CN115150189A - Method for automatically intercepting outgoing files based on enterprise private cloud disk - Google Patents
Method for automatically intercepting outgoing files based on enterprise private cloud disk Download PDFInfo
- Publication number
- CN115150189A CN115150189A CN202210900632.8A CN202210900632A CN115150189A CN 115150189 A CN115150189 A CN 115150189A CN 202210900632 A CN202210900632 A CN 202210900632A CN 115150189 A CN115150189 A CN 115150189A
- Authority
- CN
- China
- Prior art keywords
- file
- interception
- conditions
- information
- sent out
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000004806 packaging method and process Methods 0.000 claims abstract description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for automatically intercepting outgoing files based on a private cloud disk of an enterprise, which comprises the following steps: setting interception condition information sent by a file in the cloud disk system, and setting the priority order of interception condition judgment in the interception condition information; the method comprises the steps that a user terminal sends a request for an outgoing file to a cloud disk system, the cloud disk system performs packaging operation on the file to be outgoing of the user terminal, and file package information of the file to be outgoing is obtained; and after acquiring the file packet information, the cloud disk system judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, if not, the file to be sent out is intercepted, and if so, the file to be sent out is sent. The method and the device can realize the step-by-step judgment of the interception condition, effectively improve the accuracy of the outgoing of the file to be outgoing, simultaneously effectively ensure the safety of the outgoing of the file to be outgoing and effectively improve the experience of a user.
Description
Technical Field
The invention relates to the field of file sending interception, in particular to a method for automatically intercepting file outgoing based on an enterprise private cloud disk.
Background
The outgoing of the enterprise cloud disk file is automatically intercepted: after the enterprise deploys the private cloud disk, internal staff of the enterprise want to send files to an external network through the enterprise cloud disk, an outgoing file detection mechanism is automatically triggered through an outgoing condition strategy preset in a cloud disk system, and intelligent interception is carried out according to a preset outgoing interception strategy. However, in the current private cloud disk software of the enterprise, a good interception management scheme is not provided for the file security outgoing, and especially in a complex use environment, user requirements are difficult to meet when the user requirements are variable, so that accurate and effective interception of the file outgoing cannot be realized, and the security of the file outgoing is low.
Accordingly, the prior art is deficient and needs improvement.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, provides an enterprise private cloud disk file outgoing automatic interception method, and solves the problem that the file outgoing safety is low due to the fact that accurate and effective interception of the file outgoing cannot be achieved in the prior art.
The technical scheme of the invention is as follows: a method for automatically intercepting outgoing files based on a private cloud disk of an enterprise comprises the following steps:
s1: and setting intercepting condition information sent out by the file in the cloud disk system, and setting the priority order of the intercepting condition judgment in the intercepting condition information.
The interception condition in the interception condition information includes: user account number intercepting conditions and/or user IP intercepting conditions and/or file information intercepting conditions.
S2: the user terminal sends a request for sending out the file to the cloud disk system, and the cloud disk system performs packaging operation on the file to be sent out of the user terminal and obtains file package information of the file to be sent out.
The file package information includes: IP address and account information of the user terminal, size and number of the file to be sent out and type of the file to be sent out.
S3: and after acquiring the file packet information, the cloud disk system judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, if not, the file to be sent out is intercepted, and if so, the file to be sent out is sent.
Further, after the step S3, the method further includes:
s4: and if the file to be sent out is intercepted, the cloud disk system sends a file intercepting notice to the user terminal, and the intercepted file to be sent out is stored in the file intercepting area.
Further, the user account interception condition is whether the user account belongs to a user account in the designated user account information, wherein the designated user account information comprises at least one designated user account; and the user IP interception condition is whether the IP address of the user terminal belongs to the IP address in the external blacklist or not.
Further, the file information intercepting condition is whether the file type and/or the file size and/or the file number respectively meet the requirements of a corresponding preset file type, a corresponding preset file size threshold and a corresponding preset file number threshold.
Further, the priority order of the interception condition determination is as follows: the method comprises the following steps of user account interception conditions, user IP interception conditions, file information interception conditions or user account interception conditions, file information interception conditions, user IP interception conditions or user IP interception conditions, user account interception conditions, file information interception conditions or user IP interception conditions, file information interception conditions, user account interception conditions or file information interception conditions, user account interception conditions, user IP interception conditions or file information interception conditions, user IP interception conditions and user account interception conditions.
Further, the step S3 is: after acquiring the file packet information, the cloud disk system sequentially judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, if not, the file to be sent out is intercepted, and if one of the interception conditions is met, the judgment process is stopped, and the file to be sent out is sent.
By adopting the scheme, the invention provides an enterprise private cloud disk file outgoing automatic interception method, which has the following beneficial effects: the method can judge whether the file to be sent out meets the set interception condition or not according to the interception condition information set in the cloud disk system and the priority sequence judged by the interception condition in the interception condition information, if the file to be sent out meets the set interception condition, the file to be sent out is directly sent out, if the file to be sent out does not meet the set interception condition, the judgment operation can be sequentially carried out according to the priority sequence judged by the set interception condition, and when the file to be sent out does not meet all the interception conditions, the file to be sent out cannot be sent out, so that the file to be sent out is directly intercepted, the outgoing safety of the file to be sent out is ensured, meanwhile, the step-by-step judgment of the interception condition can be realized, the outgoing accuracy of the file to be sent out is effectively improved, meanwhile, the outgoing safety of the file to be sent out is effectively ensured, and the experience of a user is effectively improved.
Drawings
FIG. 1 is a block flow diagram of the present invention.
Detailed Description
The invention is described in detail below with reference to the figures and the specific embodiments.
Referring to fig. 1, the present invention provides a method for automatically intercepting outgoing files based on an enterprise private cloud disk, including:
s1: and setting intercepting condition information sent out by the file in the cloud disk system, and setting the priority order of the intercepting condition judgment in the intercepting condition information.
Specifically, the interception condition in the interception condition information includes: user account number intercepting conditions and/or user IP intercepting conditions and/or file information intercepting conditions. Therefore, there may be a plurality of the set interception conditions at the same time, or there may be only one interception condition, and when there are a plurality of the interception conditions, the priority order of the corresponding interception conditions when performing the determination needs to be set, so that the determination is performed in sequence according to the set priority order when performing the determination. Specifically, in this embodiment, the interception condition information is simultaneously provided with a user account interception condition, a user IP interception condition, and a file information interception condition, and the priority order determined by the interception condition is the user IP interception condition, the user account interception condition, and the file information interception condition.
S2: the cloud disk system packs files to be sent out of the user terminal, detects the files to be sent out and acquires file pack information of the files to be sent out.
Specifically, in this embodiment, the package information includes: the IP address and account information of the user terminal, the size and the number of the files to be sent out and the type of the files to be sent out. Specifically, the type of the file to be sent out may be set according to actual requirements, for example, the file is in an exe or txt format, and in this embodiment, the type of the file to be sent out is in a txt format.
S3: and after acquiring the file packet information, the cloud disk system judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, if not, the file to be sent out is intercepted, and if so, the file to be sent out is sent. In this embodiment, when determining, it is first determined whether the IP address of the user terminal meets the requirement of the user account interception condition, if yes, the file to be sent out is directly sent out, if not, it is further determined whether the user account of the user terminal meets the requirement of the user account interception condition, if yes, the file to be sent out is directly sent out, if not, the size and number of the file to be sent out and the type of the file to be sent out are further determined, if yes, the file to be sent out is sent out, and if not, the file to be sent out is intercepted.
According to the method for automatically intercepting the outgoing of the private cloud disk file of the enterprise, before the file is sent out by a user terminal, the information of a file package of the file to be sent out is acquired, whether the file to be sent out meets the set interception condition is judged according to the interception condition information set in a cloud disk system and the priority order judged according to the interception condition in the interception condition information, if yes, the file to be sent out is directly sent out, if not, the file to be sent out is judged to be operated according to the priority order judged according to the set interception condition, and if not, the file to be sent out cannot be sent out, so that the file to be sent out is directly intercepted, and the outgoing safety of the file to be sent out is ensured; the method and the device can realize the step-by-step judgment of the interception condition, improve the accuracy of outgoing of the file to be outgoing, effectively ensure the safety of the outgoing file after the outgoing, and effectively improve the experience of a user.
Specifically, in this embodiment, after the step S3, the method further includes:
s4: and if the file to be sent out is intercepted, the cloud disk system sends a file intercepting notice to the user terminal, and the intercepted file to be sent out is stored in the file intercepting area. Meanwhile, the cloud disk system records interception information (the number of intercepted files, the names, sizes, types and the like of the intercepted files) in the intercepted files, and the interception information is used for being checked by an administrator of the cloud disk system to realize management and control of the intercepted files.
Specifically, in this embodiment, the user account interception condition is whether the user account belongs to a user account in the designated user account information, the designated user account information includes at least one designated user account, and the name and ID number of the designated user account are determined and are preset information; the user IP interception condition is whether the IP address of the user terminal belongs to the IP address in an external blacklist or not; the file information interception condition is whether the file type and/or the file size and/or the file number respectively meet the requirements of a corresponding preset file type, a corresponding preset file size threshold and a corresponding preset file number threshold. The preset file type comprises formats such as exe and txt, and can be specifically set according to user requirements; the file size threshold, the file quantity threshold and the like are determined according to actual requirements. Specifically, when the judgment is carried out, whether the IP address of the user terminal belongs to the IP address in the outgoing blacklist or not is judged, if not, the file to be outgoing is directly outgoing, if yes, whether the user account of the user terminal belongs to the user account in the specified user account information or not is judged, if yes, the file to be outgoing is directly outgoing, if not, whether the size and the number of the file to be outgoing meet the requirements of a file size threshold value and a file number threshold value or not is judged, whether the type of the file to be outgoing belongs to a preset file type or not is judged, and if yes, the file to be outgoing is outgoing.
Specifically, in this embodiment, the step S3 is: and after acquiring the file packet information, the cloud disk system sequentially judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, intercepts the file to be sent out if all the interception conditions in the interception condition information are not met, stops the judgment process if one interception condition in the interception condition information is met, and sends the file to be sent out.
In summary, the invention provides a method for automatically intercepting outgoing files based on a private cloud disk of an enterprise, which has the following beneficial effects: the method can judge whether the file to be sent out meets the set interception condition or not according to the interception condition information set in the cloud disk system and the priority sequence judged by the interception condition in the interception condition information, if the file to be sent out meets the set interception condition, the file is directly sent out, if the file does not meet the set interception condition, the file to be sent out is judged according to the priority sequence judged by the set interception condition in sequence, and when the file does not meet all the interception conditions, the file to be sent out cannot be sent out.
The present invention is not limited to the above preferred embodiments, and any modifications, equivalent substitutions and improvements made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (6)
1. A method for automatically intercepting file outgoing based on an enterprise private cloud disk is characterized by comprising the following steps:
s1: setting intercepting condition information sent out by a file in the cloud disk system, and setting the priority order of judging the intercepting conditions in the intercepting condition information;
the interception condition in the interception condition information includes: user account number intercepting conditions and/or user IP intercepting conditions and/or file information intercepting conditions;
s2: the method comprises the steps that a user terminal sends a request for an outgoing file to a cloud disk system, the cloud disk system performs packaging operation on the file to be outgoing of the user terminal, and file package information of the file to be outgoing is obtained;
the file package information includes: IP address and account information of the user terminal, size and number of the file to be sent out and type of the file to be sent out;
s3: and after acquiring the file packet information, the cloud disk system judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, if not, the file to be sent out is intercepted, and if so, the file to be sent out is sent.
2. The method according to claim 1, wherein the step S3 is followed by further comprising:
s4: and if the file to be sent out is intercepted, the cloud disk system sends a file intercepting notice to the user terminal, and the intercepted file to be sent out is stored in the file intercepting area.
3. The method according to claim 1, wherein the user account interception condition is whether the user account belongs to a user account in designated user account information, wherein the designated user account information includes at least one designated user account; and the user IP interception condition is whether the IP address of the user terminal belongs to the IP address in the external blacklist or not.
4. The method according to claim 3, wherein the file information interception condition is whether the file type and/or the file size and/or the file number respectively satisfy the requirements of a corresponding preset file type, a corresponding preset file size threshold, and a corresponding preset file number threshold.
5. The method according to claim 1, wherein the interception condition is determined according to a priority order of: the method comprises the following steps of user account interception conditions, user IP interception conditions, file information interception conditions or user account interception conditions, file information interception conditions, user IP interception conditions or user IP interception conditions, user account interception conditions, file information interception conditions or user IP interception conditions, file information interception conditions, user account interception conditions or file information interception conditions, user account interception conditions, user IP interception conditions or file information interception conditions, user IP interception conditions and user account interception conditions.
6. The method according to claim 4, wherein the step S3 is that: after acquiring the file packet information, the cloud disk system sequentially judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, if not, the file to be sent out is intercepted, and if one of the interception conditions is met, the judgment process is stopped, and the file to be sent out is sent.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210900632.8A CN115150189B (en) | 2022-07-28 | 2022-07-28 | Method for automatically intercepting file outgoing based on enterprise private cloud disk |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210900632.8A CN115150189B (en) | 2022-07-28 | 2022-07-28 | Method for automatically intercepting file outgoing based on enterprise private cloud disk |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115150189A true CN115150189A (en) | 2022-10-04 |
CN115150189B CN115150189B (en) | 2023-11-07 |
Family
ID=83414180
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210900632.8A Active CN115150189B (en) | 2022-07-28 | 2022-07-28 | Method for automatically intercepting file outgoing based on enterprise private cloud disk |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115150189B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104320409A (en) * | 2014-11-10 | 2015-01-28 | 成都卫士通信息产业股份有限公司 | Method for controlling access to cloud disk on basis of Hook technology |
CN105550593A (en) * | 2015-12-11 | 2016-05-04 | 北京奇虎科技有限公司 | Cloud disk file monitoring method and device based on local area network |
CN106446707A (en) * | 2016-08-31 | 2017-02-22 | 北京明朝万达科技股份有限公司 | Dynamic data leakage prevention system and method |
CN108052833A (en) * | 2017-12-11 | 2018-05-18 | 北京明朝万达科技股份有限公司 | A kind of executable file anti-data-leakage scan method, system and gateway |
CN109587074A (en) * | 2017-09-29 | 2019-04-05 | 中兴通讯股份有限公司 | Message processing method, device, storage medium and processor |
US20190140895A1 (en) * | 2015-06-08 | 2019-05-09 | Infoblox Inc. | Api gateway for network policy and configuration management with public cloud |
CN111310205A (en) * | 2020-02-11 | 2020-06-19 | 平安科技(深圳)有限公司 | Sensitive information detection method and device, computer equipment and storage medium |
CN111385238A (en) * | 2018-12-27 | 2020-07-07 | 中兴通讯股份有限公司 | Data transmission method and device |
CN112671781A (en) * | 2020-12-24 | 2021-04-16 | 北京华顺信安信息技术有限公司 | RASP-based firewall system |
CN113935068A (en) * | 2021-10-21 | 2022-01-14 | 深圳市瑞云科技有限公司 | Data desensitization method for mass file transmission system |
-
2022
- 2022-07-28 CN CN202210900632.8A patent/CN115150189B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104320409A (en) * | 2014-11-10 | 2015-01-28 | 成都卫士通信息产业股份有限公司 | Method for controlling access to cloud disk on basis of Hook technology |
US20190140895A1 (en) * | 2015-06-08 | 2019-05-09 | Infoblox Inc. | Api gateway for network policy and configuration management with public cloud |
CN105550593A (en) * | 2015-12-11 | 2016-05-04 | 北京奇虎科技有限公司 | Cloud disk file monitoring method and device based on local area network |
CN106446707A (en) * | 2016-08-31 | 2017-02-22 | 北京明朝万达科技股份有限公司 | Dynamic data leakage prevention system and method |
CN109587074A (en) * | 2017-09-29 | 2019-04-05 | 中兴通讯股份有限公司 | Message processing method, device, storage medium and processor |
CN108052833A (en) * | 2017-12-11 | 2018-05-18 | 北京明朝万达科技股份有限公司 | A kind of executable file anti-data-leakage scan method, system and gateway |
CN111385238A (en) * | 2018-12-27 | 2020-07-07 | 中兴通讯股份有限公司 | Data transmission method and device |
CN111310205A (en) * | 2020-02-11 | 2020-06-19 | 平安科技(深圳)有限公司 | Sensitive information detection method and device, computer equipment and storage medium |
CN112671781A (en) * | 2020-12-24 | 2021-04-16 | 北京华顺信安信息技术有限公司 | RASP-based firewall system |
CN113935068A (en) * | 2021-10-21 | 2022-01-14 | 深圳市瑞云科技有限公司 | Data desensitization method for mass file transmission system |
Non-Patent Citations (1)
Title |
---|
熊明俊: ""私有云安全文件交换系统在涉密信息系统中的应用研究"", 《信息与电脑(理论版)》, vol. 32, no. 22, pages 199 - 201 * |
Also Published As
Publication number | Publication date |
---|---|
CN115150189B (en) | 2023-11-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11533651B2 (en) | Transmission control method and device | |
US7116675B2 (en) | Methods and systems for transferring packets and preventing illicit access | |
US20120324222A1 (en) | Multiple independent levels of security (mils) host to multilevel secure (mls) offload communications unit | |
JP5134141B2 (en) | Unauthorized access blocking control method | |
CN104767655A (en) | Analog result detection method and device | |
CN102271086B (en) | Data transmission method and device | |
CN1152517C (en) | Method of guarding network attack | |
CN109040016B (en) | Information processing method and device and computer readable storage medium | |
CN115150189A (en) | Method for automatically intercepting outgoing files based on enterprise private cloud disk | |
US20230370501A1 (en) | Methods, Communication Devices and System Relating to Performing Lawful Interception | |
CN109104424A (en) | A kind of safety protecting method and device of OPC communication | |
CN111162882B (en) | Data transmission method, device, base station equipment and computer readable storage medium | |
CN115766201B (en) | Solution for quick blocking of large number of IP addresses | |
WO2023155699A1 (en) | Method and apparatus for mining security vulnerability of air interface protocol, and mobile terminal | |
WO2023159956A1 (en) | Bare metal server inspection and deployment method and apparatus, and device and medium | |
CN113055921B (en) | Fault processing method and terminal | |
CN103281754B (en) | Local forwarding mode-based wireless access point information acquisition method and device | |
CN109508356B (en) | Data abnormality early warning method, device, computer equipment and storage medium | |
US20160261377A1 (en) | Packet transmission method | |
CN1863065A (en) | Method for positioning fault of asynchronous transmission mode carrying IP data channel | |
CN115309498A (en) | Container state adjusting method, device, equipment and storage medium for K8s cluster | |
CN114095398A (en) | Method and device for determining detection time delay, electronic equipment and storage medium | |
KR100875912B1 (en) | Apparatus and method for processing network event processing network events in open environment | |
CN111027029B (en) | Method for judging whether file is installation package or not and limiting opening | |
CN117061638B (en) | Message transmission method, device, storage medium, equipment and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |