a white list-based device connection control method, apparatus, computer device and storage medium capable of improving security and reliability of a host terminal during connection with an intranet or the internet.
A white list based device connection control method, the method comprising:
deploying a central server program, and configuring a host terminal white list library, an external black and white list IP library and a login authentication program of an intranet;
starting a central server program, and matching a host terminal connected in an intranet with the white list library of the host terminal;
performing login authentication on the internet connection channel of the host terminal successfully matched with the white list library of the host terminal according to the login authentication program;
and matching the Internet connection channel after passing the authentication with the external connection blacklist and white list IP library to obtain a matching signal, wherein the matching signal is used for indicating a client to allow the connection between a host terminal corresponding to the Internet connection channel after passing the authentication and the Internet or disconnecting the connection between the host terminal corresponding to the Internet connection channel after passing the authentication and the intranet, and the client is installed in the host terminal in the intranet and is automatically started along with the start of the host terminal.
In one embodiment, the deploying central server program, after configuring the white list library of the host terminal in the intranet, the black and white list IP library in the extranet, and the login authentication program, further includes:
and uploading the external black and white list IP library and the login authentication program to a host terminal in the intranet.
In one embodiment, after the matching the internet connection channel after passing the authentication with the external blacklist and whitelist IP library to obtain a matching signal, the method further includes:
and if the internet connecting channel after passing the authentication is not in the external black and white list IP library, auditing the internet connecting channel after passing the authentication to obtain an auditing result, and storing the auditing result in the external black and white list IP library, wherein the auditing result is used for representing that the internet connecting channel after passing the authentication is a safe or dangerous link.
In one embodiment, the out-linked blacklist IP repository comprises: the system comprises a built-in external white list IP library, a self-defined external white list IP library and an external black list IP library.
In one embodiment, after the matching the internet connection channel after passing the authentication with the external blacklist and whitelist IP library to obtain a matching signal, the method further includes:
and if a matching signal for indicating the client to disconnect the connection between the host terminal corresponding to the internet connection channel passing the authentication and the intranet is obtained, receiving alarm information from the client, wherein the alarm information is used for prompting a user that the internet connection channel passing the authentication is in an abnormal state.
In one embodiment, the starting the central server program, after matching the host terminal connected in the intranet with the white list of the host terminal, further includes:
analyzing the received behavior monitoring data to obtain an analysis result, judging the connection state of the host terminal and an intranet or the internet according to the analysis result, and monitoring and recording the networking process of the host by the host terminal to obtain the behavior monitoring data.
In one embodiment, a web page filtering driver is installed in the host terminal, and is used for filtering risky links opened by the host terminal in a state of being connected with the internet.
A white list based device connection control apparatus, the apparatus comprising:
the data configuration module is used for deploying a central server program, and configuring a host terminal white list library, an external black and white list IP library and a login authentication program of an intranet;
the first matching module is used for starting the central server program and matching the host terminal connected in the intranet with the host terminal white list library;
the login authentication module is used for performing login authentication on the internet connection channel of the host terminal successfully matched with the white list library of the host terminal according to the login authentication program;
and the second matching module is used for matching the Internet connection channel after passing the authentication with the external blacklist and white list IP library to obtain a matching signal, the matching signal is used for indicating a client to allow the connection between the host terminal corresponding to the Internet connection channel after passing the authentication and the Internet or disconnecting the connection between the host terminal corresponding to the Internet connection channel after passing the authentication and the intranet, and the client is installed in the host terminal in the intranet and is automatically started along with the starting of the host terminal.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the method of any preceding claim when the processor executes the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any of the above.
The white list-based equipment connection control method, the white list-based equipment connection control device, the computer equipment and the storage medium are characterized in that a central server program is deployed in the server, a host terminal white list library of an intranet, an external black and white list IP library and a login authentication program are configured, the central server program is started, the login authentication is carried out on an internet connection channel of the host terminal successfully matched with the host terminal white list library according to the login authentication program, the safety of the host terminal in connection with the intranet or the internet is effectively improved, the internet connection channel after passing the authentication is matched with the external black and white list IP library to obtain a matching signal so as to indicate a client to allow the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the internet or disconnect the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the intranet, the purpose of preventing illegal external connection is achieved, meanwhile, the client side is installed in the host terminal and is started automatically along with the starting of the host terminal, so that the client side can always guard the host terminal, the user cannot realize illegal external connection by actively closing the client side, and the reliability and the safety of the host terminal when being connected with an intranet or the internet are further improved.
Drawings
FIG. 1 is a diagram of an application environment of a white list based device connection control method in an embodiment;
FIG. 2 is a flowchart illustrating a white list-based device connection control method according to an embodiment;
FIG. 3 is a flowchart illustrating a white list-based device connection control method according to another embodiment;
FIG. 4 is a flowchart illustrating a white list-based device connection control method according to another embodiment;
FIG. 5 is a flowchart illustrating a white list-based device connection control method according to yet another embodiment;
FIG. 6 is a flow diagram of a white list based device connection control method in one embodiment;
FIG. 7 is a white list based device connection control apparatus in one embodiment;
FIG. 8 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
In the white list-based device connection control method provided by the present application, generally, the device is generally a network device, and the network device may include a computer (whether it is a personal computer or a server), a hub, a switch, a bridge, a router, a gateway, a Network Interface Card (NIC), a Wireless Access Point (WAP), a printer and a modem, a fiber transceiver, an optical cable, and the like. The method may be applied in an application environment as shown in fig. 1. The host terminal 101 and the center server 102 communicate with each other through an intranet. The central server 102 is configured with a host terminal white list library of an intranet, an external black and white list IP library and a login authentication program, firstly, the host terminal 101 connected in the intranet is matched with the host terminal white list library configured in the central server 102, then, the login authentication is carried out on the internet connection channel of the host terminal 101 successfully matched with the host terminal white list library according to the login authentication program configured in the central server 102, and finally, the internet connection channel after the authentication is passed is matched with the external black and white list IP library configured in the central server 102. Note that a client is also installed in the host terminal 101. The host terminal 101 may be, but not limited to, various personal computers, notebook computers, tablet computers, smart phones, and the like, and the central server 102 may be implemented by an independent server or a server cluster formed by a plurality of servers.
In one embodiment, as shown in fig. 2, there is provided a white list-based device connection control method, including the steps of:
step S100: and deploying a central server program, and configuring a white list library, an external black and white list IP library and a login authentication program of a host terminal of the intranet.
Specifically, the step may be executed by a server, where the server and the host terminal communicate via an intranet network, and during data configuration of the server, the server deploys a central server program, configures a white list library, an external black and white list IP library, and a login authentication program of the host terminal in the intranet. Further, the host terminal white list library of the intranet refers to a set of address information of the host terminal which is allowed by the server and can be directly connected with the intranet, and it can be understood that the host terminal of which the address information is contained in the host terminal white list library can be preferentially connected with the intranet and cannot be blocked by the server as an abnormal address, so that the connection process between the host terminal and the intranet is safer and faster. In addition, the external black and white list IP library refers to the sum of legal and illegal IP addresses of the Internet connection channel, and the server can block or release the Internet connection channel with the host terminal through the list IP library, so that the safety of the communication process between the server and the host terminal is improved. Generally, the login authentication procedure ensures security by confirming identity information of the terminal to be authenticated, and currently, a Cookie + Session login, Token login, SSO single-point login, OAuth third-party login, and the like are commonly used login authentication methods.
In this embodiment, the login authentication program adopts an MFA (Multi-factor authentication), which is a method for performing identity authentication in a computer system, and a user needs to check two or more authentication means to enter the system and access resources. Meanwhile, compared with the traditional single Password authentication, the MFA has stronger security, and the MFA can rotate the most satisfactory or appropriate algorithm according to the actual requirement, such as an HOTP (HMAC-based One-Time Password, One-Time Password encrypted based on an HMAC algorithm) algorithm, a TOTP (Time-based One-Time Password, One-Time Password based on a timestamp algorithm) algorithm, and the like.
Further, in this embodiment, a TOTP algorithm may be optionally applied to the MFA, where the TOTP algorithm is a time-based one-time password algorithm, and the one-time password is calculated according to the pre-shared key and the current time, and the TOTP algorithm has good compatibility.
Step S300: and starting a central server program, and matching the host terminal connected in the intranet with the white list library of the host terminal.
Specifically, the central server program is stored in the server, and after the central server program is started, the server matches the host terminal connected in the intranet with the host terminal white list library configured by the server. The specific process of matching may be: checking whether the address information of the host terminal exists in a white list library of the host terminal, if so, determining that the matching is successful, and at the moment, allowing the current host terminal to continue to be connected with the intranet by the server; if not, considering that the current host terminal is probably illegal external connection equipment, the server can immediately disconnect the connection between the current host terminal and the intranet.
Step S500: and performing login authentication on the internet connection channel of the host terminal successfully matched with the white list of the host terminal according to the login authentication program.
Specifically, the host terminal that is successfully matched with the white list library of the host terminal currently generates an action signal for connecting with the internet, and at this time, the login authentication program stored in the server performs login authentication on the current internet connection channel, so as to ensure the security of the connection between the host terminal and the internet. Further, in this embodiment, each time the host terminal enters one internet connection channel, the login authentication procedure is restarted, and login authentication is performed on the current internet connection channel.
Step S700: and matching the Internet connection channel after passing the authentication with an external black and white list IP library to obtain a matching signal.
The matching signal is used for indicating the client to allow the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the internet or to disconnect the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the intranet, and the client is installed in the host terminal in the intranet and is automatically started along with the start of the host terminal. Specifically, after the server performs login authentication on the internet connection channel of the host terminal, the server matches the internet connection channel with an externally-connected blacklist and whitelist IP library stored inside to obtain a matching signal. The obtained matching signals are different according to different matching results or different matching objects. For example, the specific matching process may be: and checking whether the IP address of the Internet connecting channel after passing the authentication exists in an external black-and-white list IP library, if so, obtaining a matching signal for indicating that the client allows the host terminal corresponding to the Internet connecting channel after passing the authentication to be connected with the Internet, and if not, obtaining a matching signal for disconnecting the host terminal corresponding to the Internet connecting channel after passing the authentication from the intranet.
Or, when the external black and white list IP library includes an external black list IP library and an external white list IP library, the specific matching process may be: checking whether the IP address of the Internet connection channel after passing the authentication exists in an external blacklist IP library, if so, obtaining a matching signal for indicating the client to disconnect the connection between the host terminal corresponding to the Internet connection channel after passing the authentication and the intranet, or checking whether the IP address of the Internet connection channel after passing the authentication exists in an external whitelist IP library, and if so, obtaining a matching signal for indicating the client to allow the host terminal corresponding to the Internet connection channel after passing the authentication to be connected with the Internet. The client is installed in a host terminal in an intranet and is started automatically along with the start of the host terminal, and it can be understood that the client can be hidden in the background of the host terminal in the whole process of the operation of the host terminal, so that the host terminal can be protected all the time, and illegal external connection can be avoided by actively closing the client by a user.
In one embodiment, as shown in fig. 3, after step S100, the white list-based device connection control method further includes step S200.
Step S200: and uploading the external black and white list IP library and the login authentication program to a host terminal in the intranet.
Specifically, the server uploads an externally connected black and white list IP library and a login authentication program configured by the server to a host terminal in an intranet, the host terminal can be directly downloaded and used, and meanwhile, a client is installed in the host terminal and can be automatically started along with the start of the host terminal. And, every time the host terminal connects with the intranet, the host terminal downloads the updated black and white list IP library of the external connection from the server. It will be appreciated that the updated out-linked blacklist IP repository is a direct overlay to the out-linked blacklist IP repository before updating. Therefore, even if the host terminal connected in the intranet is disconnected from the intranet, the host terminal can still log in and authenticate the connected internet channel, and the safety of the host terminal in the connection process with the internet under the condition of disconnection from the intranet is effectively improved.
In one embodiment, the out-linked blacklist IP repository includes: the system comprises a built-in external white list IP library, a self-defined external white list IP library and an external black list IP library.
Specifically, the data in the built-in external white list IP library is fixed (i.e., is not allowed to be modified), while the customized external white list IP library is equivalent to a supplement specially performed on the data in the built-in external white list IP library, and the data sources of the external black list IP library may include an IP address built in by an administrator when the intranet is built, an IP address verified as an external black list during the operation of the intranet, and an IP address actively added to the external black list IP library by the user. Furthermore, the self-defined external white list IP library can be updated after being audited by the central server, and the auditing mode comprises automatic scanning of antivirus software, manual detection of network security programmers and the like. In the embodiment, the black and white list IP library of the external connection is pre-constructed and updated in real time, so that the condition that a user adds links with risks at will can be prevented, and the reliability and the safety of blocking the illegal external connection can be improved.
In one embodiment, as shown in fig. 4, after step S700, the method for controlling the connection of the network device further includes step S800.
Step S800: and if the internet connection channel after passing the authentication is not in the external black and white list IP library, checking the internet connection channel after passing the authentication to obtain a checking result, and storing the checking result in the external black and white list IP library.
And the auditing result is used for representing that the Internet connection channel after the authentication is passed is a safe or dangerous link. Specifically, firstly, whether the internet connection channel passing the authentication exists in a built-in external white list IP library or not is judged, and if the internet connection channel exists in the built-in external white list IP library, the client allows the host terminal to be connected with the internet. If the internet connecting channel does not exist in the built-in external white list IP library, checking whether the internet connecting channel exists in the self-defined external white list IP library, if the internet connecting channel exists in the self-defined external white list IP library, allowing the host terminal to be connected with the internet by the client, tracking and recording the networking process of the host terminal, and simultaneously receiving prompt information about the networking state of the host terminal from the host client by the server. It is understood that the host client may be a display. If the internet connection channel does not exist in the self-defined external white list IP library, checking whether the internet connection channel exists in an external black list IP library, and if the internet connection channel exists in the external black list IP library, immediately disconnecting the host terminal from the intranet by the client; if the internet connection channel does not exist in the external blacklist IP library, the internet connection channel is not in the external blacklist IP library, and the internet connection channel may be a safe internet connection channel or a dangerous internet connection channel. At this moment, the client can immediately disconnect the connection between the host terminal and the intranet, and send prompt information to the user to prompt the user whether to mark the internet connection channel and submit the internet connection channel to the server for auditing.
If the user chooses to mark and submit the Internet connecting channel, the server verifies the Internet connecting channel submitted by the user and stores the verification result in the external blacklist and white list IP library. It is to be understood that the audit result may be stored in a custom white list IP library when the audit result indicates that the internet connection channel is a secure and approved link, and may be stored in an external blacklist IP library when the audit result indicates that the internet connection channel is a dangerous or abnormal link. If the user does not mark and submit the internet connection channel all the time, the connection between the host terminal and the intranet is always in a disconnected state. The reliability and the safety of the host terminal in the process of connecting with an intranet or the Internet are improved.
Further, in this embodiment, after the host terminal is disconnected from the intranet, when there is a demand for connecting to the internet again, the client performs risk detection on the connection channel between the host terminal and the internet, and if there is a risk in the connection channel, the client immediately disconnects the connection between the host terminal and the internet, thereby further ensuring the security of the host terminal when being disconnected from the intranet and then being connected to the internet.
In one embodiment, as shown in fig. 5, after step S700, the white list-based device connection control method further includes step S900.
Step S900: and if a matching signal for indicating the client to disconnect the connection between the host terminal corresponding to the internet connection channel passing the authentication and the intranet is obtained, receiving alarm information from the client.
The alarm information is used for prompting the user that the internet connection channel after the authentication is passed is in an abnormal state. Specifically, when the IP address of the internet connection channel of the host terminal is contained in the black-and-white list IP database of the external connection or is not contained in the black-and-white list IP database of the external connection, it indicates that the internet connection channel may be an illegal link, the client immediately disconnects the host terminal from the intranet, and at this time, the client sends alarm information to the server, and the host client also receives the alarm information from the client. It is to be understood that the client may be considered a user and the host client may be considered a display, etc. The reliability and the safety of the host terminal when the host terminal is connected with an internal network or an external network are further improved.
In one embodiment, after step S300, the white list based device connection control method further includes step 400.
Step 400: and analyzing the received behavior monitoring data to obtain an analysis result, and judging the connection state of the host terminal and the intranet or the internet according to the analysis result.
The behavior monitoring data is obtained by monitoring and recording the networking process of the host computer through the host terminal. Specifically, after the central server is started, the host terminal monitors and records the behavior of the entire connection process between the host and the intranet or the internet, where the host terminal can be understood as a security program such as monitoring software installed inside the host. Meanwhile, the client sends the monitoring data of the host terminal to the server for analysis, so that abnormal connection behaviors of the host terminal can be found in time, and the safety of the host terminal when being connected with an intranet or the internet is further ensured.
In one embodiment, a web page filtering driver is further installed in the host terminal of the intranet, and is used for filtering the risky links which are opened by the host terminal in a state of being connected with the internet.
Particularly, intercepting the dangerous link in the secure webpage can further protect the security of the host terminal networking, thereby effectively preventing a user from mistakenly clicking the dangerous link hidden in the secure webpage, installing a webpage filtering driver in the host terminal, and also being other secure software and the like playing the same role of interception.
Referring to fig. 6, the following detailed description is made in conjunction with a specific embodiment in order to more clearly understand the present solution. In one embodiment, the white list-based device connection control method includes:
step (1), deploying a central server program, and configuring a host terminal white list library, an external white and black list IP library and a login authentication program of an intranet, wherein the external white and black list IP library comprises an internal external white list IP library, a self-defined external white list IP library and an external black list IP library;
step (2), installing a client in a host terminal of an intranet, downloading an external black and white list IP library and a login authentication program from a server, specifically, hiding the client in the background of the host terminal of the intranet for the whole time to run, and automatically starting the client along with the starting of the host terminal;
further, each time the host terminal enters a new internet connection channel, the client requires the user to perform login authentication.
Further, the host terminal downloads the updated black and white list IP library from the server each time it connects to the intranet.
Step (3), starting a central server program, matching the host terminal connected in the intranet with a white list library of the host terminal, if the matching is successful, allowing the host terminal connected in the intranet to be connected with the intranet by the server, and if the matching is unsuccessful, immediately disconnecting the host terminal connected in the intranet from the intranet;
step (4), the client automatically starts to detect the networking state of the host terminal connected in the intranet, and if the host terminal connected in the intranet is detected to have the internet connection behavior, the next step is carried out;
step (5), the server logs in and authenticates the internet connecting channel of the host terminal with the internet connecting behavior, the internet connecting channel of the host terminal is matched with a built-in external white list IP library, if the matching is successful, the client allows the networking of the host terminal, and if the matching is unsuccessful, the step (6) is executed;
step (6), the server logs in the Internet connection channel of the host terminal with the Internet connection behavior, matches the Internet connection channel of the host terminal with a self-defined white list IP library, if the matching is successful, the client allows the networking of the host terminal, tracks and records the Internet connection process of the host terminal, receives prompt information sent by the host client, and if the matching is unsuccessful, the step (7) is executed, specifically, before the client disconnects the host terminal from the intranet, the server receives an alarm from the client, and the display interface of the host client also displays the alarm from the client;
step (7), the server logs in and authenticates the internet connection channel of the host terminal with the internet connection behavior, the internet connection channel of the host terminal is matched with the external blacklist IP library, if the matching is successful, the client immediately disconnects the connection between the host terminal and the intranet, and if the matching is unsuccessful, the step (8) is executed;
and (8) the server logs in and authenticates an internet connection channel of the host terminal with the internet connection behavior, if the internet connection channel of the host terminal is not in the external white list IP library, the client immediately disconnects the host terminal from the intranet, and prompts a user whether to mark and submit the internet connection channel to the central server for auditing, and specifically, the server stores the auditing result in a self-defined external white list IP library or an external black list IP library. Further, when the audit result shows that the internet connection channel is a safe and approved link, the internet connection channel is stored in a self-defined external white list IP library, and when the audit result shows that the internet connection channel is a dangerous or abnormal link, the internet connection channel is stored in an external black list IP library;
and (9) when the host terminal connected in the intranet is disconnected from the intranet, the internet is connected, the client performs risk detection on the host terminal and the internet connection channel, and if the detection result is risky, the client immediately disconnects the host terminal from the internet.
Specifically, the host terminal monitors and records the behavior of the host in the connection process with the intranet or the extranet; the client transmits the behavior monitoring data of the host terminal to the server and the server analyzes the behavior monitoring data.
Furthermore, a webpage filtering driver is further installed in the host terminal and used for filtering links which are opened by the host terminal in a connection state with the internet and have risks, so that the networking safety of the host terminal is further protected, and the risk links hidden in the safe webpage are effectively prevented from being mistakenly clicked by a user.
The white list-based equipment connection control method comprises the steps of deploying a central server program in a server, configuring a host terminal white list library of an intranet, an external black and white list IP library and a login authentication program, starting the central server program, and performing login authentication on an internet connection channel of a host terminal successfully matched with the host terminal white list library according to the login authentication program, thereby effectively improving the safety of the host terminal when the host terminal is connected with the intranet or the internet, matching the internet connection channel after passing the authentication with the external black and white list IP library to obtain a matching signal to indicate a client to allow the host terminal corresponding to the internet connection channel after passing the authentication to be connected with the internet or disconnect the host terminal corresponding to the internet connection channel after passing the authentication from the intranet, thereby achieving the purpose of preventing illegal external connection, the client is installed in the host terminal and is automatically started along with the start of the host terminal, so that the client can always guard the host terminal, and a user cannot realize illegal external connection by actively closing the client, and the reliability and the safety of the host terminal when being connected with an intranet or the internet are further improved.
It should be understood that although the various steps in the flow charts of fig. 2-6 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-6 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps.
In an embodiment, as shown in fig. 7, a white list-based device connection control apparatus is provided, which includes a data configuration module, a first matching module, a login authentication module, and a second matching module, where the data configuration module is configured to deploy a central server program, configure a host terminal white list library, an external black and white list IP library, and a login authentication program of an intranet, the first matching module is configured to start the central server program, match a host terminal connected in the intranet with the host terminal white list library, the login authentication module is configured to perform login authentication on an internet connection channel of the host terminal successfully matched with the host terminal white list library according to the login authentication program, and the second matching module is configured to match the internet connection channel after the authentication is passed with the external black and white list IP library, so as to obtain a matching signal.
In one embodiment, the white list-based device connection control apparatus further includes a data upload module, where the data upload module is configured to, after the data configuration module deploys a central server program and configures a white list library, an external black and white list IP library, and a login authentication program of a host terminal in an intranet, upload the external black and white list IP library and the login authentication program to the host terminal in the intranet.
In one embodiment, the white list-based device connection control apparatus further includes a data auditing module, where the data auditing module is configured to, after the second matching module matches the internet connection channel that passes the authentication with the external black and white list IP library, submit the internet connection channel that does not pass the authentication in the external black and white list IP library to a server for auditing to obtain an auditing result, and store the auditing result in the external black and white list IP library.
In one embodiment, the white list-based device connection control apparatus further includes an alarm module, where the alarm module is configured to match the authenticated internet connection channel with an external black and white list IP library in the second matching module, and after obtaining a matching signal, receive alarm information from the client if obtaining the matching signal for instructing the client to disconnect the connection between the host terminal and the intranet corresponding to the authenticated internet connection channel, where the alarm information is used to prompt the user that the authenticated internet connection channel is in an abnormal state.
In one embodiment, the white list-based device connection control apparatus further includes a behavior monitoring module, where the behavior monitoring module is configured to start a central server program in the first matching module, match the host terminal connected in the intranet with the white list library of the host terminal, analyze the received behavior monitoring data to obtain an analysis result, and determine a connection state between the host terminal and the intranet or the internet according to the analysis result; the behavior monitoring data is obtained by monitoring and recording the networking process of the host by the host terminal.
The specific implementation means of the white list-based device connection control apparatus corresponds to the white list-based device connection control method, and the implementation process of the method has been described in detail above, and is not described herein again. The modules in the white list based device connection control apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
The white list-based equipment connection control device configures a host terminal white list library, an external black and white list IP library and a login authentication program of an intranet by deploying a central server program in a server, starts the central server program, and performs login authentication on an internet connection channel of a host terminal successfully matched with the host terminal white list library according to the login authentication program, thereby effectively improving the safety of the host terminal when the host terminal is connected with the intranet or the internet, matches the internet connection channel after passing the authentication with the external black and white list IP library to obtain a matching signal to indicate a client to allow the host terminal corresponding to the internet connection channel after passing the authentication to be connected with the internet or disconnect the host terminal corresponding to the internet connection channel after passing the authentication from the intranet, thereby achieving the purpose of preventing illegal external connection, the client is installed in the host terminal and is automatically started along with the start of the host terminal, so that the client can always guard the host terminal, and a user cannot realize illegal external connection by actively closing the client, and the reliability and the safety of the host terminal when being connected with an intranet or the internet are further improved.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 8. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer equipment is used for storing a white list library, an external black and white list IP library and a login authentication program of the host terminal. The network interface of the computer device is used for connecting and communicating with an external terminal through an intranet network. The computer program is executed by a processor to implement the white list based device connection control method above.
Those skilled in the art will appreciate that the architecture shown in fig. 8 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, there is provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the white list based device connection control method above when executing the computer program.
In one embodiment, a computer readable storage medium is provided, having stored thereon a computer program which, when executed by a processor, implements the white list based device connection control method above.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A white list based device connection control method, the method comprising:
deploying a central server program, and configuring a host terminal white list library, an external black and white list IP library and a login authentication program of an intranet;
starting the central server program, and matching a host terminal connected in the intranet with the white list library of the host terminal;
performing login authentication on the internet connection channel of the host terminal successfully matched with the white list library of the host terminal according to the login authentication program;
matching the Internet connection channel after passing the authentication with the external blacklist and white list IP library to obtain a matching signal; the matching signal is used for indicating a client to allow the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the internet or to disconnect the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the intranet, and the client is installed in the host terminal in the intranet and is automatically started along with the start of the host terminal.
2. The method according to claim 1, wherein the deploying central server program, after configuring the white list library of the host terminal of the intranet, the black and white list IP library of the extranet and the login authentication program, further comprises:
and uploading the external black and white list IP library and the login authentication program to a host terminal in the intranet.
3. The method of claim 1, wherein the matching the authenticated internet connection channel with the external blacklist and white list IP library to obtain a matching signal further comprises:
if the internet connection channel passing the authentication is not in the external black and white list IP library, checking the internet connection channel passing the authentication to obtain a checking result, and storing the checking result in the external black and white list IP library; and the auditing result is used for representing that the Internet connection channel after the authentication is passed is a safe or dangerous link.
4. The method of claim 1, wherein the out-linked blacklist IP repository comprises: the system comprises a built-in external white list IP library, a self-defined external white list IP library and an external black list IP library.
5. The method of claim 1, wherein the matching the authenticated internet connection channel with the external blacklist and white list IP library to obtain a matching signal further comprises:
if a matching signal for indicating the client to disconnect the connection between the host terminal corresponding to the internet connection channel passing the authentication and the intranet is obtained, receiving alarm information from the client; the alarm information is used for prompting the user that the internet connection channel after the authentication is passed is in an abnormal state.
6. The method according to claim 1, wherein after the starting the central server program and matching the host terminal connected in the intranet with the white list library of the host terminal, the method further comprises:
analyzing the received behavior monitoring data to obtain an analysis result, and judging the connection state of the host terminal and an intranet or the internet according to the analysis result; and the behavior monitoring data is obtained by monitoring and recording the networking process of the host by the host terminal.
7. The method according to claim 1, wherein a web page filter driver is installed in the host terminal; the webpage filtering driver is used for filtering the links which are opened by the host terminal and have risks when the host terminal is connected with the Internet.
8. A white list-based device connection control apparatus, comprising:
the data configuration module is used for deploying a central server program, and configuring a host terminal white list library, an external black and white list IP library and a login authentication program of an intranet;
the first matching module is used for starting the central server program and matching the host terminal connected in the intranet with the host terminal white list library;
the login authentication module is used for performing login authentication on the internet connection channel of the host terminal successfully matched with the white list library of the host terminal according to the login authentication program;
the second matching module is used for matching the Internet connection channel after passing the authentication with the external blacklist and white list IP library to obtain a matching signal; the matching signal is used for indicating a client to allow the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the internet or to disconnect the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the intranet, and the client is installed in the host terminal of the intranet and is automatically started along with the start of the host terminal.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111363405.8A CN114257407B (en) | 2021-11-17 | 2021-11-17 | Equipment connection control method and device based on white list and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111363405.8A CN114257407B (en) | 2021-11-17 | 2021-11-17 | Equipment connection control method and device based on white list and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114257407A true CN114257407A (en) | 2022-03-29 |
| CN114257407B CN114257407B (en) | 2023-09-19 |
Family
ID=80792694
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111363405.8A Active CN114257407B (en) | 2021-11-17 | 2021-11-17 | Equipment connection control method and device based on white list and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114257407B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114866318A (en) * | 2022-05-05 | 2022-08-05 | 金祺创(北京)技术有限公司 | Threat intelligence correlation analysis method and system based on user key service network security flow |
| CN116471067A (en) * | 2023-04-06 | 2023-07-21 | 华能信息技术有限公司 | Host external connection risk detection method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015196664A1 (en) * | 2014-06-27 | 2015-12-30 | 中兴通讯股份有限公司 | Wireless routing device and method for preventing use of network for free, and computer storage medium |
| CN105592003A (en) * | 2014-10-22 | 2016-05-18 | 北京拓尔思信息技术股份有限公司 | Cross-domain single sign-on method and system based on notification |
| WO2017214818A1 (en) * | 2016-06-13 | 2017-12-21 | 刘文婷 | Member passing authentication method and system for wireless network access device |
| CN110691083A (en) * | 2019-09-26 | 2020-01-14 | 杭州安恒信息技术股份有限公司 | External connection blocking method based on process |
| CN111385285A (en) * | 2019-12-30 | 2020-07-07 | 杭州迪普科技股份有限公司 | Method and device for preventing illegal external connection |
| CN112235265A (en) * | 2020-09-29 | 2021-01-15 | 上海药明康德新药开发有限公司 | System and method for external network to access project progress |
-
2021
- 2021-11-17 CN CN202111363405.8A patent/CN114257407B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015196664A1 (en) * | 2014-06-27 | 2015-12-30 | 中兴通讯股份有限公司 | Wireless routing device and method for preventing use of network for free, and computer storage medium |
| CN105592003A (en) * | 2014-10-22 | 2016-05-18 | 北京拓尔思信息技术股份有限公司 | Cross-domain single sign-on method and system based on notification |
| WO2017214818A1 (en) * | 2016-06-13 | 2017-12-21 | 刘文婷 | Member passing authentication method and system for wireless network access device |
| CN110691083A (en) * | 2019-09-26 | 2020-01-14 | 杭州安恒信息技术股份有限公司 | External connection blocking method based on process |
| CN111385285A (en) * | 2019-12-30 | 2020-07-07 | 杭州迪普科技股份有限公司 | Method and device for preventing illegal external connection |
| CN112235265A (en) * | 2020-09-29 | 2021-01-15 | 上海药明康德新药开发有限公司 | System and method for external network to access project progress |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114866318A (en) * | 2022-05-05 | 2022-08-05 | 金祺创(北京)技术有限公司 | Threat intelligence correlation analysis method and system based on user key service network security flow |
| CN116471067A (en) * | 2023-04-06 | 2023-07-21 | 华能信息技术有限公司 | Host external connection risk detection method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114257407B (en) | 2023-09-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12026261B2 (en) | Quarantine of software by an evaluation server based on authenticity analysis of user device data | |
| CN109583193B (en) | System and method for cloud detection, investigation and elimination of target attacks | |
| US8443439B2 (en) | Method and system for mobile network security, related network and computer program product | |
| US20190354709A1 (en) | Enforcement of same origin policy for sensitive data | |
| US7712137B2 (en) | Configuring and organizing server security information | |
| US7877795B2 (en) | Methods, systems, and computer program products for automatically configuring firewalls | |
| AU2019246773B2 (en) | Systems and methods of risk based rules for application control | |
| CN110691083B (en) | External connection blocking method based on process | |
| US20160378994A1 (en) | Systems and methods of risk based rules for application control | |
| EP2850803B1 (en) | Integrity monitoring to detect changes at network device for use in secure network access | |
| CN114257407B (en) | Equipment connection control method and device based on white list and computer equipment | |
| CN107959673B (en) | Abnormal login detection method and device, storage medium and computer equipment | |
| Raveendranath et al. | Android malware attacks and countermeasures: Current and future directions | |
| US11803647B2 (en) | Computer system vulnerability lockdown mode | |
| CN112653655A (en) | Automobile safety communication control method and device, computer equipment and storage medium | |
| US11916953B2 (en) | Method and mechanism for detection of pass-the-hash attacks | |
| Chatzoglou et al. | Wif0: All your passphrase are belong to us | |
| CN114928564A (en) | Function verification method and device of security component | |
| US11757975B1 (en) | Systems and methods for monitoring a file download | |
| Gudipati et al. | Detection of Trojan Horses by the analysis of system behavior and data packets | |
| US8613091B1 (en) | Method and apparatus for creating a secure anywhere system | |
| Min et al. | Design and analysis of a new feature-distributed malware | |
| Liu | Ethical Hacking of a Smart Video Doorbell | |
| CN110399718B (en) | Remote penetration evidence obtaining method for industrial control system | |
| Thangavel et al. | Threats and vulnerabilities of mobile applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |