CN114979108A - System, method, equipment and medium for remote assistance and safety audit - Google Patents
System, method, equipment and medium for remote assistance and safety audit Download PDFInfo
- Publication number
- CN114979108A CN114979108A CN202210478423.9A CN202210478423A CN114979108A CN 114979108 A CN114979108 A CN 114979108A CN 202210478423 A CN202210478423 A CN 202210478423A CN 114979108 A CN114979108 A CN 114979108A
- Authority
- CN
- China
- Prior art keywords
- remote assistance
- instruction
- remote
- audit
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012550 audit Methods 0.000 title claims abstract description 136
- 238000000034 method Methods 0.000 title claims abstract description 79
- 230000005540 biological transmission Effects 0.000 claims abstract description 52
- 238000007726 management method Methods 0.000 claims abstract description 24
- 230000009191 jumping Effects 0.000 claims abstract description 14
- 238000012545 processing Methods 0.000 claims abstract description 13
- 230000008569 process Effects 0.000 claims description 40
- 238000012795 verification Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 6
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 13
- 230000006872 improvement Effects 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 238000004140 cleaning Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000033001 locomotion Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Abstract
The invention relates to a system, a method, equipment and a medium for remote assistance and security audit, which comprises the following steps: the system comprises a remote assistance cloud platform and a remote assistance board jumping machine; the long-range assistance springboard machine includes: the remote assistance system comprises a remote assistance control module, a login authentication module and a remote assistance client which are connected with a remote assistance cloud platform; the remote assistance client is sequentially connected with the security audit module, the various target devices and the remote assistance module supporting various remote assistance protocols, the security audit module is further connected with the history record module, and the remote assistance module is further connected with the manager management module, the host management module and the connection management module. According to the invention, the operation instruction of the remote assistance personnel is screened out by directly intercepting, analyzing and technically processing the related transmission content of the Guacamole transmission protocol and is compared and checked with the preset forbidden instruction table, so that the safety audit function of the remote assistance instruction is realized, the operation is simple and direct, the safety and the reliability are high, and the applicability is stronger and wider.
Description
Technical Field
The invention relates to a system, a method, equipment and a medium for remote assistance and security audit, in particular to a system, a method, equipment and a medium for computer network, and a system, a method, equipment and a medium for remote interaction and security assurance.
Background
With the positive advancement of informatization construction of various industries, IT systems and hardware devices thereof increasingly become infrastructure and key factors for stable operation. Due to the complexity of the IT system, when an abnormality or a failure occurs, a user often needs to contact a technician who purchases equipment in the original factory to remotely assist in handling the abnormality or the failure for home repair. But users do not want to be exposed to other non-company internal personnel, since critical data information is usually stored in the device. Meanwhile, the user hopes to record the screen and perform safety audit on the operation of the original factory technician, and serious accidents such as data loss caused by misoperation are avoided.
Currently, third-party remote desktop or remote assistance software which is mainstream in the market generally has no security audit function and no operation recording function, and a user must watch each operation of a remote technician in front of a screen at any time so as to avoid some dangerous operation instructions of the remote technician. In addition, when the remote assistance is completed, the user needs to reset the password or close the remote software, so that other illegal remote operations caused by the leakage of the account password are avoided. Third, remote assistance typically requires direct access to the abnormal IT devices, which are required to access the internet, increasing the risk of external network attacks and virus attacks. How to protect the privacy of users in remote assistance, avoid invasion and reduce the workload of safety department staff is a problem to be solved.
Disclosure of Invention
In order to overcome the problems of the prior art, the invention provides a system, a method and a medium for remote assistance and security audit. The system, the method, the equipment and the medium establish a transmission channel based on the Guacamole protocol between the remote terminal browser and the screen recording file, thereby realizing the function of quickly and simply reproducing the original remote operation process on the remote terminal browser.
The purpose of the invention is realized as follows: a system for remote assistance and security auditing, comprising: the system comprises a remote assistance cloud platform and a remote assistance board jumping machine; the long-distance assistance springboard machine comprises: the remote assistance system comprises a remote assistance control module, a login authentication module and a remote assistance client which are connected with a remote assistance cloud platform; the remote assistance client is sequentially connected with a security audit module, a plurality of target devices and a remote assistance module supporting a plurality of remote assistance protocols, the security audit module is also connected with a history record module, and the remote assistance module is also connected with a manager management module, a host management module and a connection management module;
the remote assistance control module establishes stable connection between a remote assistance cloud platform and a remote assistance springboard machine through a remote control protocol, applies for allocating a remote assistance port to the remote assistance cloud platform, and dynamically allocates the port for remote assistance connection by the remote assistance cloud platform;
the remote assistance board jumping machine is remote assistance equipment which is deployed at one side of a user;
the manager management module is a functional module which is deployed on the remote assistance board jumping machine and used for managing and individually setting remote assistance personnel;
the host management module is a functional module which is deployed on the remote assistance board jumping machine and is used for managing the remote assistance target equipment;
the connection management module is a functional module which is deployed on the board jump machine and is used for managing the current remote assistance connection;
the history recording module is used for managing remote assistance history records;
the remote assistance module is a functional module which is deployed on the board jump machine and is used for carrying out remote interaction between the board jump machine and target equipment through a Guacamole protocol;
the safety audit module analyzes and technically processes related transmission contents of the Guacamole transmission protocol, uses a forbidden list to safely audit the remote assistance instruction, and records the remote assistance process;
the remote assistance client is a remote assistance desktop display module deployed on a remote assistance springboard machine;
the login authentication module is a user login functional module, a user can set a plurality of connection accounts and passwords with different permissions for the target equipment through the login authentication module, and the account password and the corresponding permission for the remote assistant to establish connection are specified according to the type of the remote assistant.
Furthermore, the springboard machine simultaneously supports three protocols of VNC, SSH and RDP to be connected with the target equipment through a remote desktop provided by the Guacamole.
Further, the instruction disable includes a specific instruction disable table and a general instruction disable table.
A method for performing security audit on remote assistance command using the above system, the method comprising the steps of:
step 1, initiating remote assistance: a user applies for a remote assistance port from a remote assistance cloud platform;
step 2, sending preset information: the administrator informs preset remote assistance personnel information including a remote assistance account and a password, and a remote assistance cloud platform address and a remote assistance cloud platform port to the remote assistance personnel; a password for remote assistance or a time limit set by the administrator;
and step 3, logging in: the remote assistance personnel logs in the trigger jump machine through a port link dynamically distributed by the remote assistance cloud platform and enters a remote assistance client interface;
step 4, remote assistance: the method comprises the steps that remote assistance personnel select one of connection devices preset by a user or a manager to establish remote connection through a security audit module, and execute remote assistance operation and check a remote desktop of target equipment at a remote assistance client; in the process of remote assistance, establishing an instruction information list according to the time sequence of remote assistance operation, selecting whether to record the instruction of the remote assistance operation according to the preset setting of a manager, and recording all remote operation instructions to form a screen recording file if the instruction of the remote assistance operation is selected to be recorded;
and step 5, safety audit: carry out the security audit to remote assistance personnel's operation by the security audit module, the mode of security audit includes: performing in-process audit and post-event audit;
the audit mode in the affairs is as follows: according to the preset of a manager, comparing and verifying operation instructions of remote assistance personnel in the remote assistance process, including operation instructions of a keyboard and a mouse, with a forbidden instruction list, and forwarding if the operation instructions pass or not forwarding if the operation instructions do not pass;
the post audit mode is as follows: after the remote assistance is finished, starting playback of the screen recording file, comparing operation instructions of all remote assistance personnel in the playback process, including operation instructions of a keyboard and a mouse, with a forbidden instruction list, and verifying audit results in the process;
and 6, finishing auditing: if the audit is in-process, finishing the remote assistance audit and the recording of the remote assistance operation instruction at the same time when the remote assistance is finished; and if the audit is carried out afterwards, finishing the audit after the playback of the whole remote assistance process is finished.
Further, the recording of the instruction of the remote assistance operation in the step 5 can be limited by setting a recording time length.
Furthermore, the safety audit module preferentially executes comparison and verification on the exclusive instruction forbidden list.
Further, the said audit mode includes the following sub-steps:
a substep 101 of intercepting the transmission: intercepting the transmission content which is sent to the target equipment by the remote assistance client of the board jump machine and is based on the Guacamole transmission protocol;
a sub-step 102 of determining the operating device: analyzing the transmission content, and determining the operation type to be mouse operation or keyboard operation;
substep 103, parsing the transmission: analyzing the contained instruction content by combining mouse and keyboard operation and screen echo transmission content, analyzing a character instruction by keyboard operation, and analyzing a moving coordinate, a click position and background operation or instruction of the click position of the mouse on a screen by mouse operation;
substep 104, determining whether to disable: comparing the content of the operation instruction with a preset forbidden instruction table, judging whether the operation instruction is forbidden or not, if the operation instruction is not forbidden, normally forwarding the instruction content, and otherwise, intercepting the operation instruction and not forwarding the operation instruction;
substep 105, storing: and storing the instruction content, the instruction type and the processing time information of the instruction, constructing an instruction information list and forming a screen recording file.
Further, the post-audit mode comprises the following sub-steps:
substep 201, the user sets: setting instruction backtracking interval time and playback speed by a user, and if the instruction backtracking interval time and the playback speed are not set, setting the backtracking interval time to be 2 seconds by default and setting the playback speed to be 3 times;
sub-step 202, reading information: reading an instruction information list of the content, the type and the processing time of the remote assistance operation instruction in the screen recording file;
substep 203, instruction fast backtracking: starting playback at a set playback speed, reading the first piece of instruction information according to the sequence of the instruction information list, quickly returning to a position 1/2 before instruction processing time, and then starting to play the content with the set back interval time at 1 speed, thereby realizing instruction quick back tracking;
substep 204, command recognition: performing instruction analysis and identification on the transmission content of the current instruction playing segment, judging whether the transmission content is consistent with the corresponding instruction identification result during instruction safety check in the process, and giving prompt information;
substep 205, determining whether to end: after one instruction is identified, judging whether the instruction is the last instruction of the screen recording file, if so, finishing auditing, and if not, entering a substep 206;
substep 206, determining playback speed: after auditing is finished, reading next instruction information, and judging whether the time interval with the current moment is greater than the set backtracking interval time of 1/2, if so, resuming to play back the screen recording file at the set playback speed; if the value is less than the preset value, the playback is continued at the normal speed; and returning to the substep 204 after the determination, and continuing to backtrack and audit the next piece of instruction information until the screen recording file is played completely.
An electronic device comprising a memory, a processor, and a computer program stored on the memory and running on the processor, when executing the computer program, implementing the system for remote assistance and security audit of any of claims 1 to 3.
A computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of remote assistance and security audit according to any one of claims 4 to 8.
The invention has the advantages and beneficial effects that: the invention establishes a stable link between the remote assistance board jumping machine and the remote assistance cloud platform through a special protocol and dynamically allocates ports. Remote assistance personnel can not directly link the trigger, but link the trigger through a port dynamically allocated by the remote assistance cloud platform, so that the exposure of relevant ip information of the trigger is avoided, and the data safety is guaranteed. In addition, the system can cut off the link between the trigger of jumping and the private cloud platform at any time, and the third party personnel can not carry out remote control to the target equipment any more.
The invention carries out remote assistance operation on the target equipment in the same local area network through the trigger jump machine, avoids directly linking the target equipment, ensures that the target equipment can be free from accessing the internet and being attacked by an external network, and further ensures the system safety and the data safety of the target equipment.
The invention can manage remote assistant personnel of different companies and different types, sets corresponding authority, and supports personalized setting of whether to record a screen, the overdue time of the password, the target equipment which can be remotely linked, the user logging in the target equipment and the password, thereby meeting different business requirements.
The invention supports the functions of replaying historical operation records and backtracking instructions, and supports the function of regularly cleaning historical operation record files.
The invention screens the operation instruction of the remote assistance personnel by directly intercepting, analyzing and technically processing the related transmission content of the Guacamole transmission protocol, compares and checks the operation instruction with the preset forbidden instruction table, normally forwards the operation instruction if the operation instruction is not forbidden, and does not forward the operation instruction if the operation instruction is forbidden, thereby realizing the safety audit function of the remote assistance instruction, and the invention has simple and direct operation, safety and reliability, and stronger and wider applicability.
Drawings
The invention is further illustrated by the following figures and examples.
FIG. 1 is a schematic block diagram of a system according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method according to a fourth embodiment of the present invention;
FIG. 3 is a flow chart of an audit in fact according to a seventh embodiment of the invention;
FIG. 4 is a flow chart of an embodiment of the present invention illustrating post audit.
Detailed Description
The first embodiment is as follows:
the embodiment is a system for remote assistance and security audit, as shown in fig. 1. The remote assistance in this embodiment is implemented based on Guacamole. Guacamole is a VNC viewer based on HTML 5 and JavaScript, is a remote desktop gateway without a client, and supports standard protocols such as VNC/RDP/SSH and the like.
In the embodiment, the content transmitted by the Guacamole protocol is intercepted, analyzed and technically processed, the operation instruction of the remote assistance personnel is screened out, and is compared and checked with the preset forbidden instruction table, if the operation instruction is not forbidden, the operation instruction is normally forwarded, and if the operation instruction is forbidden, the operation instruction is not forwarded, so that the safety audit function of the remote assistance instruction is realized.
The embodiment comprises the following steps: the system comprises a remote assistance cloud platform and a remote assistance board jumping machine; the long-distance assistance springboard machine comprises: the system comprises a remote assistance control module, a login authentication module and a plurality of remote assistance clients, wherein the remote assistance control module is connected with the remote assistance cloud platform. The remote assistance client is sequentially connected with a security audit module, a plurality of target devices and a remote assistance module supporting a plurality of remote assistance protocols, the security audit module is further connected with a history record module, and the remote assistance module is further connected with a manager management module, a host management module and a connection management module.
The remote assistance control module establishes stable connection between the remote assistance cloud platform and the remote assistance springboard machine through a remote control protocol, applies for allocation of a remote assistance port to the remote assistance cloud platform, and dynamically allocates the port to the remote assistance cloud platform for remote assistance connection.
The remote assistance cloud platform can be a private cloud platform specially used for remote assistance functions or other remote assistance cloud platforms after being modified. The remote control protocol may be a proprietary protocol or other general protocol.
The remote assistance board jumping machine is remote assistance equipment which is deployed at one side of a user.
The purpose of using a remote trigger is to: when the remote assistance personnel perform remote assistance, the link is not directly established with the target equipment, but the trigger is interacted with the target equipment inside the local area network where the user is located, so that the safety performance is improved.
The manager management module is a functional module which is deployed on the remote assistance board jumping machine and used for managing and individually setting remote assistance personnel.
The manager management module can set target equipment for remote assistance of remote assistance personnel, and set remote assistance passwords, password expiration time, remote assistance personnel permission, screen recording and other items for the target equipment.
It should be noted that: the target device refers to a remotely assisted user device, and these devices exist physically, and may be a server, a server cluster, various storage devices, various network devices, and the like. The target device may be a plurality of kinds of devices belonging to a plurality of units, that is, the system described in the present embodiment may manage a plurality of devices of different kinds of a plurality of units; the user refers to the use or owner of the target equipment, and the manager is a manager of the remote assistance and safety audit system; the remote assistant refers to a maintainer such as an engineer providing remote assistance service for the target device. When the remote assistance and security audit system described in this embodiment manages only one unit of device, the user and the administrator may be combined into the same role, however, when one remote assistance and security audit system manages multiple units of devices, the roles of the user and the administrator need to be separated. The administrator needs to limit the authority of the user, so that the user can only check and manage the own device and the related information.
The host management module is a functional module which is deployed on the remote assistant board hopping machine and is used for managing the remote assistant target equipment.
The administrator can add, modify and delete target equipment through the host management module, can set whether the target equipment forbids remote assistance, and can set an account number and a password for logging in the target equipment.
The connection management module is a functional module which is deployed on the board jump machine and used for managing the current remote assistance connection.
Through the connection management module, a user or manager can check the currently-ongoing remote assistance related information and can manually disconnect the specified current remote connection.
The history module is used for managing remote assistance history.
A user or a manager checks the information, the connection duration and the like of the remotely linked remote assistant through the history recording module, and meanwhile, the user or the manager can also perform playback and instruction backtracking operations on the history screen recording file. If the user or the manager sets the storage duration of the screen recording file in advance, the history recording module is responsible for automatically cleaning the expired screen recording file so as to release the storage space.
The remote assistance module is a functional module which is deployed on the board jump machine and is used for remote interaction between the board jump machine and target equipment through a Guacamole protocol.
The trigger of the jump establishes remote connection with the target equipment through three protocols of VNC, SSH and RDP through the remote desktop support provided by Guacamole. Fig. 1 shows three target devices connected, where a target device a is a device of a windows operating system, such as a desktop, another target device B is a device of a Linux operating system, such as a server or a server cluster, and a target device C is connected to a Unix operating system, such as a server or a server cluster.
The safety audit module analyzes and technically processes related transmission contents of the Guacamole transmission protocol, uses a forbidden list to carry out safety audit on the remote assistance instruction, and records a remote assistance process.
The safety audit module analyzes and technically processes related transmission contents of the Guacamole transmission protocol, so that the safety audit function of the remote assistance instruction is realized, and the influence of dangerous instructions and misoperation on target equipment is avoided. The user or the manager can set a special instruction forbidden list according to the service requirement so as to standardize the use of the remote assistance instruction. In addition, the security audit module will record the remote assistance process according to the user's settings.
The remote assistance client is a remote assistance desktop display module deployed on a remote assistance springboard machine.
The remote assistance client displays the remote desktop of the assisted target equipment for the remote assistance personnel and monitors the operation of the remote assistance personnel.
The login authentication module is a user login function module, a user can set a plurality of connection accounts and passwords with different permissions for the target equipment through the login authentication module, and the account password and the corresponding permission for the remote assistance personnel to establish connection are specified according to the type of the remote assistance personnel.
When a user or a manager logs in the remote assistance and safety audit system through an account password, the login authentication module verifies the account password, and the manager gives corresponding system management authority according to the type of the user after the account password passes the verification. The login authentication module can establish a plurality of connection accounts and passwords for one device, and can also set the connection accounts, the passwords and the use permission for a plurality of devices respectively.
Example two:
this embodiment is an improvement of the first embodiment, and is a refinement of the board jumper of the first embodiment. The springboard machine described in this embodiment supports three protocols, VNC, SSH, and RDP, to be connected to the target device through the remote desktop provided by Guacamole.
The three protocols of VNC, SSH and RDP are common remote desktop protocols, and Guacamole can support the three protocols and provide more and more powerful remote protocol functions.
Example three:
the present embodiment is an improvement of the above-described embodiment, and is a refinement of the instruction forbidden table in the above-described embodiment. The instruction forbidden table described in this embodiment includes a dedicated instruction forbidden table and a general instruction forbidden table.
The exclusive instruction forbidden list is set according to the needs of a certain user and the characteristics of corresponding equipment (target equipment) used by the user. During detection, the exclusive instruction forbidden table is firstly used for comparison so as to detect the requirement of the project, and the detection efficiency is improved.
Example four:
the embodiment is a method for performing security audit on remote assistance instructions by using the system of the embodiment. The flow of the method is shown in fig. 2.
In the method of this embodiment, in the remote connection established based on the Guacamole transmission protocol, the transmission content of the Guacamole protocol sent to the destination device by the remote interface of the springboard machine is intercepted and analyzed, the mouse operation instruction and the keyboard operation instruction are screened out by a technical means, and the operation instruction and the operation time are stored, so as to facilitate instruction backtracking in the future. In the auditing of the remote assistance process described in this embodiment, a manner of comparing the operation instruction in the remote operation with an instruction forbidden list preset by a user or an administrator is adopted, and if the remote assistance instruction sent by the remote assistance person is listed in the forbidden instruction list, the relevant instruction is not forwarded to the target device any more, otherwise, the relevant instruction is forwarded normally, and the corresponding operation is allowed to be executed.
The method comprises two parts, namely a method for carrying out safety audit on remote operation instructions (including a mouse and a keyboard) during remote assistance and a method for carrying out automatic backtracking and audit on the remote operation instructions after the remote assistance is finished.
The method comprises the following steps:
step 1, initiating remote assistance: and applying for a remote assistance port from the remote assistance cloud platform by the user.
When the target device is used, if a user finds that the target device is in failure or a failed young stage, in order to seek remote assistance, the user needs to find an after-sales service provider which provides or sells the target device, find a maintenance professional who can solve the failure through the after-sales service provider, and after finding the maintenance professional, inform a system manager of the remote assistance and safety audit, that is, the user can enter the system of the remote assistance and safety audit, and then initiate the remote assistance.
Step 2, sending preset information: the administrator informs preset remote assistance personnel information including a remote assistance account and a password, and a remote assistance cloud platform address and a remote assistance cloud platform port to the remote assistance personnel; a password for remote assistance or a time limit set by the administrator;
the system for remote assistance and safety audit can manage different target equipment using units, different equipment suppliers and different types of remote assistance personnel, set corresponding permissions, and support personalized setting of whether to record a screen, the password expiration time, target equipment which can be remotely linked, a user logging in the target equipment and the password, so that different business requirements are met.
The user or the manager may not set a password expiration date, and the remote assistant may use the password for a long time, but for security, the user or the manager may set a password expiration time (password expiration date) for the remote assistant, and when the password expires, the connection is automatically disconnected.
And step 3, logging in: the remote assistance personnel logs in the trigger jump machine through a port link dynamically distributed by the remote assistance cloud platform and enters a remote assistance client interface;
the remote assistance and safety audit system establishes a stable link between the remote assistance board jumping machine and the remote assistance cloud platform through a special protocol (private protocol), and dynamically allocates ports. The remote assistance personnel can not directly link the trigger, but link the trigger through a port dynamically allocated by the private cloud platform, so that the exposure of the related ip information of the trigger is avoided, and the data safety is guaranteed. In addition, a user or a manager can cut off the link between the trigger and the remote assistance cloud platform at any time, so that third-party personnel including remote assistance personnel can not remotely control the target equipment any more.
The connection mode of remote assistance operation of the target equipment in the same local area network through the trigger is characterized in that the target equipment is prevented from being directly linked by an external network, so that the target equipment can be prevented from being accessed into the internet and being attacked by the external network, and the system safety and the data safety of the target equipment are ensured.
Step 4, remote assistance: the method comprises the steps that remote assistance personnel select one of connection devices preset by a user or a manager to establish remote connection through a security audit module, and execute remote assistance operation and check a remote desktop of target equipment at a remote assistance client; in the process of remote assistance, establishing an instruction information list according to the time sequence of remote assistance operation, selecting whether to record the instruction of the remote assistance operation according to the preset setting of a manager, and recording all remote operation instructions to form a screen recording file if the instruction of the remote assistance operation is selected to be recorded;
the step is that the remote assistant carries out routine work processes such as detection, maintenance and the like on the target equipment. The purpose of establishing the instruction information list is to arrange the order of instruction audit and quickly search the content of the remote assistance operation instruction when post-audit is carried out in the future.
And step 5, safety audit: carry out the security audit to remote assistance personnel's operation by the security audit module, the mode of security audit includes: performing in-process audit and post-event audit;
the audit mode in the affairs is as follows: according to the preset of a manager, comparing and verifying operation instructions of remote assistance personnel in the remote assistance process, including operation instructions of a keyboard and a mouse, with a forbidden instruction list, and forwarding if the operation instructions pass or not forwarding if the operation instructions do not pass;
the post audit mode is as follows: after the remote assistance is finished, starting playback of the screen recording file, comparing operation instructions of all remote assistance personnel in the playback process, including operation instructions of a keyboard and a mouse, with a forbidden instruction list, and verifying audit results in the process;
the audit is carried out in the process of remote assistance, and the instructions of the remote assistance are compared and verified with the forbidden instruction list one by one. The post audit can be regarded as further verification of the in-affair audit, and can also be used as supplement to the in-affair audit.
The forbidden instruction list is preset and comprises all forbidden instructions and forbidden ranges thereof. The forbidden instruction list can be set into two grades, one is a special instruction forbidden list set by an administrator for different service types and different users, and the other is a general instruction forbidden list. The safety audit module preferentially executes comparison and verification on the exclusive instruction forbidden list and then performs comparison and verification on the general forbidden instruction list so as to realize personalized audit.
And 6, finishing auditing: if the audit is in-process, finishing the remote assistance audit and the recording of the remote assistance operation instruction at the same time when the remote assistance is finished; and if the audit is performed afterwards, finishing the audit after the playback of the whole remote assistance process is finished.
The audit in the affair and the audit afterwards can be carried out separately respectively, namely, only the audit in the affair or the audit afterwards is carried out on a certain remote assistance operation process, the audit in the affair can also be carried out by combining the audit and the audit, namely, in a certain remote assistance operation process, the audit in the affair is carried out, and when the remote assistance process is finished, the screen recording file of the remote assistance operation process is taken immediately or after a period of time, and the audit is carried out on the screen recording file.
Example five:
the present embodiment is an improvement of the above-described embodiment, and is a refinement of the above-described embodiment regarding instruction recording of the remote assistance operation. The instruction for the remote assistance operation in step 5 described in this embodiment can be recorded by setting a limit recording duration.
The manager or the user can set whether to record or not and the storage time length of the recorded file, and when the storage time length is exceeded, the system can automatically clear the recorded file so as to save storage resources.
Example six:
the present embodiment is an improvement of the above-described embodiment, and is a refinement of the instruction forbidden table in the above-described embodiment. The security audit module preferentially performs comparison and verification on the exclusive instruction forbidden list.
The manager sets up the exclusive instruction forbidden list to different business types and different user demands, when carrying out the security audit, the security audit module then preferentially carries out the contrast verification to the exclusive instruction forbidden list, when carrying out the contrast verification to passing through the instruction forbidden list, though increased the procedure step, in practical application, the project that exclusive instruction forbidden list lists is the demand to specific equipment, consequently can save the project in the general instruction forbidden list greatly to this operating resource when practicing thrift the contrast.
Example seven:
the embodiment is an improvement of the above embodiment, and is a refinement of the above embodiment regarding audit in affairs, and the flow is shown in fig. 3.
The audit in this embodiment means: in the process of remote assistance, a remote assistance instruction sent by a remote assistance person is intercepted through a Guacamole transmission protocol, then a remote operation instruction (comprising a mouse and a keyboard) is analyzed, whether the remote operation instruction is a keyboard instruction or a mouse instruction is distinguished, then the keyboard instruction and the mouse instruction are respectively subjected to technical processing, namely the remote assistance instruction is compared with an instruction forbidden list, an instruction which is not listed in the instruction forbidden list is released, and otherwise the remote assistance instruction is intercepted.
The audit mode in this embodiment specifically includes the following sub-steps:
a substep 101 of intercepting the transmission: and intercepting the transmission content which is sent by the remote assistance client of the board jump machine to the target equipment and is based on the Guacamole transmission protocol.
The remote assistance module is internally provided with a Guacamole server and is connected with the target equipment through RDP/VNC/SSH and other common desktop protocols. And the web Socket connection is established between the remote assistance client of the jumper and the Guacamole server, and data interaction and transmission based on the Guacamole transmission protocol are carried out. The security audit module realizes interception of transmission contents by programming webSocket. Firstly, the operation content sent to the Guacamole server by the remote assistance client is read, then instruction auditing is carried out, the content passing the instruction auditing is normally forwarded to the Guacamole server, and the content not passing the auditing is not forwarded.
Substep 102, determining the operating device: and analyzing the transmission content, and determining the operation type to be mouse operation or keyboard operation.
The operation equipment is divided into two types: a mouse and a keyboard. Because the content transmitted by the mouse and the keyboard operation is different, the transmitted content of the keyboard is characters, and the mouse comprises a plurality of items of information such as movement, clicking and the like.
Substep 103, parsing the transmission: the method comprises the steps of combining mouse and keyboard operation and screen echo transmission content, analyzing contained instruction content, analyzing character instructions by keyboard operation, and analyzing moving coordinates and clicking positions of a mouse on a screen and background operation or instructions of the clicking positions by mouse operation.
The description of the operation content of the keyboard only assists in identifying the instruction and cannot completely identify and resolve the instruction through the description of the keyboard, because the user can hit the keyboard in a vi isopine corrector, and the operation is not the instruction but some file correction. In addition, many shortcut keys exist in the prior linux bash, for example, the command can be found through up-down or down-down, and the command can be filled by using TAB. In addition, when the operation and maintenance personnel input the instruction, the backspace is needed to correct the instruction when the input is wrong. Therefore, it is necessary to identify the contents of the keyboard input and the screen playback transmission, and the program determines the characters of the playback while determining the keyboard click order of the user, records all the preceding keyboards when presenting the return, and performs some determination in the playback to analyze the user operation command.
The transmission content of the screenshot is the transmission content of a Guacamole protocol sent by the remote target equipment to the remote assistance terminal of the trigger through the Guacamole server.
The user mouse operation part in the Guacamole transmission content comprises four actions of moving, clicking, loosening and moving out, coordinate information of a mouse and the like, so that the transmission content of the user mouse operation does not comprise specific instruction information, and the instruction content information needs to be judged by combining with the transmission content of the screen echoed display.
The content of the screen redisplay is the transmission content of the Guacamole protocol sent by the remote target equipment to the remote assistance client of the board jump machine through the Guacamole server (remote assistance module) before the mouse click operation. In the remote device assisted by RDP, no character exists in the screen redisplay, and the graphic information drawn by the GDI function is completely transmitted by the Guacamole protocol, so that any character cannot be obtained from the transmission data stream of the screen redisplay, the returned picture information needs to be subjected to image recognition, and the window title and the internal operation character are recognized from the image recognition to determine the content of the mouse operation instruction.
Substep 104, determining whether to disable: and comparing the content of the operation instruction with a preset forbidden instruction table, judging whether the operation instruction is forbidden or not, if the operation instruction is not forbidden, normally forwarding the instruction content, and otherwise, intercepting the operation instruction and not forwarding.
This sub-step is a key step in the audit. The forbidden instruction table is divided into a keyboard operation forbidden instruction table and a mouse operation forbidden instruction table, wherein forbidden instruction contents and forbidden ranges are listed. For example, a keyboard operation disable instruction rm (delete operation) is set in the keyboard operation disable instruction table, and the disable range is set as all directories by default, and if necessary, the disable directory may be set, for example, the disable range is set as/usr/local/directory. When comparing the instructions, the contents of the instructions are compared, and the forbidden ranges are compared at the same time. For example, the user operation instruction is rm-rf/usr/local/aaa/(delete/usr/local/aaa/directory), the comparison operation instruction is rm and is a forbidden instruction, and the comparison directory content is a subdirectory under the forbidden range/usr/local/directory and is within the forbidden range, so that the operation instruction belongs to the forbidden instruction and is intercepted and not forwarded.
Substep 105, storing: and storing the instruction content, the instruction type and the processing time information of the instruction, constructing an instruction information list and forming a screen recording file.
The purpose of storing and forming the screen recording file is to facilitate instruction backtracking in the future, namely, post audit. All operational instructions are stored, including instructions that are not forwarded are intercepted. And the command which is not forwarded after interception is an operation command which is judged to be dangerous, and is the key point of command audit after the fact.
When storing screen recording files, an instruction information list needs to be established. The instruction information list includes the instruction content, the instruction type and the processing time information, and the like, and also lists the instruction execution sequence, so that the instructions can be played back according to the instruction execution sequence during the playback, and confusion is avoided. Necessary screen recording videos can be stored in the screen recording files so as to perform detailed analysis on the remote assistance operation process.
Example eight:
the present embodiment is a modification of the above-described embodiment, and is a refinement of the above-described embodiment regarding post-audit. The method for automatically backtracking and auditing the remote operation instruction after the remote assistance is finished refers to a method for a manager to perform playback operation on a screen recording file recorded and generated in the remote operation process and perform quick automatic backtracking and auditing on the operation instruction after the remote operation is finished.
The post-audit mode described in this embodiment includes the following sub-steps, and the flow is shown in fig. 4:
substep 201, the user sets: the user sets instruction backtracking interval time and playback speed, if not, the default backtracking interval time is 2 seconds, and the playback speed is 3 times.
The speed of playback can be set as required, under the normal condition, if the audit is automatic, then only need in the audit process with remote assistance operation instruction with forbid the instruction table contrast can, consequently can replay fast, when carrying out artifical audit timing, then can adjust playback speed, the process of understanding remote assistance that makes the auditor can know clearly.
Substep 202, reading information: and reading an instruction information list of the content, the type and the processing time of the remote assistance operation instruction in the screen recording file.
In some special cases, the recorded video file may be called up for auditing when a manual audit is performed.
Substep 203, instruction fast backtracking: and starting playback at the set playback speed, reading the first piece of instruction information according to the sequence of the instruction information list, quickly returning to the position 1/2 before the instruction processing time for setting the backtracking interval time, and then starting playing the content with the set backtracking interval time at the speed of 1 time, thereby realizing instruction quick backtracking.
When the operation command is traced back, in order to see the operation content of the user clearly, the tracing back is not started at the time point of the transmission of the operation command, but is started 1 second before the transmission (preceding 1/2 tracing back interval time) and is ended 1 second after the transmission (following 1/2 tracing back interval time).
The backtracking interval time is: and backtracking the time length of playing the important segment where the operation instruction is positioned at the normal speed. In order to save the auditing time, the screen recording file is quickly traced back, and for the non-instruction segment, the playback speed is faster, usually 3 times faster. For the important segment with the operation instruction, the playing speed is reduced to the normal 1-time speed for playing, the playing time of the segment is the backtracking interval time, and the segment is set by an audit manager in advance, and the default time is 2 seconds if the playback time is not set.
Substep 204, the instruction identifies: and analyzing and identifying the transmission content of the current instruction playing segment, judging whether the instruction identification result is consistent with the corresponding instruction identification result in the process of instructing safety audit, and giving prompt information.
The identification of the instruction comprises the instruction sent by a keyboard and a mouse, the identification process comprises the comparison with an instruction forbidden table, the comparison with the corresponding judgment of the prior audit, the judgment prompt information which passes or does not pass the instruction forbidden table and the prompt information which is whether the judgment is consistent with the judgment in the prior art.
Substep 205, determining whether to end: and after one instruction is identified, judging whether the instruction is the last instruction of the screen recording file, if so, ending the audit, and if not, entering the substep 206.
Substep 206, determining playback speed: after the audit is finished, reading next instruction information, and judging whether the time interval with the current moment is greater than the set backtracking interval time of 1/2, if so, resuming to play back the screen recording file at the set playback speed; if the value is less than the preset value, the playback is continued at the normal speed; and returning to the substep 204 after the determination, and continuing to backtrack and audit the next piece of instruction information until the screen recording file is played completely.
Finally, it should be noted that the above is only for illustrating the technical solution of the present invention and not for limiting, although the present invention has been described in detail with reference to the preferred arrangement, it should be understood by those skilled in the art that the technical solution of the present invention (such as the form and composition of the trigger, the function and combination of each module, the sequence of steps, etc.) can be modified or equivalently replaced without departing from the spirit and scope of the technical solution of the present invention.
Claims (10)
1. A system for remote assistance and security auditing, comprising: the system comprises a remote assistance cloud platform and a remote assistance board jumping machine; the remote assistance springboard machine comprises: the remote assistance system comprises a remote assistance control module, a login authentication module and a remote assistance client which are connected with a remote assistance cloud platform; the remote assistance client is sequentially connected with a security audit module, a plurality of target devices and a remote assistance module supporting a plurality of remote assistance protocols, the security audit module is also connected with a history record module, and the remote assistance module is also connected with a manager management module, a host management module and a connection management module;
the remote assistance control module establishes stable connection between a remote assistance cloud platform and a remote assistance springboard machine through a remote control protocol, applies for allocating a remote assistance port to the remote assistance cloud platform, and dynamically allocates the port for remote assistance connection by the remote assistance cloud platform;
the remote assistance board jumping machine is remote assistance equipment which is deployed at one side of a user;
the manager management module is a functional module which is deployed on the remote assistance board hopping machine and used for managing and individually setting remote assistance personnel;
the host management module is a functional module which is deployed on the remote assistance board jumping machine and is used for managing the remote assistance target equipment;
the connection management module is a functional module which is deployed on the board jump machine and is used for managing the current remote assistance connection;
the history recording module is used for managing remote assistance history records;
the remote assistance module is a functional module which is deployed on the board jump machine and is used for remotely interacting the board jump machine and target equipment through a Guacamole protocol;
the safety audit module analyzes and technically processes related transmission contents of the Guacamole transmission protocol, uses a forbidden list to carry out safety audit on the remote assistance instruction, and records a remote assistance process;
the remote assistance client is a remote assistance desktop display module deployed on a remote assistance springboard machine;
the login authentication module is a user login functional module, a user can set a plurality of connection accounts and passwords with different permissions for the target equipment through the login authentication module, and the account password and the corresponding permission for the remote assistant to establish connection are specified according to the type of the remote assistant.
2. The system of claim 1, wherein the springboard machine is connected with the target device by a remote desktop provided by Guacamole and supporting three protocols of VNC, SSH and RDP.
3. The system of claim 2 wherein the instruction disable comprises a dedicated instruction disable table and a general instruction disable table.
4. A method for security auditing remote assistance instructions using the system of claim 3, the method comprising the steps of:
step 1, initiating remote assistance: a user applies for a remote assistance port from a remote assistance cloud platform;
step 2, sending preset information: the administrator informs preset remote assistance personnel information including a remote assistance account and a password, and a remote assistance cloud platform address and a remote assistance cloud platform port to the remote assistance personnel; a password for remote assistance or a time limit set by the administrator;
step 3, logging in: the remote assistance personnel logs in the trigger jump machine through a port link dynamically distributed by the remote assistance cloud platform and enters a remote assistance client interface;
step 4, remote assistance: the method comprises the steps that remote assistance personnel select one of connection devices preset by a user or a manager to establish remote connection through a security audit module, and execute remote assistance operation and check a remote desktop of target equipment at a remote assistance client; in the process of remote assistance, establishing an instruction information list according to the time sequence of remote assistance operation, selecting whether to record the instruction of the remote assistance operation according to the preset setting of a manager, and recording all remote operation instructions to form a screen recording file if the instruction of the remote assistance operation is selected to be recorded;
and step 5, safety audit: carry out the security audit to remote assistance personnel's operation by the security audit module, the mode of security audit includes: performing in-process audit and post-event audit;
the audit mode in the affairs is as follows: according to the preset of a manager, comparing and verifying operation instructions of remote assistance personnel in the remote assistance process, including operation instructions of a keyboard and a mouse, with a forbidden instruction list, and forwarding if the operation instructions pass or not forwarding if the operation instructions do not pass;
the post audit mode is as follows: after the remote assistance is finished, starting playback of the screen recording file, comparing operation instructions of all remote assistance personnel in the playback process, including operation instructions of a keyboard and a mouse, with a forbidden instruction list, and verifying audit results in the process;
and 6, finishing auditing: if the audit is in-process, finishing the remote assistance audit and the recording of the remote assistance operation instruction at the same time when the remote assistance is finished; and if the audit is carried out afterwards, finishing the audit after the playback of the whole remote assistance process is finished.
5. The method according to claim 4, wherein the recording of the instruction of the remote assistance operation in the step 5 can be performed by setting a limit recording time length.
6. The method of claim 5, wherein the security audit module preferentially performs a comparison verification on the forbidden list of proprietary instructions.
7. The method of claim 6, wherein the audit mode comprises the substeps of:
a substep 101 of intercepting the transmission: intercepting the transmission content which is sent to the target equipment by the remote assistance client of the board jump machine and is based on the Guacamole transmission protocol;
substep 102, determining the operating device: analyzing the transmission content, and determining the operation type to be mouse operation or keyboard operation;
substep 103, parsing the transmission: analyzing the contained instruction content by combining mouse and keyboard operation and screen echo transmission content, analyzing a character instruction by keyboard operation, and analyzing a moving coordinate, a click position and background operation or instruction of the click position of the mouse on a screen by mouse operation;
a substep 104 of determining whether to disable: comparing the content of the operation instruction with a preset forbidden instruction table, judging whether the operation instruction is forbidden or not, if the operation instruction is not forbidden, normally forwarding the instruction content, and otherwise, intercepting the operation instruction and not forwarding the operation instruction;
substep 105, storing: and storing the instruction content, the instruction type and the processing time information of the instruction, constructing an instruction information list and forming a screen recording file.
8. The method of claim 7, wherein the post-audit mode comprises the sub-steps of:
substep 201, the user sets: setting instruction backtracking interval time and playback speed by a user, and if the instruction backtracking interval time and the playback speed are not set, setting the backtracking interval time to be 2 seconds by default and setting the playback speed to be 3 times;
substep 202, reading information: reading an instruction information list of the content, the type and the processing time of the remote assistance operation instruction in the screen recording file;
substep 203, instruction fast backtracking: starting playback at a set playback speed, reading the first piece of instruction information according to the sequence of the instruction information list, quickly returning to a position 1/2 before instruction processing time, and then starting to play the content with the set back interval time at 1 speed, thereby realizing instruction quick back tracking;
substep 204, the instruction identifies: performing instruction analysis and identification on the transmission content of the current instruction playing segment, judging whether the instruction identification result is consistent with the corresponding instruction identification result in the instruction safety audit in the process, and giving prompt information;
substep 205, determining whether to end: after one instruction is identified, judging whether the instruction is the last instruction of the screen recording file, if so, finishing auditing, and if not, entering a substep 206;
substep 206, determining playback speed: after auditing is finished, reading next instruction information, and judging whether the time interval with the current moment is greater than the set backtracking interval time of 1/2, if so, resuming to play back the screen recording file at the set playback speed; if the value is less than the preset value, the playback is continued at the normal speed; and returning to the substep 204 after the determination, and continuing to backtrack and audit the next piece of instruction information until the screen recording file is played completely.
9. An electronic device comprising a memory, a processor, and a computer program stored on the memory and running on the processor, wherein the processor, when executing the computer program, implements the system for remote assistance and security audit of any of claims 1 to 3.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method of remote assistance and security audit according to any one of claims 4 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210478423.9A CN114979108A (en) | 2022-05-05 | 2022-05-05 | System, method, equipment and medium for remote assistance and safety audit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210478423.9A CN114979108A (en) | 2022-05-05 | 2022-05-05 | System, method, equipment and medium for remote assistance and safety audit |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114979108A true CN114979108A (en) | 2022-08-30 |
Family
ID=82980157
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210478423.9A Pending CN114979108A (en) | 2022-05-05 | 2022-05-05 | System, method, equipment and medium for remote assistance and safety audit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114979108A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101951364A (en) * | 2010-08-25 | 2011-01-19 | 深圳市傲冠软件股份有限公司 | Method and system for realizing security audit function in remote control process |
| US20140223300A1 (en) * | 2012-02-22 | 2014-08-07 | Tencent Technology (Shenzhen) Company Limited | Remote assistance method, system and terminal |
| CN104135389A (en) * | 2014-08-14 | 2014-11-05 | 华北电力大学句容研究中心 | SSH protocol operation and maintenance auditing system and method based on proxy technology |
| WO2015117367A1 (en) * | 2014-08-21 | 2015-08-13 | 中兴通讯股份有限公司 | Remote assistance control method and device |
| CN105610946A (en) * | 2015-12-30 | 2016-05-25 | 北京奇艺世纪科技有限公司 | Docker technology based cloud jump server system |
| US20200213368A1 (en) * | 2018-12-27 | 2020-07-02 | Mega Vision Boards, Inc. | Interactive Intelligent Educational Board and System |
| CN113891034A (en) * | 2020-07-03 | 2022-01-04 | 山东华软金盾软件股份有限公司 | Video management method based on session |
| CN114285761A (en) * | 2021-12-27 | 2022-04-05 | 北京邮电大学 | Video recording and OCR technology-based board jumper illegal operation detection method |
| CN114356607A (en) * | 2022-01-04 | 2022-04-15 | 北京沃东天骏信息技术有限公司 | Execution control method and device of remote command, first equipment and storage medium |
-
2022
- 2022-05-05 CN CN202210478423.9A patent/CN114979108A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101951364A (en) * | 2010-08-25 | 2011-01-19 | 深圳市傲冠软件股份有限公司 | Method and system for realizing security audit function in remote control process |
| US20140223300A1 (en) * | 2012-02-22 | 2014-08-07 | Tencent Technology (Shenzhen) Company Limited | Remote assistance method, system and terminal |
| CN104135389A (en) * | 2014-08-14 | 2014-11-05 | 华北电力大学句容研究中心 | SSH protocol operation and maintenance auditing system and method based on proxy technology |
| WO2015117367A1 (en) * | 2014-08-21 | 2015-08-13 | 中兴通讯股份有限公司 | Remote assistance control method and device |
| CN105610946A (en) * | 2015-12-30 | 2016-05-25 | 北京奇艺世纪科技有限公司 | Docker technology based cloud jump server system |
| US20200213368A1 (en) * | 2018-12-27 | 2020-07-02 | Mega Vision Boards, Inc. | Interactive Intelligent Educational Board and System |
| CN113891034A (en) * | 2020-07-03 | 2022-01-04 | 山东华软金盾软件股份有限公司 | Video management method based on session |
| CN114285761A (en) * | 2021-12-27 | 2022-04-05 | 北京邮电大学 | Video recording and OCR technology-based board jumper illegal operation detection method |
| CN114356607A (en) * | 2022-01-04 | 2022-04-15 | 北京沃东天骏信息技术有限公司 | Execution control method and device of remote command, first equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 艾奇昆;: "部署堡垒机保障运维安全", 网络安全技术与应用, no. 02, 15 February 2017 (2017-02-15), pages 27 - 29 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230379362A1 (en) | Honeypots for infrastructure-as-a-service security | |
| US8972945B2 (en) | Collaborative software debugging in a distributed system with client-specific access control | |
| US10158670B1 (en) | Automatic privilege determination | |
| US7647631B2 (en) | Automated user interaction in application assessment | |
| CN110035088A (en) | Method and apparatus based on RPA remote control operation system automated log on | |
| US8024453B2 (en) | Monitoring performance of dynamic web content applications | |
| CN107623698B (en) | Method and device for remotely debugging network equipment | |
| US20220239735A1 (en) | State management for device-driven management workflows | |
| US20150067399A1 (en) | Analysis, recovery and repair of devices attached to remote computing systems | |
| US20170177878A1 (en) | Computer-implemented command control in information technology service environment | |
| Vehent | Securing DevOps: security in the cloud | |
| US9965624B2 (en) | Log analysis device, unauthorized access auditing system, computer readable medium storing log analysis program, and log analysis method | |
| CN112994958A (en) | Network management system, method and device and electronic equipment | |
| US20100058441A1 (en) | Information processing limitation system and information processing limitation device | |
| CN114285761B (en) | Diving board machine illegal operation detection method based on video recording and OCR technology | |
| US20200267146A1 (en) | Network analytics for network security enforcement | |
| CN112838951B (en) | Operation and maintenance method, device and system of terminal equipment and storage medium | |
| US9769144B2 (en) | Method for logging of a remote control session | |
| CN114979108A (en) | System, method, equipment and medium for remote assistance and safety audit | |
| JP2022104878A (en) | System and method for preventing malicious process from being injected into software | |
| Cisco | Release Notes for Cisco AccessPath Manager Software Release 2.0 | |
| CN114465766B (en) | SSH-based remote access method and device, electronic equipment and storage medium | |
| KR100807055B1 (en) | Automatically internet connection method using point-to-point protocol | |
| US11936678B2 (en) | System and techniques for inferring a threat model in a cloud-native environment | |
| US9848000B2 (en) | Resource access |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |