CN114710331A - Security defense method and network security equipment - Google Patents

Security defense method and network security equipment Download PDF

Info

Publication number
CN114710331A
CN114710331A CN202210290173.6A CN202210290173A CN114710331A CN 114710331 A CN114710331 A CN 114710331A CN 202210290173 A CN202210290173 A CN 202210290173A CN 114710331 A CN114710331 A CN 114710331A
Authority
CN
China
Prior art keywords
defense
security
constructing
network
model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202210290173.6A
Other languages
Chinese (zh)
Inventor
顾成杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Security Technologies Co Ltd
Original Assignee
New H3C Security Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Security Technologies Co Ltd filed Critical New H3C Security Technologies Co Ltd
Priority to CN202210290173.6A priority Critical patent/CN114710331A/en
Publication of CN114710331A publication Critical patent/CN114710331A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present specification provides a method of security defense and a network security device, the method comprising: and constructing a security defense model, wherein the security defense model comprises two or more security defense functions, and the security defense model is utilized to perform security defense on the network equipment. The method can effectively improve the network security.

Description

Security defense method and network security equipment
Technical Field
The present disclosure relates to the field of information security, and in particular, to a method for security defense and a network security device.
Background
With the development of network informatization, more and more applications based on Web services are provided, and the security of the Web services is more and more emphasized by people. Once the Web server is attacked, not only the normal service cannot be provided, but also the internal information is leaked.
The Web server is also called www (world WIDE Web) server, and the main function is to provide Web information browsing services. The WWW is the Internet's multimedia information query tool, the fastest growing and most widely used service today. When a Web browser (client) connects to a Web server and requests a file, the Web server will process the request and send the file to the browser, with the accompanying information telling the browser how to view the file (i.e., the file type). The Web server not only stores information, but also allows users to run scripts and programs based on information provided by a Web browser.
Because the Web server provides services for various clients, users are various, so that the application systems are directly exposed in an unsafe network environment, the Web server is free from security threats at all times, and the threats mainly comprise denial of service, distributed denial of service, SQL injection attack and cross-site scripting attack. Since government websites, financial websites and educational websites generally have higher website ranking weight in internet search engines such as Baidu, Google and dog searching, hackers can cheat the personal related information of customers by inserting illegal links or website horse hanging means in the webpages of the websites, so as to exchange higher economic benefit value.
Disclosure of Invention
In order to improve network security, the embodiment of the disclosure provides a security defense method and a network security device.
The embodiment of the disclosure provides a security defense method, which comprises the following steps:
constructing a security defense model, wherein the security defense model comprises two or more security defense functions;
and carrying out security defense on the network equipment by utilizing the security defense model.
Wherein the constructing of the security defense model comprises:
and determining defense levels for constructing a security defense model, wherein each defense level at least comprises one security defense function.
The method further comprises the following steps:
constructing a safety defense function library, wherein the safety defense function library at least comprises: DDos attack resistance, network access control, intrusion prevention detection, HTTP attack prevention and webpage tamper resistance.
The method comprises the following steps of determining defense levels for constructing a security defense model, wherein each defense level at least comprises a security defense function, and the method comprises the following steps:
and acquiring a corresponding number of target security defense functions from the defense function library according to the determined number of defense levels for constructing the security defense model, and enabling the target security defense functions according to the defense level sequence.
By the method, the network security can be effectively improved.
An embodiment of the present disclosure further provides a network security device, where the network security device includes:
the safety defense system comprises a construction module, a data processing module and a data processing module, wherein the construction module is used for constructing a safety defense model which comprises two or more safety defense functions;
and the processing module is used for carrying out security defense on the network equipment by utilizing the security defense model.
The construction module is specifically used for determining defense levels for constructing a security defense model, and each defense level at least comprises a security defense function.
The construction module is further used for constructing a security defense function library, and the security defense function library at least comprises: DDos attack resistance, network access control, intrusion prevention detection, HTTP attack prevention and webpage tamper resistance.
And acquiring a corresponding number of target security defense functions from the defense function library according to the determined number of defense levels for constructing the security defense model, and enabling the target security defense functions according to the defense level sequence.
An embodiment of the present disclosure further provides a network security device, where the network security device includes: a processor, a memory and a program stored on the memory and executable on the processor, the program implementing any of the above method steps when executed by the processor.
An embodiment of the present disclosure further provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements any of the above method steps.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present specification and together with the description, serve to explain the principles of the specification.
Fig. 1 is a schematic flow chart of a security defense method according to an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In a traditional Web server safety protection scheme, a Web server is deployed in a DMZ area, a firewall, vulnerability scanning and intrusion prevention products are deployed at a network boundary, network messages are filtered in a mode of configuring access control among areas on the firewall, virus defense and attack script defense are carried out on flow by matching intrusion prevention equipment, and vulnerabilities of websites are discovered and repaired in time by means of vulnerability scanning.
There are problems in the above technology that cannot block application layer attacks and lack global view of integrity, for example, HTTP layer exploits and attacks are the mainstream means for hackers for Web servers. Traditional firewalls and intrusion prevention can not go deep into data packets for targeted security inspection and filtering. Each safety measure works independently, no resultant force is formed, and the adopted safety solution cannot play a role to the maximum extent.
In order to solve the technical problem, the embodiment of the present disclosure provides a method for security defense, and a Web server security protection scheme based on multilayer defense is designed, through which a user can select and adapt a security policy in combination with a current security situation score, a security resource usage condition, and a security protection requirement, and a multilayer security defense line is established between the Web server and an internet user/malicious user through various professional security measures, so as to improve the defense capability of the Web server.
Based on the above, an embodiment of the present disclosure provides a method for security defense, as shown in fig. 1, the method includes:
s101, constructing a security defense model, wherein the security defense model comprises two or more security defense functions;
s102, carrying out security defense on the network equipment by using the security defense model.
In this embodiment, the security defense model may include a plurality of defense levels, for example, two to five levels of defense levels may be included.
In the implementation step S101, the administrator may first determine defense levels of the security defense model, wherein each defense level includes at least one security defense function.
The security defense function in this embodiment may be a security defense function related at present or in the future, for example, DDos attack resistance, network access control, intrusion prevention detection, HTTP attack prevention, and web page tamper resistance.
The anti-DDos attack, the security defense function is mainly used for defending DDoS attack (denial of service attack) initiated by a hacker to the Web server, DDoS flow can be effectively unloaded, common attack behaviors such as SYN flow, UDP DNS Query flow, (M) Stream flow, ICMP flow, HTTP Get flow and connection exhaustion can be effectively identified, and the attack flows are blocked in real time through an integrated mechanism, so that the Web server is effectively protected.
And the security defense function is mainly used for controlling the network boundary access between the Internet and an intranet. The Web server is essentially an intranet application, but needs to be exposed to the internet due to the requirement of business release. The firewall product is deployed at the layer to issue the Web server to the outside, and meanwhile, network access control measures are taken, so that the safety guarantee requirement that the internal network of an enterprise is not influenced while the Web server is exposed to the outside is guaranteed. The layer can prevent hackers from attacking the internal network by using unsafe services, carry out access control on malicious ports and malicious IP, realize the functions of monitoring, filtering, recording and reporting of data streams and better separate the connection between the internal network and the external network.
And (4) intrusion prevention detection, wherein the security prevention function is mainly used for filtering malicious codes at a filtering system level. The layer integrates functions of intrusion prevention and detection, virus protection, bandwidth management, URL (uniform resource locator) filtering and the like, and by penetrating into 7 layers of analysis and detection, attacks and malicious behaviors of viruses, worms, trojans, spyware, nets and the like hidden in network flow are blocked in real time, so that comprehensive protection of network application, network infrastructure and network performance is realized, and effective protection can be provided for abnormal message attacks.
The security defense function is mainly used for checking and filtering bidirectional data submitted to the Web server by a user and returned to the user by the Web server. For data submitted by a user to a Web server, the layer can discover malicious scripts and problem codes/commands in the data submitted by the user in real time. Necessary content filtering can be performed on data returned to a user by a Web server, such as malicious scripts and codes, HTTP Error responses (4xx, 5xx and the like), key sensitive words and the like, so that the safety of the user side is fully ensured, and meanwhile, the leakage of important information of the server side is avoided. The Web security problems of SQL injection, cross-site scripting, CSRF, abnormal access, CC attack and the like are solved.
The webpage is tamper-proof, and the security defense function is mainly used for preventing malicious tampering of webpage content. The layer directly deploys a core program on a Web server, sets access authority (generally forbids all processes to modify) aiming at a website file directory, realizes the protection of a website or a website directory file in advance, forbids any other process and port to access all the modification operations of the protected directory and file except for the appointed legal process and port service, cuts off the connection before the illegal process starts to invade the system, forbids the next action of the illegal process, and avoids economic and image loss caused by the falsification of a webpage.
In this embodiment, a security defense function library may be further constructed, where the security defense function library is configured to store the security defense functions, and the security defense function library may be constructed by a database and stored in a server.
In this embodiment, a corresponding number of security defense functions (target security defense functions) are invoked from the library of security defense functions according to the determined defense hierarchy.
In one embodiment, the user may select and adapt the security policy in combination with the current security situation score, the security resource usage, and the security protection requirements, and may enable the security defense functions in the order of defense levels.
It can be seen from the above embodiments that, by constructing a security defense model including multiple security defense functions, a user can select and adapt a security policy in combination with the current security situation score, the security resource usage and the security protection requirements, so that the security threats of L2-L7 can be fully covered, interception and filtering can be effectively performed when a security event occurs, the difficulty of hacking is increased, and the possibility of the Web server being attacked is reduced.
Based on the foregoing method embodiments, an embodiment of the present disclosure further provides a network security device, where the network security device includes:
the safety defense system comprises a construction module, a data processing module and a data processing module, wherein the construction module is used for constructing a safety defense model which comprises two or more safety defense functions;
and the processing module is used for carrying out security defense on the network equipment by utilizing the security defense model.
The construction module is specifically used for determining defense levels for constructing a security defense model, and each defense level at least comprises a security defense function.
The construction module is further used for constructing a security defense function library, and the security defense function library at least comprises: DDos attack resistance, network access control, intrusion prevention detection, HTTP attack prevention and webpage tamper resistance.
And acquiring a corresponding number of target security defense functions from the defense function library according to the determined number of defense levels for constructing the security defense model, and enabling the target security defense functions according to the defense level sequence.
An embodiment of the present disclosure further provides a network security device, where the network security device includes: a processor, a memory and a program stored on the memory and executable on the processor, which when executed by the processor implements the method steps of any of the embodiments described above.
The embodiments of the present disclosure also provide a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the method steps in any of the above embodiments are implemented.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Other embodiments of the present description will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It will be understood that the present description is not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.

Claims (10)

1. A method of security defense, the method comprising:
constructing a security defense model, wherein the security defense model comprises two or more security defense functions;
and carrying out security defense on the network equipment by utilizing the security defense model.
2. The method of claim 1, wherein constructing the security defense model comprises:
and determining defense levels for constructing a security defense model, wherein each defense level at least comprises one security defense function.
3. The method of claim 2, further comprising:
constructing a safety defense function library, wherein the safety defense function library at least comprises: DDos attack resistance, network access control, intrusion prevention detection, HTTP attack prevention and webpage tamper resistance.
4. The method of claim 3, wherein determining defense levels for constructing a security defense model, each defense level comprising at least one security defense function, comprises:
and acquiring a corresponding number of target security defense functions from the defense function library according to the determined number of defense levels for constructing the security defense model, and enabling the target security defense functions according to the defense level sequence.
5. A network security device, the network security device comprising:
the safety defense system comprises a construction module, a data processing module and a data processing module, wherein the construction module is used for constructing a safety defense model which comprises two or more safety defense functions;
and the processing module is used for carrying out security defense on the network equipment by utilizing the security defense model.
6. The network security appliance of claim 5,
the construction module is specifically used for determining defense levels for constructing a security defense model, and each defense level at least comprises a security defense function.
7. The network security appliance of claim 5,
the construction module is further used for constructing a security defense function library, and the security defense function library at least comprises: DDos attack resistance, network access control, intrusion prevention detection, HTTP attack prevention and webpage tamper resistance.
8. The network security appliance of claim 7,
and acquiring a corresponding number of target security defense functions from the defense function library according to the determined number of defense levels for constructing the security defense model, and enabling the target security defense functions according to the defense level sequence.
9. A network security device, comprising: processor, memory and program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the method according to any one of claims 1 to 4.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 4.
CN202210290173.6A 2022-03-23 2022-03-23 Security defense method and network security equipment Withdrawn CN114710331A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210290173.6A CN114710331A (en) 2022-03-23 2022-03-23 Security defense method and network security equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210290173.6A CN114710331A (en) 2022-03-23 2022-03-23 Security defense method and network security equipment

Publications (1)

Publication Number Publication Date
CN114710331A true CN114710331A (en) 2022-07-05

Family

ID=82169512

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210290173.6A Withdrawn CN114710331A (en) 2022-03-23 2022-03-23 Security defense method and network security equipment

Country Status (1)

Country Link
CN (1) CN114710331A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101582883A (en) * 2009-06-26 2009-11-18 西安电子科技大学 System and method for managing security of general network
CN101808078A (en) * 2009-02-13 2010-08-18 北京启明星辰信息技术股份有限公司 Intrusion defence system having active defence capability and method thereof
CN102934122A (en) * 2010-05-07 2013-02-13 阿尔卡特朗讯公司 Method for adapting security policies of an information system infrastructure
CN104092668A (en) * 2014-06-23 2014-10-08 北京航空航天大学 Method for constructing safety service of reconfigurable network
CN106789983A (en) * 2016-12-08 2017-05-31 北京安普诺信息技术有限公司 A kind of CC attack defense methods and its system of defense
CN113194059A (en) * 2021-02-24 2021-07-30 天津大学 Method for selecting defense strategy of moving target
CN113407949A (en) * 2021-06-29 2021-09-17 恒安嘉新(北京)科技股份公司 Information security monitoring system, method, equipment and storage medium
CN113542227A (en) * 2021-06-18 2021-10-22 杭州安恒信息技术股份有限公司 Account security protection method and device, electronic device and storage medium
CN114124585A (en) * 2022-01-28 2022-03-01 奇安信科技集团股份有限公司 Security defense method, device, electronic equipment and medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808078A (en) * 2009-02-13 2010-08-18 北京启明星辰信息技术股份有限公司 Intrusion defence system having active defence capability and method thereof
CN101582883A (en) * 2009-06-26 2009-11-18 西安电子科技大学 System and method for managing security of general network
CN102934122A (en) * 2010-05-07 2013-02-13 阿尔卡特朗讯公司 Method for adapting security policies of an information system infrastructure
CN104092668A (en) * 2014-06-23 2014-10-08 北京航空航天大学 Method for constructing safety service of reconfigurable network
CN106789983A (en) * 2016-12-08 2017-05-31 北京安普诺信息技术有限公司 A kind of CC attack defense methods and its system of defense
CN113194059A (en) * 2021-02-24 2021-07-30 天津大学 Method for selecting defense strategy of moving target
CN113542227A (en) * 2021-06-18 2021-10-22 杭州安恒信息技术股份有限公司 Account security protection method and device, electronic device and storage medium
CN113407949A (en) * 2021-06-29 2021-09-17 恒安嘉新(北京)科技股份公司 Information security monitoring system, method, equipment and storage medium
CN114124585A (en) * 2022-01-28 2022-03-01 奇安信科技集团股份有限公司 Security defense method, device, electronic equipment and medium

Similar Documents

Publication Publication Date Title
US8949988B2 (en) Methods for proactively securing a web application and apparatuses thereof
US8429751B2 (en) Method and apparatus for phishing and leeching vulnerability detection
US20100199345A1 (en) Method and System for Providing Remote Protection of Web Servers
Tajalizadehkhoob et al. Herding vulnerable cats: a statistical approach to disentangle joint responsibility for web security in shared hosting
WO2008151321A2 (en) Systems, methods, and media for enforcing a security policy in a network including a plurality of components
WO2009039434A2 (en) System and method for detecting security defects in applications
US8713674B1 (en) Systems and methods for excluding undesirable network transactions
Fraunholz et al. Defending web servers with feints, distraction and obfuscation
Gupta et al. Taxonomy of cloud security
Ng et al. Honeypot frameworks and their applications: a new framework
Zhang et al. I'm SPARTACUS, No, I'm SPARTACUS: Proactively Protecting Users from Phishing by Intentionally Triggering Cloaking Behavior
Jayamsakthi Shanmugam Cross Site Scripting-Latest developments and solutions: A survey
Zhao et al. Network security model based on active defense and passive defense hybrid strategy
CN107294994B (en) CSRF protection method and system based on cloud platform
Sommestad et al. A test of intrusion alert filtering based on network information
Nguyen et al. Preventing the attempts of abusing cheap-hosting Web-servers for monetization attacks
CN114710331A (en) Security defense method and network security equipment
Joshi et al. A Detailed Evaluation of SQL Injection Attacks, Detection and Prevention Techniques
Nilsson et al. Vulnerability scanners
Muttoo et al. Analysing security checkpoints for an integrated utility-based information system
Madhusudhan Cross channel scripting (XCS) attacks in web applications: detection and mitigation approaches
Ng et al. Specialized honeypot applications
Amuthadevi et al. A Study on Web Application Vulnerabilities to find an optimal Security Architecture
Sadana et al. Analysis of cross site scripting attack
Dave et al. Security policy implementation using connection and event log to achieve network access control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20220705