CN114257407B - Equipment connection control method and device based on white list and computer equipment - Google Patents
Equipment connection control method and device based on white list and computer equipment Download PDFInfo
- Publication number
- CN114257407B CN114257407B CN202111363405.8A CN202111363405A CN114257407B CN 114257407 B CN114257407 B CN 114257407B CN 202111363405 A CN202111363405 A CN 202111363405A CN 114257407 B CN114257407 B CN 114257407B
- Authority
- CN
- China
- Prior art keywords
- host terminal
- library
- white list
- authentication
- intranet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application relates to a device connection control method, a device, a computer device and a storage medium based on a white list. Starting a central server program, carrying out login authentication on an internet connection channel of a host terminal successfully matched with a white list library of the host terminal according to the login authentication program, improving the safety of the host terminal when the host terminal is connected with an intranet or the internet, matching the internet connection channel after the authentication is passed with an external blacklist IP library to obtain a matching signal so as to instruct a client to allow or disconnect the connection of the host terminal corresponding to the internet connection channel after the authentication is passed with the internet, achieving the aim of preventing illegal external connection, simultaneously, installing the client in the host terminal, and self-starting along with the starting of the host terminal, so that the client can always protect the host terminal, and users cannot realize illegal external connection by actively closing the client, thereby further improving the reliability and safety of the host terminal when the host terminal is connected with the intranet or the internet.
Description
Technical Field
The present application relates to the field of digital information transmission technologies, and in particular, to a device connection control method and apparatus based on a white list, a computer device, and a storage medium.
Background
With the rapid development of the information networking age, computers have spread throughout various fields in daily life, becoming an indispensable tool in information society. The computer can be used for realizing the functions of information acquisition, transmission and the like, but is accompanied with some network security threats, such as virus invasion, hacker attack and the like.
At present, the occurrence of the lux virus is a huge potential safety hazard faced by computers and even internal networks, and users can cause the lux virus to enter the internal networks through forms of email spot and advertisement popularization and the like. Once the lux virus invades one computer in the intranet, 139 and 445 ports of all hosts in the intranet are continuously detected by starting an abnormal process or injecting a normal process. At this time, if the port is opened or a corresponding patch is not installed, the virus will quickly permeate into another computer until all hosts in the intranet are infected; or the malicious script is downloaded by being externally connected to the malicious address and started in the computer, so that all documents in the intranet are encrypted or resources such as CPU, memory and the like are exhausted.
Based on this, a method of monitoring the process external connection condition is often adopted, that is, the transmission of the lux virus in the intranet is prevented by blocking the abnormal external connection behavior of the process. However, this method has a problem of incomplete blocking of abnormal processes, resulting in poor safety and unreliable use.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a whitelist-based device connection control method, apparatus, computer device, and storage medium that can improve security and reliability of a host terminal in connection with an intranet or the internet.
A whitelist-based device connection control method, the method comprising:
deploying a central server program, and configuring a host terminal white list library, an external black and white list IP library and a login authentication program of an intranet;
starting a central server program, and matching a host terminal connected in an intranet with the host terminal white list library;
performing login authentication on an internet connection channel of the host terminal successfully matched with the host terminal white list library according to the login authentication program;
and matching the internet connection channel after passing the authentication with the external blacklist IP library to obtain a matching signal, wherein the matching signal is used for indicating a client to allow the connection between a host terminal corresponding to the internet connection channel after passing the authentication and the internet or disconnecting the connection between the host terminal corresponding to the internet connection channel after passing the authentication and an intranet, and the client is installed in the host terminal in the intranet and is started automatically along with the starting of the host terminal.
In one embodiment, after the deploying the central server program configures the white list library, the external black and white list IP library and the login authentication program of the host terminal of the intranet, the deploying further includes:
and uploading the external black-and-white list IP library and the login authentication program to a host terminal in the intranet.
In one embodiment, after the matching is performed between the internet connection channel after the authentication is passed and the external blacklist and whitelist IP library, the matching signal is obtained, the method further includes:
if the internet connection channel after the authentication is passed is not in the external black-and-white list IP library, checking the internet connection channel after the authentication is passed to obtain a checking result, and storing the checking result in the external black-and-white list IP library, wherein the checking result is used for representing that the internet connection channel after the authentication is passed is a safe or dangerous link.
In one embodiment, the externally connected black-and-white list IP library includes: the system comprises a built-in external white list IP library, a self-defined external white list IP library and an external black list IP library.
In one embodiment, after the matching is performed between the internet connection channel after the authentication is passed and the external blacklist and whitelist IP library, the matching signal is obtained, the method further includes:
And if a matching signal for indicating the client to disconnect the connection between the host terminal and the intranet corresponding to the internet connection channel after the authentication is passed is obtained, receiving alarm information from the client, wherein the alarm information is used for prompting a user that the internet connection channel after the authentication is passed is in an abnormal state.
In one embodiment, after the starting the central server program matches the host terminal connected in the intranet with the host terminal whitelist, the starting central server program further includes:
and analyzing the received behavior monitoring data to obtain an analysis result, judging the connection state of the host terminal and the intranet or the Internet according to the analysis result, wherein the behavior monitoring data is obtained by monitoring and recording the networking process of the host by the host terminal.
In one embodiment, a web page filtering driver is installed in the host terminal, and the web page filtering driver is used for filtering links, which are open by the host terminal in a connection state with the internet and have risks.
A whitelist-based device connection control apparatus, the apparatus comprising:
the data configuration module is used for deploying a central server program, configuring a host terminal white list library of an intranet, an external black-and-white list IP library and a login authentication program;
The first matching module is used for starting the central server program and matching a host terminal connected in the intranet with the host terminal white list library;
the login authentication module is used for performing login authentication on the internet connection channel of the host terminal successfully matched with the host terminal white list library according to the login authentication program;
the second matching module is used for matching the internet connection channel after passing the authentication with the external blacklist IP library to obtain a matching signal, the matching signal is used for indicating the client to allow the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the internet, or disconnecting the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the intranet, and the client is installed in the host terminal in the intranet and is started automatically along with the starting of the host terminal.
A computer device comprising a memory storing a computer program and a processor implementing the steps of any one of the methods described above when the processor executes the computer program.
A computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method of any of the preceding claims.
According to the device connection control method, the device, the computer device and the storage medium based on the white list, the central server program is arranged in the server, the host terminal white list library, the external black list IP library and the login authentication program of the intranet are configured, the central server program is started, the login authentication is carried out on the Internet connection channel of the host terminal successfully matched with the host terminal white list library according to the login authentication program, the safety of the host terminal when the host terminal is connected with the intranet or the Internet is effectively improved, the authenticated Internet connection channel is matched with the external black list IP library to obtain a matching signal, so that the client is indicated to allow the connection of the host terminal corresponding to the authenticated Internet connection channel with the Internet, or the connection of the host terminal corresponding to the authenticated Internet connection channel with the intranet is disconnected, the aim of preventing illegal external connection is achieved, meanwhile, the client is installed in the host terminal, the client can always guard the host terminal along with the starting of the host terminal, the user cannot realize illegal external connection through the active closing of the client, and the reliability of the host terminal when the host terminal is connected with the intranet or the Internet is further improved.
Drawings
FIG. 1 is an application environment diagram of a whitelist-based device connection control method in one embodiment;
FIG. 2 is a flow chart of a method of whitelist-based device connection control in one embodiment;
fig. 3 is a flowchart of a device connection control method based on a white list in another embodiment;
fig. 4 is a flowchart of a device connection control method based on a white list in yet another embodiment;
FIG. 5 is a flowchart of a method for controlling device connection based on a white list according to yet another embodiment;
FIG. 6 is a flow diagram of a method of whitelist-based device connection control in one embodiment;
FIG. 7 is a diagram of a white list based device connection control apparatus in one embodiment;
fig. 8 is an internal structural diagram of a computer device in one embodiment.
Description of the embodiments
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The device connection control method based on the white list provided by the application is generally that the device is generally a network device, and the network device can comprise a computer (whether a personal computer or a server), a hub, a switch, a network bridge, a router, a gateway, a Network Interface Card (NIC), a Wireless Access Point (WAP), a printer, a modem, an optical fiber transceiver, an optical cable and the like. The method may be applied in an application environment as shown in fig. 1. Wherein, the host terminal 101 and the central server 102 communicate through an intranet. The central server 102 is configured with a host terminal white list library of an intranet, an external black-and-white list IP library and a login authentication program, firstly, the host terminal 101 connected in the intranet is matched with the host terminal white list library configured in the central server 102, then, the login authentication is performed on an internet connection channel of the host terminal 101 successfully matched with the host terminal white list library according to the login authentication program configured in the central server 102, and finally, the internet connection channel after the authentication is passed is matched with the external black-and-white list IP library configured in the central server 102. It is to be noted that a client is also installed in the host terminal 101. The host terminal 101 may be, but not limited to, various personal computers, notebook computers, tablet computers, smartphones, etc., and the central server 102 may be implemented as a stand-alone server or a server cluster composed of a plurality of servers.
In one embodiment, as shown in fig. 2, there is provided a device connection control method based on a white list, including the steps of:
step S100: and deploying a central server program, and configuring a host terminal white list library, an external black and white list IP library and a login authentication program of an intranet.
Specifically, the step may be executed by a server, where the server communicates with the host terminal through an intranet, and in the data configuration process of the server, the server deploys a central server program to configure a white list library, an external black-and-white list IP library and a login authentication program of the host terminal of the intranet. Further, the host terminal white list library of the intranet refers to a set of address information of host terminals allowed by the server and capable of being directly connected with the intranet, and it can be understood that the host terminals of the address information contained in the host terminal white list library can be preferentially connected with the intranet and cannot be blocked by the server as abnormal addresses, so that the connection process of the host terminals and the intranet is safer and faster. In addition, the externally connected black-and-white list IP library refers to the sum of the IP addresses of legal and illegal Internet connection channels, and the server can block or release the Internet connection channels with the host terminal through the list IP library, so that the safety of the communication process between the server and the host terminal is improved. Generally, the login authentication procedure guarantees security by confirming identity information of a terminal to be authenticated, and currently common login authentication methods include cookie+session login, token login, SSO single sign-on, OAuth third party login, and the like.
In this embodiment, the login authentication procedure adopts MFA (Multi-factor authentication ), which is a method for performing identity authentication in a computer system, and a user needs to check two or more authentication means to access a resource. Meanwhile, compared with the traditional single Password authentication, the method has stronger security, and the MFA can rotate the most satisfactory or proper algorithm according to actual needs, such as an HOTP (HMAC-based One-Time Password) algorithm, a TOTP (Time-based One-Time Password) algorithm, a One-Time Password algorithm based on a Time stamp algorithm and the like.
Further, in this embodiment, a TOTP algorithm is optionally applied to the mfA, where the TOTP algorithm is a time-based one-time password algorithm, and the one-time password is calculated according to a pre-shared key and the current time, so that the TOTP algorithm has good compatibility.
Step S300: and starting a central server program, and matching the host terminal connected in the intranet with a host terminal white list library.
Specifically, the central server program is stored in the server, and after the central server program is started, the server matches the host terminal connected in the intranet with the host terminal white list library configured by the server. The specific process of matching can be as follows: checking whether the address information of the host terminal exists in a white list library of the host terminal, if so, considering that the matching is successful, and allowing the current host terminal to continue to be connected with the intranet by the server at the moment; if not, considering that the current host terminal is possibly an illegal external connection device, the server can immediately disconnect the current host terminal from the intranet.
Step S500: and carrying out login authentication on the Internet connection channel of the host terminal successfully matched with the white list of the host terminal according to the login authentication program.
Specifically, the host terminal successfully matched with the host terminal white list library can generate an action signal for connecting with the internet, and at the moment, the login authentication program stored in the server can perform login authentication on the current internet connection channel so as to ensure the security of the connection between the host terminal and the internet. Further, in this embodiment, the login authentication procedure is restarted every time the host terminal enters an internet connection channel, and login authentication is performed on the current internet connection channel.
Step S700: and matching the internet connection channel after passing the authentication with an external blacklist IP library to obtain a matching signal.
The matching signal is used for indicating that the client side allows the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the internet, or disconnects the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the intranet, and the client side is installed in the host terminal in the intranet and is started automatically along with the starting of the host terminal. Specifically, after performing login authentication on an internet connection channel of a host terminal, the server matches the internet connection channel with an externally-connected blacklist IP library stored in the server to obtain a matching signal. The obtained matching signals are different according to different matching results or different matching objects. For example, a specific matching process may be: checking whether the IP address of the internet connection channel after passing the authentication exists in an external blacklist IP library, if so, obtaining a matching signal for indicating that the client side allows the host terminal corresponding to the internet connection channel after passing the authentication to be connected with the internet, and if not, obtaining a matching signal for disconnecting the host terminal corresponding to the internet connection channel after passing the authentication from being connected with the intranet.
Alternatively, when the external black-and-white list IP library includes an external black-and-list IP library and an external white-list IP library, the specific matching process may be: checking whether the IP address of the internet connection channel after passing the authentication exists in an external blacklist IP library, if so, obtaining a matching signal for indicating the client to disconnect the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the intranet, or checking whether the IP address of the internet connection channel after passing the authentication exists in the external blacklist IP library, and if so, obtaining a matching signal for indicating the client to allow the host terminal corresponding to the internet connection channel after passing the authentication to be connected with the internet. The client is installed in a host terminal in an intranet and is self-started along with the starting of the host terminal, and it can be understood that the client can be hidden in the background operation of the host terminal in the whole course in the operation process of the host terminal, so that the host terminal can be always protected, and illegal external connection caused by actively closing the client by a user can be avoided.
In one embodiment, as shown in fig. 3, after step S100, the whitelist-based device connection control method further includes step S200.
Step S200: and uploading the externally connected black-and-white list IP library and the login authentication program to a host terminal in an intranet.
Specifically, the server will upload the externally-configured black-and-white list IP library and the login authentication program to the host terminal in the intranet, where the host terminal can directly download and use the login authentication program, and at the same time, a client will be installed in the host terminal, and the client will be started automatically along with the start of the host terminal. And, every time the host terminal connects with the intranet, the updated external black-and-white list IP library is downloaded from the server. It is understood that the updated external black-and-white list IP library is a direct overlay to the pre-updated external black-and-white list IP library. Therefore, even if the host terminal connected in the intranet is disconnected with the intranet, the host terminal can still log in and authenticate the connected internet channel, and the security of the host terminal in the connection process with the internet under the condition of being disconnected with the intranet is effectively improved.
In one embodiment, the inline black-and-white list IP library includes: the system comprises a built-in external white list IP library, a self-defined external white list IP library and an external black list IP library.
Specifically, the data in the built-in externally connected whitelist IP library is fixed (i.e. modification is not allowed), while the custom externally connected whitelist IP library is equivalent to the supplement of the data in the built-in externally connected whitelist IP library, and the data sources of the externally connected blacklist IP library can include the built-in IP address of the administrator when the intranet is built, the IP address audited as the externally connected blacklist during the operation of the intranet, and the IP address added to the externally connected blacklist IP library actively by the user. Furthermore, the customized external white list IP library can be updated after being checked by the central server, and the checking mode comprises automatic scanning of antivirus software, manual detection of a network security programmer and the like. In the embodiment, by pre-constructing and updating the external black-and-white list IP library in real time, the user can be prevented from adding the links with risks at will, and the reliability and the safety of blocking illegal external connections can be improved.
In one embodiment, as shown in fig. 4, after step S700, the control method for network device connection further includes step S800.
Step S800: if the internet connection channel after the authentication is passed is not in the external black-and-white list IP library, checking the internet connection channel after the authentication is passed to obtain a checking result, and storing the checking result in the external black-and-white list IP library.
The auditing result is used for representing that the internet connection channel is a safe or dangerous link after passing the authentication. Specifically, firstly, judging whether an internet connection channel passing authentication exists in a built-in external whitelist IP library, and if the internet connection channel exists in the built-in external whitelist IP library, allowing a host terminal to be connected with the internet by a client. If the internet connection channel does not exist in the built-in externally connected white list IP library, checking whether the internet connection channel exists in the self-defined externally connected white list IP library, if the internet connection channel exists in the self-defined externally connected white list IP library, allowing the host terminal to be connected with the internet by the client, tracking and recording the secondary networking process of the host terminal, and simultaneously, receiving prompt information about the secondary networking state of the host terminal by the server from the host client. It is understood that the host client herein may be a display. If the internet connection channel does not exist in the customized external blacklist IP library, checking whether the internet connection channel exists in the external blacklist IP library, and if the internet connection channel exists in the external blacklist IP library, immediately disconnecting the connection between the host terminal and the intranet by the client; if the internet connection channel does not exist in the external blacklist IP library, it is indicated that the internet connection channel is not in the external blacklist IP library, and may be a safe internet connection channel or a dangerous internet connection channel. At this time, the client terminal immediately disconnects the host terminal from the intranet, and sends a prompt message to the user, prompting the user whether to mark the internet connection channel and submit the marked information to the server for auditing.
If the user selects to mark and submit the Internet connection channel, the server can audit the Internet connection channel submitted by the user and store the audit result in the external blacklist IP library. It will be appreciated that the results of the audit may be stored in a custom out-whitelist IP library when they indicate that the internet connection is a secure and approved link, and in an out-blacklist IP library when they indicate that the internet connection is a dangerous or abnormal link. If the user does not mark and submit the internet connection channel all the time, the connection between the host terminal and the intranet is always in a disconnected state. The reliability and the security of the host terminal in the process of connecting with the intranet or the Internet are improved.
Further, in this embodiment, when the host terminal is disconnected from the intranet and there is a need for connecting to the internet, the client may perform risk detection on a connection channel between the host terminal and the internet, and if the connection channel between the host terminal and the internet is at risk, the client may immediately disconnect the connection between the host terminal and the internet, so as to further ensure the security of the host terminal when the host terminal is disconnected from the intranet and connected to the internet.
In one embodiment, as shown in fig. 5, after step S700, the whitelist-based device connection control method further includes step S900.
Step S900: and if a matching signal for indicating the client to disconnect the connection between the host terminal and the intranet corresponding to the internet connection channel after the client passes the authentication is obtained, receiving alarm information from the client.
The alarm information is used for prompting the user that the internet connection channel is in an abnormal state after the authentication is passed. Specifically, when the IP address of the internet connection channel of the host terminal is included in the external blacklist IP library or is not included in the external blacklist IP library, it indicates that the internet connection channel may be illegally linked, the client may immediately disconnect the connection between the host terminal and the intranet, at this time, the client may send alarm information to the server, and the host client may also receive alarm information from the client. It will be appreciated that the client may be considered a user, the host client may be considered a display, etc. The reliability and the safety of the host terminal when being connected with the intranet or the extranet are further improved.
In one embodiment, after step S300, the whitelist-based device connection control method further includes step 400.
Step 400: and analyzing the received behavior monitoring data to obtain an analysis result, and judging the connection state of the host terminal and the intranet or the Internet according to the analysis result.
The behavior monitoring data are obtained by monitoring and recording the networking process of the host by the host terminal. Specifically, after the central server is started, the host terminal monitors and records the behavior of the whole connection process of the host and the intranet or the internet, wherein the host terminal can be understood to mean a security program such as monitoring software installed inside the host, and the like. Meanwhile, the client side can send the monitoring data of the host terminal to the server for analysis, so that abnormal connection behaviors of the host terminal can be found in time, and the safety of the host terminal when being connected with an intranet or the Internet is further ensured.
In one embodiment, a web page filtering driver is further installed in the host terminal of the intranet, and is used for filtering links, which are open by the host terminal in a connection state with the internet and have risks.
Specifically, intercepting the dangerous link in the secure webpage can further protect the networking security of the host terminal, so that the dangerous link hidden in the secure webpage by a user error point is effectively prevented, a webpage filtering driver can be installed in the host terminal, and other secure software with the same intercepting function can also be used.
With reference to fig. 6, in order to more clearly understand the present solution, the following detailed explanation is made in connection with a specific embodiment. In one embodiment, the device connection control method based on the white list includes:
the method comprises the following steps of (1) deploying a central server program, and configuring a host terminal white list library, an external black list IP library and a login authentication program of an intranet, wherein the external black list IP library comprises an internal external white list IP library and a self-defined external white list IP library and an external black list IP library;
step (2), installing a client in a host terminal of an intranet, downloading an external blacklist IP library and a login authentication program from a server, specifically, hiding the client in the background operation of the host terminal of the intranet in the whole course, and automatically starting along with the starting of the host terminal;
further, the client requires the user to perform login authentication every time the host terminal enters a new internet connection channel.
Further, the host terminal downloads the updated black-and-white list IP library from the server every time it is connected to the intranet.
Step (3), starting a central server program, matching a host terminal connected in an intranet with a host terminal white list library, if the matching is successful, allowing the host terminal connected in the intranet to be connected with the intranet by a server, and if the matching is unsuccessful, immediately disconnecting the host terminal connected in the intranet from the intranet;
Step (4), the client automatically starts to detect the networking state of the host terminal connected in the intranet, and if the host terminal connected in the intranet is detected to have the internet connection behavior, the next step is carried out;
step (5), the server carries out login authentication on an internet connection channel of the host terminal with internet connection behavior, matches the internet connection channel of the host terminal with a built-in external white list IP library, allows the secondary networking of the host terminal if matching is successful, and executes step (6) if matching is unsuccessful;
step (6), the server carries out login authentication on an internet connection channel of a host terminal with internet connection behavior, the internet connection channel of the host terminal is matched with a self-defined externally-connected white list IP library, if the matching is successful, the client side allows the secondary networking of the host terminal, tracks and records the secondary internet connection process of the host terminal, the server also receives prompt information sent by the host client side, if the matching is unsuccessful, step (7) is executed, specifically, before the host terminal is disconnected from an intranet by the client side, the server receives an alarm from the client side, and the alarm from the client side is also displayed on a display interface of the host client side;
Step (7), the server carries out login authentication on an internet connection channel of the host terminal with internet connection behavior, matches the internet connection channel of the host terminal with an external blacklist IP library, if the matching is successful, the client terminal immediately disconnects the connection between the host terminal and the intranet, and if the matching is unsuccessful, the step (8) is executed;
and (8) the server performs login authentication on the Internet connection channel of the host terminal with Internet connection behavior, if the Internet connection channel of the host terminal is not in the externally-connected black-and-white list IP library, the client immediately disconnects the host terminal from the intranet, prompts a user whether to mark and submit the Internet connection channel to the central server for auditing, and specifically, the server stores the auditing result in the self-defined externally-connected white list IP library or the externally-connected black list IP library. Further, when the auditing result indicates that the internet connection channel is a safe and approved link, the auditing result is stored in a custom external blacklist IP library, and when the auditing result indicates that the internet connection channel is a dangerous or abnormal link, the auditing result is stored in an external blacklist IP library;
And (9) performing Internet connection after the host terminal connected in the intranet is disconnected from the intranet, and performing risk detection on the host terminal and the Internet connection channel by the client, wherein if the detection result is that the risk exists, the client immediately disconnects the host terminal from the Internet.
Specifically, the host terminal monitors and records the behavior of the host in the process of connecting with the intranet or the extranet; the client transmits the behavior monitoring data of the host terminal to the server and the server analyzes the behavior monitoring data.
Further, a webpage filtering driver is further installed in the host terminal and used for filtering risk links opened by the host terminal in a connection state with the Internet, so that the networking safety of the host terminal is further protected, and the risk links hidden in the safe webpage by the user error points are effectively prevented.
According to the equipment connection control method based on the white list, the central server program is deployed in the server, the host terminal white list library, the external black list IP library and the login authentication program of the intranet are configured, the central server program is started, the login authentication is carried out on the Internet connection channel of the host terminal successfully matched with the host terminal white list library according to the login authentication program, the safety of the host terminal when the host terminal is connected with the intranet or the Internet is effectively improved, the Internet connection channel after passing the authentication is matched with the external black list IP library to obtain a matching signal, so that the client is indicated to allow the connection between the host terminal corresponding to the Internet connection channel after passing the authentication and the Internet, or the connection between the host terminal corresponding to the Internet connection channel after passing the authentication and the intranet is disconnected, the purpose of preventing illegal external connection is achieved, meanwhile, the client is installed in the host terminal, the client is automatically started along with the starting of the host terminal, the client can be always protected, and the reliability and the safety of the host terminal when the host terminal is connected with the intranet or the Internet are further improved by actively closing the client.
It should be understood that, although the steps in the flowcharts of fig. 2-6 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 2-6 may include multiple steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the steps or stages in other steps or other steps.
In one embodiment, as shown in fig. 7, a device connection control apparatus based on a white list is provided, including a data configuration module, a first matching module, a login authentication module and a second matching module, where the data configuration module is configured to deploy a central server program, configure a host terminal white list library of an intranet, an external black-and-white list IP library and a login authentication program, the first matching module is configured to start the central server program, match a host terminal connected in the intranet with the host terminal white list library, the login authentication module is configured to perform login authentication on an internet connection channel of a host terminal successfully matched with the host terminal white list library according to the login authentication program, and the second matching module is configured to match the internet connection channel after authentication with the external black-and-white list IP library, so as to obtain a matching signal.
In one embodiment, the device connection control apparatus based on the white list further includes a data uploading module, where the data uploading module is configured to, after the data configuration module deploys the central server program and configures the white list library, the external black-and-white list IP library and the login authentication program of the host terminal of the intranet, upload the external black-and-white list IP library and the login authentication program to the host terminal of the intranet.
In one embodiment, the device connection control device based on the white list further includes a data auditing module, where the data auditing module is configured to, after the second matching module matches the authenticated internet connection channel with the external blacklist IP library, send the authenticated internet connection channel that is not in the external blacklist IP library to the server for auditing, obtain an auditing result, and store the auditing result in the external blacklist IP library.
In one embodiment, the device connection control device based on the white list further includes an alarm module, where the alarm module is configured to, after the second matching module matches the authenticated internet connection channel with the external blacklist IP library to obtain a matching signal, if a matching signal for instructing the client to disconnect the connection between the host terminal and the intranet corresponding to the authenticated internet connection channel is obtained, receive alarm information from the client, where the alarm information is used to prompt the user that the authenticated internet connection channel is in an abnormal state.
In one embodiment, the device connection control device based on the white list further includes a behavior monitoring module, where the behavior monitoring module is configured to, after the first matching module starts the central server program and matches the host terminal connected in the intranet with the white list library of host terminals, analyze the received behavior monitoring data to obtain an analysis result, and determine a connection state between the host terminal and the intranet or the internet according to the analysis result; the behavior monitoring data are obtained by monitoring and recording the networking process of the host computer by the host computer terminal.
The specific implementation means of the device connection control apparatus based on the white list corresponds to the device connection control method based on the white list, and the implementation process of the method has been described in detail above, which is not repeated herein. The above-mentioned each module in the device connection control apparatus based on the white list may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
According to the device connection control device based on the white list, the central server program is deployed in the server, the host terminal white list library, the external black list IP library and the login authentication program of the intranet are configured, the central server program is started, the login authentication is carried out on the Internet connection channel of the host terminal successfully matched with the host terminal white list library according to the login authentication program, the safety of the host terminal when the host terminal is connected with the intranet or the Internet is effectively improved, the Internet connection channel after passing the authentication is matched with the external black list IP library to obtain a matching signal, so that the client is indicated to allow the connection between the host terminal corresponding to the Internet connection channel after passing the authentication and the Internet, or the connection between the host terminal corresponding to the Internet connection channel after passing the authentication and the intranet is disconnected, the purpose of preventing illegal external connection is achieved, meanwhile, the client is installed in the host terminal, the client is automatically started along with the starting of the host terminal, the client can be always guarded, and a user cannot realize illegal external connection by actively closing the client, so that the reliability and the safety of the host terminal when the host terminal is connected with the intranet or the Internet are further improved.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 8. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer equipment is used for storing a white list library of the host terminal, an external black and white list IP library and a login authentication program. The network interface of the computer device is used for communicating with an external terminal through an intranet network connection. The computer program, when executed by a processor, implements the whitelist-based device connection control method above.
It will be appreciated by those skilled in the art that the structure shown in FIG. 8 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory, and a processor, the memory having stored therein a computer program, the processor implementing the whitelist-based device connection control method above when the computer program is executed.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which when executed by a processor implements the whitelist-based device connection control method above.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, or the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (10)
1. A white list-based device connection control method, the method comprising:
deploying a central server program, and configuring a host terminal white list library, an external black and white list IP library and a login authentication program of an intranet;
starting the central server program, and matching a host terminal connected in the intranet with the host terminal white list library;
Performing login authentication on an internet connection channel of the host terminal successfully matched with the host terminal white list library according to the login authentication program;
matching the internet connection channel after passing the authentication with the external blacklist IP library to obtain a matching signal; the matching signal is used for indicating a client to allow the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the internet, or disconnect the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the intranet, and the client is installed in the host terminal in the intranet and is started automatically along with the starting of the host terminal;
if the internet connection channel after the authentication is passed is not in the external black-and-white list IP library, checking the internet connection channel after the authentication is passed to obtain a checking result, and storing the checking result in the external black-and-white list IP library; the auditing result is used for representing that the internet connection channel after the authentication is passed is a safe or dangerous link.
2. The method according to claim 1, wherein the deploying the central server program, configuring the intranet host terminal whitelist library, the extranet whitelist IP library, and the login authentication program includes:
The login authentication program adopts multi-factor authentication, and a TOTP algorithm is selected to be applied to the multi-factor authentication.
3. The method according to claim 1, wherein after the deploying the central server program, configuring the white list library, the external black list IP library and the login authentication program of the host terminal of the intranet, the method further comprises:
and uploading the external black-and-white list IP library and the login authentication program to a host terminal in the intranet.
4. The method of claim 1, wherein the inline black-and-white list IP library comprises: the system comprises a built-in external white list IP library, a self-defined external white list IP library and an external black list IP library.
5. The method of claim 1, wherein after the matching the internet connection channel after the authentication is passed with the external blacklist IP library to obtain a matching signal, further comprising:
if a matching signal for indicating the client to disconnect the connection between the host terminal and the intranet corresponding to the internet connection channel after the authentication is passed is obtained, receiving alarm information from the client; the alarm information is used for prompting the user that the internet connection channel is in an abnormal state after the authentication is passed.
6. The method of claim 1, wherein after the central server program is started to match the host terminals connected in the intranet with the white list library of host terminals, further comprising:
analyzing the received behavior monitoring data to obtain an analysis result, and judging the connection state of the host terminal and the intranet or the Internet according to the analysis result; and the behavior monitoring data is obtained by monitoring and recording the networking process of the host by the host terminal.
7. The method of claim 1, wherein a web page filter driver is installed in the host terminal; the web page filtering driver is used for filtering links, which are open by the host terminal and are at risk, in a connection state with the Internet.
8. A white list-based device connection control apparatus, comprising:
the data configuration module is used for deploying a central server program, configuring a host terminal white list library of an intranet, an external black-and-white list IP library and a login authentication program;
the first matching module is used for starting the central server program and matching a host terminal connected in the intranet with the host terminal white list library;
The login authentication module is used for performing login authentication on the internet connection channel of the host terminal successfully matched with the host terminal white list library according to the login authentication program;
the second matching module is used for matching the internet connection channel after passing the authentication with the external blacklist IP library to obtain a matching signal; the matching signal is used for indicating a client to allow the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the internet, or disconnect the connection between the host terminal corresponding to the internet connection channel after passing the authentication and the intranet, and the client is installed in the host terminal of the intranet and is started automatically along with the starting of the host terminal;
the channel auditing module is used for auditing the internet connection channel after the authentication is passed if the internet connection channel after the authentication is passed is not in the external black-and-white list IP library, obtaining an auditing result and storing the auditing result in the external black-and-white list IP library; the auditing result is used for representing that the internet connection channel after the authentication is passed is a safe or dangerous link.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111363405.8A CN114257407B (en) | 2021-11-17 | 2021-11-17 | Equipment connection control method and device based on white list and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111363405.8A CN114257407B (en) | 2021-11-17 | 2021-11-17 | Equipment connection control method and device based on white list and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114257407A CN114257407A (en) | 2022-03-29 |
| CN114257407B true CN114257407B (en) | 2023-09-19 |
Family
ID=80792694
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111363405.8A Active CN114257407B (en) | 2021-11-17 | 2021-11-17 | Equipment connection control method and device based on white list and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114257407B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114866318A (en) * | 2022-05-05 | 2022-08-05 | 金祺创(北京)技术有限公司 | Threat intelligence correlation analysis method and system based on user key service network security flow |
| CN116471067A (en) * | 2023-04-06 | 2023-07-21 | 华能信息技术有限公司 | Host external connection risk detection method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015196664A1 (en) * | 2014-06-27 | 2015-12-30 | 中兴通讯股份有限公司 | Wireless routing device and method for preventing use of network for free, and computer storage medium |
| CN105592003A (en) * | 2014-10-22 | 2016-05-18 | 北京拓尔思信息技术股份有限公司 | Cross-domain single sign-on method and system based on notification |
| WO2017214818A1 (en) * | 2016-06-13 | 2017-12-21 | 刘文婷 | Member passing authentication method and system for wireless network access device |
| CN110691083A (en) * | 2019-09-26 | 2020-01-14 | 杭州安恒信息技术股份有限公司 | External connection blocking method based on process |
| CN111385285A (en) * | 2019-12-30 | 2020-07-07 | 杭州迪普科技股份有限公司 | Method and device for preventing illegal external connection |
| CN112235265A (en) * | 2020-09-29 | 2021-01-15 | 上海药明康德新药开发有限公司 | System and method for external network to access project progress |
-
2021
- 2021-11-17 CN CN202111363405.8A patent/CN114257407B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015196664A1 (en) * | 2014-06-27 | 2015-12-30 | 中兴通讯股份有限公司 | Wireless routing device and method for preventing use of network for free, and computer storage medium |
| CN105592003A (en) * | 2014-10-22 | 2016-05-18 | 北京拓尔思信息技术股份有限公司 | Cross-domain single sign-on method and system based on notification |
| WO2017214818A1 (en) * | 2016-06-13 | 2017-12-21 | 刘文婷 | Member passing authentication method and system for wireless network access device |
| CN110691083A (en) * | 2019-09-26 | 2020-01-14 | 杭州安恒信息技术股份有限公司 | External connection blocking method based on process |
| CN111385285A (en) * | 2019-12-30 | 2020-07-07 | 杭州迪普科技股份有限公司 | Method and device for preventing illegal external connection |
| CN112235265A (en) * | 2020-09-29 | 2021-01-15 | 上海药明康德新药开发有限公司 | System and method for external network to access project progress |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114257407A (en) | 2022-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12026261B2 (en) | Quarantine of software by an evaluation server based on authenticity analysis of user device data | |
| EP3706022B1 (en) | Permissions policy manager to configure permissions on computing devices | |
| CN109583193B (en) | System and method for cloud detection, investigation and elimination of target attacks | |
| US20190354709A1 (en) | Enforcement of same origin policy for sensitive data | |
| US8443439B2 (en) | Method and system for mobile network security, related network and computer program product | |
| US9467465B2 (en) | Systems and methods of risk based rules for application control | |
| US9436820B1 (en) | Controlling access to resources in a network | |
| AU2019246773B2 (en) | Systems and methods of risk based rules for application control | |
| CN114257407B (en) | Equipment connection control method and device based on white list and computer equipment | |
| US20140201843A1 (en) | Systems and methods for identifying and reporting application and file vulnerabilities | |
| CN112653655B (en) | Automobile safety communication control method and device, computer equipment and storage medium | |
| US11803647B2 (en) | Computer system vulnerability lockdown mode | |
| US11916953B2 (en) | Method and mechanism for detection of pass-the-hash attacks | |
| Min et al. | Design and analysis of a new feature-distributed malware | |
| Hamadi | Investigating vulnerabilities in a home network with Kali Linux | |
| CN110399718B (en) | Remote penetration evidence obtaining method for industrial control system | |
| Boby | Tracing intruders using web application honeypot with metasploit contents | |
| Thangavel et al. | Threats and vulnerabilities of mobile applications | |
| Jokela | A Quantitative Analysis of Vulnerabilities and Exploits in Home IoT Devices | |
| Noman et al. | Log Poisoning Attacks in IoT: Methodologies, Evasion, Detection, Mitigation, and Criticality Analysis | |
| CN118427794A (en) | Security protection method, device and storage medium of zero trust system | |
| CN113765859A (en) | Network security filtering method and device | |
| Singh et al. | Penetration Testing And Security Measures To Identify Vulnerability Inside The System | |
| Rose | LAB 1–NMAP AND NESSUS | |
| Notaro | IPSec and PPTP VPN Exploits |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |