CN114363027A - Control method and device for drainage, backflow and remote access - Google Patents
Control method and device for drainage, backflow and remote access Download PDFInfo
- Publication number
- CN114363027A CN114363027A CN202111613170.3A CN202111613170A CN114363027A CN 114363027 A CN114363027 A CN 114363027A CN 202111613170 A CN202111613170 A CN 202111613170A CN 114363027 A CN114363027 A CN 114363027A
- Authority
- CN
- China
- Prior art keywords
- data
- drainage
- equipment
- access
- access data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A control method and device for drainage, backflow and remote access. The method and the device judge whether the access data or the response data have the drainage qualification or not by setting the drainage strategy, establish forward and reverse conversation according to the quintuple to limit the data transmission direction, and establish a data transmission tunnel according to the data transmission direction for forwarding the access data. Data are transmitted to the safety equipment through the backflow equipment to check data safety, the data passing the safety check flow back to the drainage equipment through the data tunnel, and finally the data are sent to the server or the PC end through the drainage equipment. After the data copy is replaced by the data forwarding mode, the storage space is saved, and the data access efficiency is improved. The method and the system have the advantages that real-time reaction is carried out on threatened data, the safety of data access is improved, and the safe operation of the user side is guaranteed.
Description
Technical Field
The present application relates to the field of network communication technologies, and in particular, to a method and an apparatus for controlling drainage, backflow, and remote access.
Background
Data transmission is usually carried out through a network in production and life, the speed of data transmission of the network is high, the data volume is large, but the data is easily infected by viruses, so that information of application equipment is leaked, and loss is caused. Therefore, security detection of the access data and the response data is required in the data transmission process.
When network data is accessed, transparent deployment scenes are mostly adopted. Sending a data access request through a PC (personal computer) end, sending the request to a server through a data access bridge built by a router, and sending the access data to cloud security detection equipment. The method can carry out safety detection on the access data, but the detection has hysteresis, real-time monitoring cannot be realized, and virus propagation cannot be blocked in time.
In order to realize real-time detection, data are copied by establishing a data transmission mode of drainage and backflow, and a data transmission tunnel is established to transmit the data to the safety equipment and then return the data to the target server by the safety equipment. The method can perform security detection on the access data in real time, but the method for copying the data needs to occupy a memory, has higher requirements on the performance of the server, and can cause that the waiting time of a user is prolonged in the process of copying the data, thereby influencing the user experience.
Disclosure of Invention
The application provides a control method and device for drainage, backflow and remote access, and aims to solve the problem that the waiting time of a user is long due to the fact that data are drained to a cloud side through copy data to conduct security detection.
The application provides a control device for drainage, backflow and remote access, which is applied to a network communication system based on transparent deployment, wherein the network communication system comprises a PC (personal computer) end, a firewall, a router and a server, and the router forms a transparent bridge for data interaction between the PC end and the server; characterized in that, the control device further comprises: drainage equipment, backflow equipment and safety equipment;
the output port of the PC end is connected with the first sub-interface of the drainage equipment; the first sub-interface of the drainage equipment is connected with the first sub-interface of the backflow equipment through a data tunnel; the second sub-interface of the drainage equipment is connected with the first sub-interface of the firewall, and the second sub-interface of the drainage equipment is in bidirectional communication with the first sub-interface of the firewall;
the second sub-interface of the firewall is connected with the data exchange port of the router; the data exchange port of the server is connected with the data exchange port of the router; the data exchange port of the router is also connected with the first sub-interface of the reflow device; the second sub-interface of the backflow device is connected with the data exchange port of the safety device;
the control device transmits access data or response data package to the reflow equipment by the drainage equipment; the access data are transmitted to the safety equipment by the backflow equipment, and are transmitted back to the drainage equipment by the backflow equipment, and finally data interaction is carried out between the drainage equipment and the server and the PC end;
the drainage device is configured to: and setting a drainage strategy.
And establishing a data tunnel by combining the drainage strategy, the address information of the first sub-interface of the drainage equipment and the address information of the first sub-interface of the backflow equipment.
Identifying access data of the PC terminal, and transmitting the access data to the reflow equipment.
The reflow apparatus is configured to: and receiving the access data, transmitting the access data to the safety equipment, and recording the currently transmitted input interface, output interface and forwarding relation.
And receiving access data which passes the security check and reflowing the access data to the drainage equipment.
The drainage device is further configured to: and receiving the access data and transmitting the access data to a server.
And receiving response data of a server and guiding the response data to the reflow equipment.
The reflow apparatus is further configured to: and receiving the response data and transmitting the response data to the safety equipment.
Receiving response data which passes the safety check and returning the response data to the drainage equipment.
The drainage device is further configured to: and receiving the response data and transmitting the response data to the PC terminal.
The drainage equipment judges whether the access data is transmitted by a data tunnel according to the drainage strategy, and the access data which does not hit the drainage strategy is normally forwarded to a server to obtain response data from a transparent deployment bridge, so that the judgment of whether the access data hits the drainage strategy is a key step for realizing the drainage and backflow of the device to the data.
Optionally, when the drainage device identifies access data of the PC terminal and transmits the access data to the reflow device, the drainage device is further configured to:
and acquiring a quintuple of the access data, matching the quintuple with the drainage strategy, and performing drainage judgment.
And transmitting the access data according to the drainage judgment result.
Optionally, the quintuple comprises: the source ip, the destination ip, the protocol number, the source port and the destination port of the access data.
And matching the content of the quintuple with the policy content formulated in the drainage policy, and if any one of the content of the quintuple accords with the policy content formulated in the drainage policy, entering drainage judgment of the next level.
Optionally, when the drainage device obtains a quintuple of the access data, matches the quintuple with the drainage policy, and performs drainage determination, the drainage device is further configured to:
and matching the data address in the five-tuple with the ip range defined in the drainage strategy.
And judging that the incoming interface of the current access data is the under-bridge interface specified in the drainage strategy.
Optionally, when the drainage device transmits the access data according to the drainage determination result, the drainage device is further configured to:
and if the information in the quintuple is successfully matched with the drainage strategy, judging that the access data hits the drainage strategy, establishing a forward and reverse session, and transmitting the access data to the reflux equipment through a data tunnel by combining the forward and reverse session.
And if the matching of the information in the quintuple and the drainage strategy fails, judging that the access data does not hit the drainage strategy, and transmitting the access data to a server through a router.
The forward and reverse conversation is used for limiting the transmission direction of the access data, so that the interface can establish a data tunnel between the drainage device and the backflow device. Meanwhile, the access data which does not hit the drainage strategy can be directly forwarded to the server by the router to obtain the response data.
Optionally, when receiving the access data passing the security check and reflowing the access data to the drainage device, the reflow device is further configured to:
an interface configured to transmit the access data in a backward flow.
And packaging the access data, and refluxing to the drainage equipment through the data tunnel.
The input interface and the output interface of the reflow device are universal interfaces, the functions of the input interface and the output interface can be freely converted according to the current access condition so as to save data exchange interfaces, more parallel data can be accessed under the condition that the number of the data exchange interfaces is limited, and the access efficiency is improved. And the encapsulation processing carries out different encapsulation according to the type of the data tunnel.
Optionally, when receiving the access data and transmitting the access data to the server, the drainage device is further configured to: and calling forward and reverse conversation, and transmitting the access data to a firewall according to a transmission port appointed in the forward and reverse conversation. The access data is further transmitted by the firewall to the server.
The application also provides a control method for drainage, backflow and remote access, which is applied to the control device for drainage, backflow and remote access according to any one of claims 1 to 8, and is characterized by comprising the following steps:
setting a drainage strategy;
establishing a data tunnel by combining the drainage strategy, the address information of the first sub-interface of the drainage equipment and the address information of the first sub-interface of the backflow equipment;
identifying access data of a PC (personal computer) end, and transmitting the access data to reflow equipment;
receiving the access data, transmitting the access data to the safety equipment, and recording the currently transmitted input interface, output interface and forwarding relation;
receiving access data which passes the safety inspection and reflowing the access data to the drainage equipment;
receiving the access data and transmitting the access data to a server;
receiving response data of a server and guiding the response data to reflow equipment;
receiving the response data and transmitting the response data to the safety equipment;
receiving response data which passes the safety inspection and returning the response data to the drainage equipment;
and receiving the response data and transmitting the response data to the PC terminal.
The method and the device judge whether the access data or the response data have the drainage qualification or not by setting the drainage strategy, establish forward and reverse conversation according to the quintuple to limit the data transmission direction, and establish a data transmission tunnel according to the data transmission direction for forwarding the access data. Data are transmitted to the safety equipment through the backflow equipment to check data safety, the data passing the safety check flow back to the drainage equipment through the data tunnel, and finally the data are sent to the server or the PC end through the drainage equipment. After the data copy is replaced by the data forwarding mode, the storage space is saved, and the data access efficiency is improved. The method and the system have the advantages that real-time reaction is carried out on threatened data, the safety of data access is improved, and the safe operation of the user side is guaranteed.
Drawings
In order to more clearly explain the technical solution of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious to those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a block diagram of an operating architecture of a control method and apparatus for drainage, reflux, remote access;
fig. 2 is a flow chart of a configuration of a control device for drainage, reflux, remote access.
Detailed Description
Reference will now be made in detail to embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following examples do not represent all embodiments consistent with the present application. But merely as exemplifications of systems and methods consistent with certain aspects of the application, as recited in the claims.
The application provides a controlling means for drainage, backward flow, remote access leads to long problem of user latency in order to solve through copy data with data drainage to the high in the clouds safety inspection. The control device is described below with reference to fig. 1 and 2:
a control device for drainage, backflow and remote access is applied to a network communication system based on transparent deployment, the network communication system comprises a PC (personal computer) end, a firewall, a router and a server, and the router forms a transparent bridge for data interaction between the PC end and the server. Characterized in that, the control device further comprises: drainage equipment, backflow equipment and safety equipment.
And the output port of the PC end is connected with the first sub-interface of the drainage equipment. And the first sub-interface of the drainage equipment is connected with the first sub-interface of the backflow equipment through a data tunnel. And the second sub-interface of the drainage equipment is connected with the first sub-interface of the firewall, and the second sub-interface of the drainage equipment is in bidirectional communication with the first sub-interface of the firewall.
And the second sub-interface of the firewall is connected with the data exchange port of the router. And the data exchange port of the server is connected with the data exchange port of the router. And the data exchange port of the router is also connected with the first sub-interface of the reflow device. And the second sub-interface of the backflow equipment is connected with the data exchange port of the safety equipment.
The drainage equipment, the backflow equipment and the safety equipment are connected into a communication system consisting of a PC (personal computer) end, a firewall, a router and a server. The drainage equipment is positioned between the PC end and the firewall, and access data sent by the PC end can be directly transmitted to the firewall by the drainage equipment and then enters the server to acquire response data. And meanwhile, the drainage equipment is used for establishing a data tunnel with the backflow equipment and transmitting the access data to the safety equipment through the backflow equipment for safety detection. The backflow equipment receives data transmitted by the data tunnel, transmits the data to the safety equipment for detection, receives the detected data, and returns the detected data to the drainage equipment through the data tunnel, so that data backflow is realized, and real-time data detection is further realized.
And finally, distinguishing data forwarding directions by the flow guiding equipment according to the contents of forward and reverse conversations, wherein the forward and reverse conversations are provided with flow guiding marks, and according to the flow guiding marks, looking up the formulated forwarding relation, confirming that the forwarding outlet interface transmits the data to the server or the PC end.
The control device is used for transmitting access data or response data package to the backflow equipment by the drainage equipment. And then the access data is transmitted to the safety equipment by the backflow equipment, and is transmitted back to the drainage equipment by the backflow equipment, and finally data interaction is carried out between the drainage equipment and the server and the PC end.
The drainage device is configured to: and setting a drainage strategy.
And the drainage strategy is used for judging whether the current data meets the drainage standard or not, and if not, the current data is directly transmitted through the under-bridge interface.
And establishing a data tunnel by combining the drainage strategy, the address information of the first sub-interface of the drainage equipment and the address information of the first sub-interface of the backflow equipment.
The data tunnel is a three-layer VPN technology, such as a GRE tunnel and an IPsec tunnel, and is used for forwarding data received by the first subinterface of the drainage device.
Identifying access data of the PC terminal, and transmitting the access data to the reflow equipment.
And the access data of the PC terminal is identified comprises a quintuple for acquiring the access data, and is used for matching with a drainage strategy to judge whether the access data needs to be subjected to security detection through drainage and backflow.
The reflow apparatus is configured to: and receiving the access data, transmitting the access data to the safety equipment, and recording the currently transmitted input interface, output interface and forwarding relation.
The input interface and the output interface are interfaces capable of being freely converted, the input interface in one transmission process can be used as the output interface in the next transmission process according to requirements, and the interface configuration when the currently transmitted input interface and output interface are used for transmitting data in a backflow mode is recorded.
And receiving access data which passes the security check and reflowing the access data to the drainage equipment.
The safety device and the backflow device are in bidirectional communication, and data which are detected through safety are returned to the backflow device and then transmitted to the drainage device through the data tunnel.
The drainage device is further configured to: and receiving the access data and transmitting the access data to a server.
The access data is transmitted to the firewall through the security detection device and then reaches the server through the firewall to obtain response data, and the access data is transmitted according to the specified interface of the forward session by the drainage device when being transmitted.
And receiving response data of a server and guiding the response data to the reflow equipment.
The reflow apparatus is further configured to: receiving the response data and transmitting the response data to the safety equipment;
receiving response data which passes the safety inspection and reflowing the response data to the drainage equipment;
the process of the response data for security detection is the same as the access data, so that the access data and the response data are both subjected to real-time security detection, the data are not copied in the whole process, a large amount of memory resources are saved, the data forwarding mode has an efficient characteristic, and the safe and efficient data access process is realized.
The drainage device is further configured to: and receiving the response data and transmitting the response data to the PC terminal.
And the drainage equipment transmits the response data to the PC end according to the specified interface of the reverse message after receiving the response data.
As described in the above, if the prerequisite for data drainage and backflow detection transmission is drainage judgment, the drainage device is further configured to identify access data of the PC end and transmit the access data to the backflow device:
and acquiring a quintuple of the access data, matching the quintuple with the drainage strategy, and performing drainage judgment.
The quintuple comprises: the source ip, destination ip, protocol number, source port, and destination port of the data are accessed. According to data information contained in the quintuple, a forward and reverse session can be established by combining interfaces of the drainage equipment and the backflow equipment for specifying the data transmission direction, and the forward and reverse session can also be matched with an effective matching ip range established in a drainage strategy to confirm whether the data needs to be drained or not.
And transmitting the access data according to the drainage judgment result.
Drainage judgment needs to be carried out by combining a drainage strategy, and the drainage strategy is divided into two parts: and matching quintuple data information and a data interface. Therefore, when acquiring the quintuple of the access data, matching the quintuple with the drainage policy, and performing drainage determination, the drainage device is further configured to:
and matching the data address in the five-tuple with the ip range defined in the drainage strategy.
And judging that the incoming interface of the current access data is the under-bridge interface specified in the drainage strategy.
The underbridge interface specified in the drainage strategy is a sub-interface of the drainage equipment, and data drainage can be realized and safety detection can be carried out only by transmitting data through the drainage equipment. If the data passes through the drainage equipment but is not in the ip range defined in the drainage strategy, the data is directly transmitted to the firewall without the functional processing of the drainage equipment and then transmitted to the server.
The drainage device, when transmitting the access data according to the drainage determination result, is further configured to:
and if the information in the quintuple is successfully matched with the drainage strategy, judging that the access data hits the drainage strategy, establishing a forward and reverse session, and transmitting the access data to the reflux equipment through a data tunnel by combining the forward and reverse session.
And if the matching of the information in the quintuple and the drainage strategy fails, judging that the access data does not hit the drainage strategy, and transmitting the access data to a server through a router.
The data is transmitted to the backflow equipment through the data tunnel by the drainage equipment according to the transmission direction appointed by the forward session, and the backflow equipment receives the data and sends the data to the safety equipment for safety detection. The reflow device, when receiving access data that passes the security check and reflowing the access data to the drain device, is further configured to:
an interface configured to transmit the access data in a backward flow.
And packaging the access data, and refluxing to the drainage equipment through the data tunnel.
The encapsulation process is to encapsulate the data according to the corresponding protocol according to the different types of the data tunnels, and then transmit the data through the data tunnels.
The reflow device, when configured with an interface for reflow transmission of the access data, is further configured to:
and calling the input interface, the output interface and the forwarding relation when the access data is transmitted to the reflow equipment.
And setting the input interface as a backflow outlet for backflow of the access data according to the input interface, the output interface and the forwarding relation record.
The input interface and the output interface are interfaces with freely-convertible functions so as to realize bidirectional communication between the devices. The input interface in the current transmission process can be used as the output interface in the next transmission process, and the purpose of recording the input interface and the output interface is to use the input interface as the output interface during reflux transmission, so that the number of interfaces is saved, more data can be transmitted in parallel, and the access efficiency is improved. The forwarding relation record may also serve as auxiliary information for configuring the interface.
The data that flows back and transmits is received by the drainage device through the data tunnel and then transmitted to the server or the PC, and then the drainage device is further configured to, when receiving the access data and transmitting to the server: and calling forward and reverse conversation, and transmitting the access data to a firewall according to a transmission port appointed in the forward and reverse conversation. The access data is further transmitted by the firewall to the server.
The application also provides a control method for drainage, backflow and remote access, which is applied to the control device for drainage, backflow and remote access according to any one of claims 1 to 9, and is characterized by comprising the following steps:
setting a drainage strategy;
establishing a data tunnel by combining the drainage strategy, the address information of the first sub-interface of the drainage equipment and the address information of the first sub-interface of the backflow equipment;
identifying access data of a PC (personal computer) end, and transmitting the access data to reflow equipment;
receiving the access data, transmitting the access data to the safety equipment, and recording the currently transmitted input interface, output interface and forwarding relation;
receiving access data which passes the safety inspection and reflowing the access data to the drainage equipment;
receiving the access data and transmitting the access data to a server;
receiving response data of a server and guiding the response data to reflow equipment;
receiving the response data and transmitting the response data to the safety equipment;
receiving response data which passes the safety inspection and returning the response data to the drainage equipment;
and receiving the response data and transmitting the response data to the PC terminal.
The control device and method for drainage, backflow and remote access provided by the application can also realize access control of the cloud end to the PC end, and the specific operations are as follows: the method comprises the steps that firstly, a cloud end initiates an access request, the access request encapsulates request data according to static routing by a backflow device and is transmitted to a flow guiding device through a data tunnel, the flow guiding device receives the access request, establishes forward and reverse conversation, records an inlet interface and an outlet interface, sends the access request to a two-layer network bridge interface in a mode of searching a routing table, and the two-layer network bridge interface forwards the access request to a destination through a forwarding table to obtain a response packet.
The response packet is transmitted to the drainage device through the bridge port, namely, an input interface of the access request becomes an output interface of the current transmission, then the response packet is transmitted to the backflow device through the data tunnel, the response packet is transmitted to the safety device through the backflow device for safety inspection, and response packet data is returned to the cloud end or the content of the current access request is executed by a target of the current access control of the cloud end.
The method and the device judge whether the access data or the response data have the drainage qualification or not by setting the drainage strategy, establish forward and reverse conversation according to the quintuple to limit the data transmission direction, and establish a data transmission tunnel according to the data transmission direction for forwarding the access data. Data are transmitted to the safety equipment through the backflow equipment to check data safety, the data passing the safety check flow back to the drainage equipment through the data tunnel, and finally the data are sent to the server or the PC end through the drainage equipment. After the data copy is replaced by the data forwarding mode, the storage space is saved, and the data access efficiency is improved. The method and the system have the advantages that real-time reaction is carried out on threatened data, the safety of data access is improved, and the safe operation of the user side is guaranteed.
The embodiments provided in the present application are only a few examples of the general concept of the present application, and do not limit the scope of the present application. Any other embodiments extended according to the scheme of the present application without inventive efforts will be within the scope of protection of the present application for a person skilled in the art.
Claims (9)
1. A control device for drainage, backflow and remote access is applied to a network communication system based on transparent deployment, wherein the network communication system comprises a PC (personal computer) end, a firewall, a router and a server, and the router forms a transparent bridge for data interaction between the PC end and the server; characterized in that, the control device further comprises: drainage equipment, backflow equipment and safety equipment;
the output port of the PC end is connected with the first sub-interface of the drainage equipment; the first sub-interface of the drainage equipment is connected with the first sub-interface of the backflow equipment through a data tunnel; the second sub-interface of the drainage equipment is connected with the first sub-interface of the firewall, and the second sub-interface of the drainage equipment is in bidirectional communication with the first sub-interface of the firewall;
the second sub-interface of the firewall is connected with the data exchange port of the router; the data exchange port of the server is connected with the data exchange port of the router; the data exchange port of the router is also connected with the first sub-interface of the reflow device; the second sub-interface of the backflow device is connected with the data exchange port of the safety device;
the control device transmits access data or response data package to the reflow equipment by the drainage equipment; the access data are transmitted to the safety equipment by the backflow equipment, and are transmitted back to the drainage equipment by the backflow equipment, and finally data interaction is carried out between the drainage equipment and the server and the PC end;
the drainage device is configured to: setting a drainage strategy;
establishing a data tunnel by combining the drainage strategy, the address information of the first sub-interface of the drainage equipment and the address information of the first sub-interface of the backflow equipment;
identifying access data of a PC (personal computer) end, and transmitting the access data to the reflow equipment;
the reflow apparatus is configured to: receiving the access data, transmitting the access data to the safety equipment, and recording the currently transmitted input interface, output interface and forwarding relation;
receiving access data which passes security inspection and reflowing the access data to the drainage equipment;
the drainage device is further configured to: receiving the access data and transmitting the access data to a server;
receiving response data of a server and guiding the response data to the reflow equipment;
the reflow apparatus is further configured to: receiving the response data and transmitting the response data to the safety equipment;
receiving response data which passes the safety inspection and reflowing the response data to the drainage equipment;
the drainage device is further configured to: and receiving the response data and transmitting the response data to the PC terminal.
2. The control apparatus for draining, reflowing, and remote access of claim 1, wherein the draining device, in performing the access data identifying the PC side and transmitting the access data to the reflowing device, is further configured to:
acquiring a quintuple of the access data, matching the quintuple with the drainage strategy, and performing drainage judgment;
and transmitting the access data according to the drainage judgment result.
3. The control device for drainage, reflux, remote access of claim 2, the quintuple comprising: the source ip, the destination ip, the protocol number, the source port and the destination port of the access data.
4. The control apparatus for drainage, backflow and remote access according to claim 2, wherein the drainage device, when acquiring a quintuple of the access data, matching the quintuple with the drainage policy, and performing drainage determination, is further configured to:
matching the data address in the quintuple with the ip range defined in the drainage strategy;
and judging that the incoming interface of the current access data is the under-bridge interface specified in the drainage strategy.
5. The control apparatus for drainage, reflux, remote access of claim 2, the drainage device, in transmitting the access data according to a drainage decision, further configured to:
if the information in the quintuple is successfully matched with the drainage strategy, judging that the access data hits the drainage strategy, establishing a forward and reverse session, and transmitting the access data to the backflow equipment through a data tunnel by combining the forward and reverse session;
and if the matching of the information in the quintuple and the drainage strategy fails, judging that the access data does not hit the drainage strategy, and transmitting the access data to a server through a router.
6. The control apparatus for drainage, backflow, remote access of claim 1, the backflow device, when receiving access data that passes a security check and flowing the access data back to the drainage device, further configured to:
configuring an interface for streaming the access data;
and packaging the access data, and refluxing to the drainage equipment through the data tunnel.
7. The control apparatus for drainage, reflow, remote access of claim 4, the reflow device, when configuring the interface for reflow transmission of the access data, further configured to:
calling an input interface, an output interface and a forwarding relation when the access data is transmitted to the reflow equipment;
and setting the input interface as a backflow outlet for backflow of the access data according to the input interface, the output interface and the forwarding relation record.
8. The control apparatus for draining, reflowing, remote access of claim 1, the draining device, when receiving the access data and transmitting to a server, being further configured to: calling a forward and reverse session, and transmitting the access data to a firewall according to a transmission port designated in the forward and reverse session; the access data is further transmitted by the firewall to the server.
9. A control method for drainage, backflow and remote access, which is applied to the control device for drainage, backflow and remote access according to any one of claims 1 to 9, and is characterized by comprising the following steps:
setting a drainage strategy;
establishing a data tunnel by combining the drainage strategy, the address information of the first sub-interface of the drainage equipment and the address information of the first sub-interface of the backflow equipment;
identifying access data of a PC (personal computer) end, and transmitting the access data to reflow equipment;
receiving the access data, transmitting the access data to the safety equipment, and recording the currently transmitted input interface, output interface and forwarding relation;
receiving access data which passes the safety inspection and reflowing the access data to the drainage equipment;
receiving the access data and transmitting the access data to a server;
receiving response data of a server and guiding the response data to reflow equipment;
receiving the response data and transmitting the response data to the safety equipment;
receiving response data which passes the safety inspection and returning the response data to the drainage equipment;
and receiving the response data and transmitting the response data to the PC terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111613170.3A CN114363027B (en) | 2021-12-27 | 2021-12-27 | Control method and device for drainage, backflow and remote access |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111613170.3A CN114363027B (en) | 2021-12-27 | 2021-12-27 | Control method and device for drainage, backflow and remote access |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114363027A true CN114363027A (en) | 2022-04-15 |
| CN114363027B CN114363027B (en) | 2023-05-12 |
Family
ID=81101528
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111613170.3A Active CN114363027B (en) | 2021-12-27 | 2021-12-27 | Control method and device for drainage, backflow and remote access |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114363027B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100026A (en) * | 2014-05-22 | 2015-11-25 | 杭州华三通信技术有限公司 | Safe message forwarding method and safe message forwarding device |
| CN107645458A (en) * | 2017-10-20 | 2018-01-30 | 锐捷网络股份有限公司 | Three-tier message drainage method and controller |
| CN107786467A (en) * | 2017-08-28 | 2018-03-09 | 深信服科技股份有限公司 | Drainage method, drainage system and the system of network data based on transparent deployment |
| CN107920023A (en) * | 2017-12-29 | 2018-04-17 | 深信服科技股份有限公司 | A kind of realization method and system in secure resources pond |
| CN107948223A (en) * | 2016-10-12 | 2018-04-20 | 中国电信股份有限公司 | Flow processing method, service strategy equipment and caching system for caching system |
| CN113726729A (en) * | 2021-07-13 | 2021-11-30 | 中国电信集团工会上海市委员会 | Website security protection method and system based on bidirectional drainage |
-
2021
- 2021-12-27 CN CN202111613170.3A patent/CN114363027B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100026A (en) * | 2014-05-22 | 2015-11-25 | 杭州华三通信技术有限公司 | Safe message forwarding method and safe message forwarding device |
| CN107948223A (en) * | 2016-10-12 | 2018-04-20 | 中国电信股份有限公司 | Flow processing method, service strategy equipment and caching system for caching system |
| CN107786467A (en) * | 2017-08-28 | 2018-03-09 | 深信服科技股份有限公司 | Drainage method, drainage system and the system of network data based on transparent deployment |
| CN107645458A (en) * | 2017-10-20 | 2018-01-30 | 锐捷网络股份有限公司 | Three-tier message drainage method and controller |
| CN107920023A (en) * | 2017-12-29 | 2018-04-17 | 深信服科技股份有限公司 | A kind of realization method and system in secure resources pond |
| CN113726729A (en) * | 2021-07-13 | 2021-11-30 | 中国电信集团工会上海市委员会 | Website security protection method and system based on bidirectional drainage |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114363027B (en) | 2023-05-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104660565A (en) | Hostile attack detection method and device | |
| CN108881328B (en) | Data packet filtering method and device, gateway equipment and storage medium | |
| US10742768B2 (en) | Relaying system and method of transmitting IP address of client to server using encapsulation protocol | |
| CN106656648B (en) | Application flow dynamic protection method and system based on home gateway and home gateway | |
| CN111049910A (en) | Method, device, equipment and medium for processing message | |
| CN104735071A (en) | Network access control implementation method between virtual machines | |
| CN101222437B (en) | Method and system for transparent transmission of BPDU packet in two-layer switching network | |
| CN108173810B (en) | Method and device for transmitting network data | |
| CN114885332A (en) | Traffic processing method and device, storage medium and electronic equipment | |
| KR20060030821A (en) | Apparatus and method for intrusion detection in network | |
| CN105591967B (en) | A kind of data transmission method and device | |
| CN114363027A (en) | Control method and device for drainage, backflow and remote access | |
| CN111262782B (en) | Message processing method, device and equipment | |
| JP4472651B2 (en) | Network access system and network access method | |
| CN109889552A (en) | Power marketing terminal abnormal flux monitoring method, system and Electric Power Marketing System | |
| CN112653609B (en) | VPN identification application method, device, terminal and storage medium | |
| CN110771103A (en) | Traffic optimization device, communication system, traffic optimization method, and program | |
| CN109150725B (en) | Traffic grooming method and server | |
| CN112039854A (en) | Data transmission method, device and storage medium | |
| CN111193722B (en) | Linux kernel based accelerated forwarding method, device, equipment and medium | |
| CN115333853B (en) | Network intrusion detection method and device and electronic equipment | |
| JP2007142841A (en) | Attack packet detour system, method, and router with tunnel function | |
| KR100788138B1 (en) | System and method for providing communication service using network-based service platform | |
| CN115499410B (en) | NAT penetration method, device, equipment and storage medium based on Linux | |
| CN113572868B (en) | Dynamic dial-up networking method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |