CN114285646A - Method and device for preventing data leakage based on SMB protocol - Google Patents
Method and device for preventing data leakage based on SMB protocol Download PDFInfo
- Publication number
- CN114285646A CN114285646A CN202111608085.8A CN202111608085A CN114285646A CN 114285646 A CN114285646 A CN 114285646A CN 202111608085 A CN202111608085 A CN 202111608085A CN 114285646 A CN114285646 A CN 114285646A
- Authority
- CN
- China
- Prior art keywords
- data
- file
- module
- transmission
- transmission operation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a data leakage prevention method and device based on SMB protocol, and the method comprises the following steps: the anti-leakage strategy module is used for configuring an anti-leakage strategy; when a user transmits data and/or files based on an SMB protocol, the network redirection module determines whether the transmission operation needs to be intercepted; if the interception is needed, the transmission operation is intercepted, and the network redirection module forwards the information of the data and/or the file related to the transmission operation to the data transmission module; the data transmission module acquires the supervision mode of the data and the file, determines whether the data and/or the file are allowed to be transmitted or not according to the supervision mode of the data and the file, and if the data and/or the file are allowed to be transmitted, the data and/or the file are sent to a target address by using an SMB protocol, and the method is ended; if not, the transmission operation is intercepted. According to the scheme of the invention, the leakage prevention during data sharing based on the SMB protocol is realized.
Description
Technical Field
The invention relates to the field of data security, in particular to a method and a device for preventing data leakage based on an SMB protocol.
Background
As the internet is integrated into a modern corporate office environment, more and more data is exposed in the corporate office network, and the exposed data contains various information such as personal data, corporate financial conditions, and the like. This data carries a great deal of information about the business operations and, once exposed, causes irreparable and substantial losses to the business. In the approach of exposing data to the internet, the data exposed through the SMB protocol occupies a considerable share.
Under the background, in order to solve the problem of data leakage caused by unsupervised data when data is shared through an SMB protocol, a method for preventing data leakage based on the SMB is provided, and the problem of data leakage shared through the SMB protocol can be effectively solved.
Disclosure of Invention
In order to solve the technical problems, the invention provides a method and a device for preventing leakage of data based on an SMB protocol, which are used for solving the technical problem that secret-related data are leaked when the data are shared through the SMB protocol in the prior art.
According to a first aspect of the present invention, there is provided a method of leakage prevention for data based on an SMB protocol, the method comprising the steps of:
step S101: the anti-leakage strategy module is configured with an anti-leakage strategy, and sends the IP range allowed by data transmission and the IP range allowed by file transmission to the network redirection module and sends the data and file supervision mode to the data transmission module; the anti-leakage strategy comprises a data and file supervision mode, an IP range allowed by data transmission and an IP range allowed by file transmission; the supervision mode comprises whether supervision is carried out according to file names, whether data are encrypted or not and whether file contents are supervised or not;
step S102: when a user transmits data and/or files based on an SMB protocol, the network redirection module determines whether the transmission operation needs to be intercepted according to the IP range allowed by data transmission and the IP range allowed by file transmission; if the transmission operation needs to be intercepted, intercepting the transmission operation, forwarding data and/or file information related to the transmission operation to a data transmission module by a network redirection module, and acquiring an absolute path of the data and/or file related to the transmission operation in a local disk by a file monitoring module; the mode of the file monitoring module for acquiring the data related to the transmission operation and/or the absolute path of the file in the local disk is as follows: the file monitoring module obtains an absolute path of the file to which the data corresponding to the transmission operation belongs and/or the file corresponding to the transmission operation on the local disk based on the file name to which the data corresponding to the transmission operation belongs and/or the file name of the file corresponding to the transmission operation, and the step S103 is entered; if the interception is not needed, transmitting the data and/or the file, and ending the method;
step S103: the data transmission module acquires the supervision mode of the data and the file, determines whether the data and/or the file are allowed to be transmitted or not according to the supervision mode of the data and the file, and if the data and/or the file are allowed to be transmitted, the data and/or the file are sent to a target address by using an SMB protocol, and the method is ended; if not, the transmission operation is intercepted, and the method ends.
Preferably, in the step S102, the step S102 intercepts the transmission operation, and records a log of the transmission operation for subsequent statistical analysis.
Preferably, the step S103 and the step S103, the determining whether the data and/or the file are allowed to be transmitted according to the data and file supervision mode includes:
step S1031: the data transmission module acquires the file name of the data corresponding to the transmission operation and/or the file name of the file corresponding to the transmission operation from the network redirection module;
step S1032: and acquiring entity content of the file based on the absolute path acquired by the file monitoring module, and determining whether the data and/or the file are allowed to be transmitted or not according to the data and the file supervision mode.
Preferably, after step S1032, if transmission is allowed, a login request is sent to the user authentication module, the user authentication module obtains login information of the user, and after it is confirmed that the login information is correct, the data transmission module is notified, and the data transmission module initiates data and/or file transmission by using an SMB protocol.
According to a second aspect of the present invention, there is provided an apparatus for leakage prevention of data based on an SMB protocol, the apparatus comprising:
a configuration module: configuring an anti-leakage strategy module, sending an IP range allowed by data transmission and an IP range allowed by file transmission to a network redirection module, and sending a data and file supervision mode to a data transmission module; the anti-leakage strategy comprises a data and file supervision mode, an IP range allowed by data transmission and an IP range allowed by file transmission; the supervision mode comprises whether supervision is carried out according to file names, whether data are encrypted or not and whether file contents are supervised or not;
a redirection module: when a user transmits data and/or files based on an SMB protocol, the network redirection module determines whether the transmission operation needs to be intercepted according to the IP range allowed by data transmission and the IP range allowed by file transmission; if the transmission operation needs to be intercepted, intercepting the transmission operation, forwarding data and/or file information related to the transmission operation to a data transmission module by a network redirection module, and acquiring an absolute path of the data and/or file related to the transmission operation in a local disk by a file monitoring module; the mode of the file monitoring module for acquiring the data related to the transmission operation and/or the absolute path of the file in the local disk is as follows: the file monitoring module acquires the file to which the data corresponding to the transmission operation belongs and/or the absolute path of the file corresponding to the transmission operation in a local disk based on the file name to which the data corresponding to the transmission operation belongs and/or the file name of the file corresponding to the transmission operation, and triggers the supervision module; if the interception is not needed, transmitting data and/or files;
a supervision module: configuring a supervision mode for acquiring the data and the files by the data transmission module, determining whether the data and/or the files are allowed to be transmitted or not according to the supervision mode of the data and the files, and if so, sending the data and/or the files to a target address by using an SMB protocol; if not, the transmission operation is intercepted.
Preferably, the redirection module further includes: and recording the log of the transmission operation while intercepting the transmission operation for subsequent statistical analysis.
Preferably, the supervision module comprises:
a path acquisition submodule: the data transmission module is configured to acquire a file name of data corresponding to the transmission operation and/or a file name of a file corresponding to the transmission operation from the network redirection module;
a judgment submodule: the file monitoring module is configured to acquire the entity content of the file based on the absolute path acquired by the file monitoring module, and determine whether the data and/or the file are allowed to be transmitted according to the data and the file supervision mode.
Preferably, the supervision module includes a transmission sub-module configured to send a login request to the user authentication module if transmission is allowed, the user authentication module obtains login information of the user, and after the login information is confirmed to be correct, the data transmission module is notified, and the data transmission module initiates data and/or file transmission by using an SMB protocol.
According to a third aspect of the present invention, there is provided a system for leakage prevention for data based on an SMB protocol, comprising:
a processor for executing a plurality of instructions;
a memory to store a plurality of instructions;
wherein the plurality of instructions are to be stored by the memory and loaded and executed by the processor to perform the method for leakage prevention of data based on the SMB protocol as previously described.
According to a fourth aspect of the present invention, there is provided a computer readable storage medium having a plurality of instructions stored therein; the plurality of instructions for loading and executing by the processor a method for leakage prevention of data based on the SMB protocol, as previously described.
According to the scheme of the invention, the method can prevent the secret-related data from being leaked when the data is shared through the SMB protocol, and adds a layer of supervision for the data sharing. According to the method, leakage prevention of the confidential data is realized by configuring the data supervision range, such as file name, encryption or not, file content and the like, configuring the sharing range, the IP address of the host and the like, and checking, recording logs and the like during data transmission. The method has the following technical effects: (1) the anti-leakage of data sharing based on the SMB protocol is realized; (2) and realizing the encryption of the SMB protocol transmission data and the like.
The foregoing description is only an overview of the technical solutions of the present invention, and in order to make the technical solutions of the present invention more clearly understood and to implement them in accordance with the contents of the description, the following detailed description is given with reference to the preferred embodiments of the present invention and the accompanying drawings.
Drawings
Defining:
the SMB protocol is a Server Message Block (CIFS), an application layer network transport protocol developed by microsoft and mainly used to enable machines on the network to share resources such as computer files, printers, serial ports, and communications. It also provides authenticated interprocess communication functionality. It is used primarily on machines equipped with Microsoft Windows, which are referred to on such machines as Microsoft Windows networks.
Netfilter: and the software framework in the Linux kernel is used for managing the network data packet. The system not only has the function of Network Address Translation (NAT), but also has the firewall functions of modifying the content of the data packet, filtering the data packet and the like. By using the application software operating in the user space, Netfilter can be controlled, and a system manager can manage various network data packets passing through the Linux operating system.
Inotify: inotify is one of Linux core subsystems, and is used as an additional function of a file system, and can monitor the file system and notify an application program of an abnormal change. Fanotify (fsckingall notification and file access system) is an upgraded version of notifier.
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention. In the drawings:
fig. 1 is a flow diagram of a method for data leakage prevention based on the SMB protocol in accordance with one embodiment of the present invention;
FIG. 2 is a data interaction diagram for data leakage prevention based on SMB protocol according to an embodiment of the present invention;
fig. 3 is a block diagram of an apparatus for preventing data leakage based on the SMB protocol according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the specific embodiments of the present invention and the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
First, a flow chart of a method for data leakage prevention based on the SMB protocol is described with reference to fig. 1. As shown in fig. 1-2, the method comprises the steps of:
step S101: the anti-leakage strategy module is configured with an anti-leakage strategy, and sends the IP range allowed by data transmission and the IP range allowed by file transmission to the network redirection module and sends the data and file supervision mode to the data transmission module; the anti-leakage strategy comprises a data and file supervision mode, an IP range allowed by data transmission and an IP range allowed by file transmission; the supervision mode comprises whether supervision is carried out according to file names, whether data are encrypted, whether file contents are supervised or not and the like;
step S102: when a user transmits data and/or files based on an SMB protocol, the network redirection module determines whether the transmission operation needs to be intercepted according to the IP range allowed by data transmission and the IP range allowed by file transmission; if the transmission operation needs to be intercepted, intercepting the transmission operation, forwarding data and/or file information related to the transmission operation to a data transmission module by a network redirection module, and acquiring an absolute path of the data and/or file related to the transmission operation in a local disk by a file monitoring module; the mode of the file monitoring module for acquiring the data related to the transmission operation and/or the absolute path of the file in the local disk is as follows: the file monitoring module obtains an absolute path of the file to which the data corresponding to the transmission operation belongs and/or the file corresponding to the transmission operation on the local disk based on the file name to which the data corresponding to the transmission operation belongs and/or the file name of the file corresponding to the transmission operation, and the step S103 is entered; if the interception is not needed, transmitting the data and/or the file, and ending the method;
step S103: the data transmission module acquires the supervision mode of the data and the file, determines whether the data and/or the file are allowed to be transmitted or not according to the supervision mode of the data and the file, and if the data and/or the file are allowed to be transmitted, the data and/or the file are sent to a target address by using an SMB protocol, and the method is ended; if not, the transmission operation is intercepted, and the method ends.
Before the step S101, the method includes: and when the system is started, the anti-leakage strategy module, the network redirection module, the file monitoring module, the data transmission module and the user authentication module are loaded. The system is a security management system. The anti-leakage strategy module, the network redirection module, the file monitoring module, the data transmission module and the user authentication module are all sub-modules of the security management system.
In this embodiment, by setting the IP range allowed for data transmission and the IP range allowed for file transmission, the IP range can be preset, and corresponding data and files can be received within the preset IP range.
Step S102, while intercepting the transmission operation, records a log of the transmission operation for subsequent statistical analysis.
The step S103 of determining whether the data and/or the file are allowed to be transmitted according to the supervision mode of the data and the file includes:
step S1031: the data transmission module acquires the file name of the data corresponding to the transmission operation and/or the file name of the file corresponding to the transmission operation from the network redirection module;
step S1032: and acquiring entity content of the file based on the absolute path acquired by the file monitoring module, and determining whether the data and/or the file are allowed to be transmitted or not according to the data and the file supervision mode.
Further, after the step S1032, if transmission is allowed, the login service is sent to the user authentication module, the user authentication module obtains the user login information, and after the login information is confirmed to be correct, the data transmission module is notified, and the data transmission module initiates data and/or file transmission by using an SMB protocol.
In this embodiment, the network redirection module is configured to intercept data transmitted by a user from the network redirection module when the user transmits the data to the SMB server or acquires the data from the SMB server, and send the content of the intercepted data transmission to the data transmission module; the network redirection module is realized based on NetFilter. The file monitoring module is also used for monitoring operations such as opening, reading, writing, creating and the like of the file performed by the local computer, and is realized based on Fanitify. And the data transmission module is used for transmitting the data sent by the user by using an SMB protocol under the condition of meeting a leakage-proof strategy. The user authentication module is mainly used for obtaining the required login verification information when the data is transmitted.
Furthermore, the realization of the network redirection module is based on NetFilter, the module can carry out interception change and the like on network message processing, and the module can also realize the function by using other network message monitoring modes; the file monitoring module is implemented based on Fanotify, can monitor file operation on a computer, and can be implemented in other modes as well; the transmission of data by the SMB protocol is currently based on tools that are open sources on the network, and tools provided by other developers may also be used.
Fig. 3 is a schematic structural diagram of an apparatus for preventing data leakage based on the SMB protocol according to an embodiment of the present invention, as shown in fig. 3, the apparatus includes:
a configuration module: configuring an anti-leakage strategy module, sending an IP range allowed by data transmission and an IP range allowed by file transmission to a network redirection module, and sending a data and file supervision mode to a data transmission module; the anti-leakage strategy comprises a data and file supervision mode, an IP range allowed by data transmission and an IP range allowed by file transmission; the supervision mode comprises whether supervision is carried out according to file names, whether data are encrypted or not and whether file contents are supervised or not;
a redirection module: when a user transmits data and/or files based on an SMB protocol, the network redirection module determines whether the transmission operation needs to be intercepted according to the IP range allowed by data transmission and the IP range allowed by file transmission; if the transmission operation needs to be intercepted, intercepting the transmission operation, forwarding data and/or file information related to the transmission operation to a data transmission module by a network redirection module, and acquiring an absolute path of the data and/or file related to the transmission operation in a local disk by a file monitoring module; the mode of the file monitoring module for acquiring the data related to the transmission operation and/or the absolute path of the file in the local disk is as follows: the file monitoring module acquires the file to which the data corresponding to the transmission operation belongs and/or the absolute path of the file corresponding to the transmission operation in a local disk based on the file name to which the data corresponding to the transmission operation belongs and/or the file name of the file corresponding to the transmission operation, and triggers the supervision module; if the interception is not needed, transmitting data and/or files;
a supervision module: configuring a supervision mode for acquiring the data and the files by the data transmission module, determining whether the data and/or the files are allowed to be transmitted or not according to the supervision mode of the data and the files, and if so, sending the data and/or the files to a target address by using an SMB protocol; if not, the transmission operation is intercepted.
The embodiment of the invention further provides a data leakage prevention system based on the SMB protocol, which comprises the following steps:
a processor for executing a plurality of instructions;
a memory to store a plurality of instructions;
wherein the plurality of instructions are to be stored by the memory and loaded and executed by the processor to perform the method for data leakage prevention based on the SMB protocol as previously described.
The embodiment of the invention further provides a computer readable storage medium, wherein a plurality of instructions are stored in the storage medium; the plurality of instructions for loading and executing by the processor a method for data leakage prevention based on the SMB protocol, as previously described.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
In the embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions in actual implementation, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a physical machine Server, or a network cloud Server, etc., and needs to install a Windows or Windows Server operating system) to perform some steps of the method according to various embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and any simple modification, equivalent change and modification made to the above embodiment according to the technical spirit of the present invention are still within the scope of the technical solution of the present invention.
Claims (10)
1. A method for data leakage prevention based on SMB protocol, comprising the steps of:
step S101: the anti-leakage strategy module is configured with an anti-leakage strategy, and sends the IP range allowed by data transmission and the IP range allowed by file transmission to the network redirection module and sends the data and file supervision mode to the data transmission module; the anti-leakage strategy comprises a data and file supervision mode, an IP range allowed by data transmission and an IP range allowed by file transmission; the supervision mode comprises whether supervision is carried out according to file names, whether data are encrypted or not and whether file contents are supervised or not;
step S102: when a user transmits data and/or files based on an SMB protocol, the network redirection module determines whether the transmission operation needs to be intercepted according to the IP range allowed by data transmission and the IP range allowed by file transmission; if the transmission operation needs to be intercepted, intercepting the transmission operation, forwarding data and/or file information related to the transmission operation to a data transmission module by a network redirection module, and acquiring an absolute path of the data and/or file related to the transmission operation in a local disk by a file monitoring module; the mode of the file monitoring module for acquiring the data related to the transmission operation and/or the absolute path of the file in the local disk is as follows: the file monitoring module acquires the file to which the data corresponding to the transmission operation belongs and/or the absolute path of the file corresponding to the transmission operation on the local disk based on the file name to which the data corresponding to the transmission operation belongs and/or the file name of the file corresponding to the transmission operation; the process advances to step S103; if the interception is not needed, transmitting the data and/or the file, and ending the method;
step S103: the data transmission module acquires the supervision mode of the data and the file, determines whether the data and/or the file are allowed to be transmitted or not according to the supervision mode of the data and the file, and if the data and/or the file are allowed to be transmitted, the data and/or the file are sent to a target address by using an SMB protocol, and the method is ended; if not, the transmission operation is intercepted, and the method ends.
2. The method of claim 1, wherein in step S102, the transmission operation is intercepted and simultaneously a log of the transmission operation is recorded for subsequent statistical analysis.
3. The method according to claim 1, wherein the step S103 of determining whether the data and/or the file are allowed to be transmitted according to the data and file supervision mode includes:
step S1031: the data transmission module acquires the file name of the data corresponding to the transmission operation and/or the file name of the file corresponding to the transmission operation from the network redirection module;
step S1032: and acquiring entity content of the file based on the absolute path acquired by the file monitoring module, and determining whether the data and/or the file are allowed to be transmitted or not according to the data and the file supervision mode.
4. The method according to claim 3, wherein after step S1032, if the transmission is allowed, sending a login request to a user authentication module, obtaining the user login information by the user authentication module, notifying a data transmission module after confirming that the login information is correct, and initiating data and/or file transmission by the data transmission module using SMB protocol.
5. An apparatus for data leakage prevention based on an SMB protocol, the apparatus comprising:
a configuration module: configuring an anti-leakage strategy module, sending an IP range allowed by data transmission and an IP range allowed by file transmission to a network redirection module, and sending a data and file supervision mode to a data transmission module; the anti-leakage strategy comprises a data and file supervision mode, an IP range allowed by data transmission and an IP range allowed by file transmission; the supervision mode comprises whether supervision is carried out according to file names, whether data are encrypted or not and whether file contents are supervised or not;
a redirection module: when a user transmits data and/or files based on an SMB protocol, the network redirection module determines whether the transmission operation needs to be intercepted according to the IP range allowed by data transmission and the IP range allowed by file transmission; if the transmission operation needs to be intercepted, intercepting the transmission operation, forwarding data and/or file information related to the transmission operation to a data transmission module by a network redirection module, and acquiring an absolute path of the data and/or file related to the transmission operation in a local disk by a file monitoring module; the mode of the file monitoring module for acquiring the data related to the transmission operation and/or the absolute path of the file in the local disk is as follows: the file monitoring module acquires the file to which the data corresponding to the transmission operation belongs and/or the absolute path of the file corresponding to the transmission operation on the local disk based on the file name to which the data corresponding to the transmission operation belongs and/or the file name of the file corresponding to the transmission operation; triggering a supervision module; if the interception is not needed, transmitting data and/or files;
a supervision module: configuring a supervision mode for acquiring the data and the files by the data transmission module, determining whether the data and/or the files are allowed to be transmitted or not according to the supervision mode of the data and the files, and if so, sending the data and/or the files to a target address by using an SMB protocol; if not, the transmission operation is intercepted.
6. The apparatus of claim 5, wherein the redirection module further comprises: and recording the log of the transmission operation while intercepting the transmission operation for subsequent statistical analysis.
7. The apparatus of claim 5, wherein the supervision module comprises:
a path acquisition submodule: the data transmission module is configured to acquire a file name of data corresponding to the transmission operation and/or a file name of a file corresponding to the transmission operation from the network redirection module;
a judgment submodule: the file monitoring module is configured to acquire the entity content of the file based on the absolute path acquired by the file monitoring module, and determine whether the data and/or the file are allowed to be transmitted according to the data and the file supervision mode.
8. The apparatus of claim 7, wherein the administration module includes a transmission sub-module configured to send a login request to the user authentication module if transmission is allowed, obtain user login information from the user authentication module, notify the data transmission module after confirming that the login information is correct, and initiate data and/or file transmission from the data transmission module using the SMB protocol.
9. A system for data leakage prevention based on an SMB protocol, comprising:
a processor for executing a plurality of instructions;
a memory to store a plurality of instructions;
wherein the plurality of instructions are for storage by the memory and for loading and execution by the processor of the method of any of claims 1-4.
10. A computer-readable storage medium having stored therein a plurality of instructions; the plurality of instructions for being loaded by a processor and for performing the method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111608085.8A CN114285646B (en) | 2021-12-23 | 2021-12-23 | Method and device for preventing data leakage based on SMB protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111608085.8A CN114285646B (en) | 2021-12-23 | 2021-12-23 | Method and device for preventing data leakage based on SMB protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114285646A true CN114285646A (en) | 2022-04-05 |
| CN114285646B CN114285646B (en) | 2023-10-20 |
Family
ID=80875705
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111608085.8A Active CN114285646B (en) | 2021-12-23 | 2021-12-23 | Method and device for preventing data leakage based on SMB protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114285646B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010238212A (en) * | 2009-03-31 | 2010-10-21 | Intelligent Wave Inc | File control program, file transmission program, file transmission device, file control method, and file transmission method |
| CN104660624A (en) * | 2013-11-18 | 2015-05-27 | 珠海金山网络游戏科技有限公司 | File sharing method, file sharing device and mobile equipment |
| CN104683477A (en) * | 2015-03-18 | 2015-06-03 | 哈尔滨工程大学 | Sharing file operation filtering method based on SMB protocol |
| CN106605232A (en) * | 2014-09-09 | 2017-04-26 | 微软技术许可有限责任公司 | Preserving data protection with policy |
| CN107277024A (en) * | 2017-06-27 | 2017-10-20 | 北京明朝万达科技股份有限公司 | A kind of data leakage prevention method and system based on TDI interface layers |
| CN107896228A (en) * | 2017-12-22 | 2018-04-10 | 北京明朝万达科技股份有限公司 | A kind of data leakage prevention method and system |
| CN112019516A (en) * | 2020-08-03 | 2020-12-01 | 杭州迪普科技股份有限公司 | Access control method, device, equipment and storage medium for shared file |
| CN113486400A (en) * | 2021-07-16 | 2021-10-08 | 北京明朝万达科技股份有限公司 | Data leakage prevention method and device, electronic equipment and readable storage medium |
| CN113726789A (en) * | 2021-09-01 | 2021-11-30 | 北京天空卫士网络安全技术有限公司 | Sensitive data interception method and device |
-
2021
- 2021-12-23 CN CN202111608085.8A patent/CN114285646B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010238212A (en) * | 2009-03-31 | 2010-10-21 | Intelligent Wave Inc | File control program, file transmission program, file transmission device, file control method, and file transmission method |
| CN104660624A (en) * | 2013-11-18 | 2015-05-27 | 珠海金山网络游戏科技有限公司 | File sharing method, file sharing device and mobile equipment |
| CN106605232A (en) * | 2014-09-09 | 2017-04-26 | 微软技术许可有限责任公司 | Preserving data protection with policy |
| CN104683477A (en) * | 2015-03-18 | 2015-06-03 | 哈尔滨工程大学 | Sharing file operation filtering method based on SMB protocol |
| CN107277024A (en) * | 2017-06-27 | 2017-10-20 | 北京明朝万达科技股份有限公司 | A kind of data leakage prevention method and system based on TDI interface layers |
| CN107896228A (en) * | 2017-12-22 | 2018-04-10 | 北京明朝万达科技股份有限公司 | A kind of data leakage prevention method and system |
| CN112019516A (en) * | 2020-08-03 | 2020-12-01 | 杭州迪普科技股份有限公司 | Access control method, device, equipment and storage medium for shared file |
| CN113486400A (en) * | 2021-07-16 | 2021-10-08 | 北京明朝万达科技股份有限公司 | Data leakage prevention method and device, electronic equipment and readable storage medium |
| CN113726789A (en) * | 2021-09-01 | 2021-11-30 | 北京天空卫士网络安全技术有限公司 | Sensitive data interception method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114285646B (en) | 2023-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6782307B2 (en) | Dynamic access to hosted applications | |
| WO2015096695A1 (en) | Installation control method, system and device for application program | |
| US20170302689A1 (en) | Network Security Protection Method and Apparatus | |
| CN109413043B (en) | Method and device for realizing dynamic configuration of database, electronic equipment and storage medium | |
| KR102580898B1 (en) | System and method for selectively collecting computer forensics data using DNS messages | |
| JP5293580B2 (en) | Web service system, web service method and program | |
| EP4109861A1 (en) | Data processing method, apparatus, computer device, and storage medium | |
| CN109639705B (en) | Cloud platform security detection method | |
| CN107528865A (en) | The method for down loading and system of file | |
| WO2020073827A1 (en) | Document tracking method, gateway device and server | |
| CN115037551B (en) | Connection authority control method and device, electronic equipment and storage medium | |
| CN112948842A (en) | Authentication method and related equipment | |
| CN109905352B (en) | Method, device and storage medium for auditing data based on encryption protocol | |
| US10447818B2 (en) | Methods, remote access systems, client computing devices, and server devices for use in remote access systems | |
| US20060272012A1 (en) | Multifunction server system | |
| US20150304237A1 (en) | Methods and systems for managing access to a location indicated by a link in a remote access system | |
| CN111600755A (en) | Internet access behavior management system and method | |
| CN114285646B (en) | Method and device for preventing data leakage based on SMB protocol | |
| CN115134175B (en) | Security communication method and device based on authorization strategy | |
| CN116319927A (en) | Service calling method, electronic equipment and system in hybrid cloud environment | |
| CN116232659A (en) | Data processing method, device and readable storage medium | |
| US11522913B1 (en) | Simplifying networking setup complexity for security agents | |
| CN113656817A (en) | Data encryption method | |
| CN110233859B (en) | Novel wind control method and wind control system | |
| CN115543663B (en) | Data processing method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |