CN115150189A - Method for automatically intercepting outgoing files based on enterprise private cloud disk - Google Patents

Method for automatically intercepting outgoing files based on enterprise private cloud disk Download PDF

Info

Publication number
CN115150189A
CN115150189A CN202210900632.8A CN202210900632A CN115150189A CN 115150189 A CN115150189 A CN 115150189A CN 202210900632 A CN202210900632 A CN 202210900632A CN 115150189 A CN115150189 A CN 115150189A
Authority
CN
China
Prior art keywords
file
interception
conditions
information
sent out
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210900632.8A
Other languages
Chinese (zh)
Other versions
CN115150189B (en
Inventor
林勇杰
邹琼
周双全
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Rayvision Technology Co ltd
Original Assignee
Shenzhen Rayvision Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Rayvision Technology Co ltd filed Critical Shenzhen Rayvision Technology Co ltd
Priority to CN202210900632.8A priority Critical patent/CN115150189B/en
Publication of CN115150189A publication Critical patent/CN115150189A/en
Application granted granted Critical
Publication of CN115150189B publication Critical patent/CN115150189B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method for automatically intercepting outgoing files based on a private cloud disk of an enterprise, which comprises the following steps: setting interception condition information sent by a file in the cloud disk system, and setting the priority order of interception condition judgment in the interception condition information; the method comprises the steps that a user terminal sends a request for an outgoing file to a cloud disk system, the cloud disk system performs packaging operation on the file to be outgoing of the user terminal, and file package information of the file to be outgoing is obtained; and after acquiring the file packet information, the cloud disk system judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, if not, the file to be sent out is intercepted, and if so, the file to be sent out is sent. The method and the device can realize the step-by-step judgment of the interception condition, effectively improve the accuracy of the outgoing of the file to be outgoing, simultaneously effectively ensure the safety of the outgoing of the file to be outgoing and effectively improve the experience of a user.

Description

Method for automatically intercepting outgoing files based on enterprise private cloud disk
Technical Field
The invention relates to the field of file sending interception, in particular to a method for automatically intercepting file outgoing based on an enterprise private cloud disk.
Background
The outgoing of the enterprise cloud disk file is automatically intercepted: after the enterprise deploys the private cloud disk, internal staff of the enterprise want to send files to an external network through the enterprise cloud disk, an outgoing file detection mechanism is automatically triggered through an outgoing condition strategy preset in a cloud disk system, and intelligent interception is carried out according to a preset outgoing interception strategy. However, in the current private cloud disk software of the enterprise, a good interception management scheme is not provided for the file security outgoing, and especially in a complex use environment, user requirements are difficult to meet when the user requirements are variable, so that accurate and effective interception of the file outgoing cannot be realized, and the security of the file outgoing is low.
Accordingly, the prior art is deficient and needs improvement.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, provides an enterprise private cloud disk file outgoing automatic interception method, and solves the problem that the file outgoing safety is low due to the fact that accurate and effective interception of the file outgoing cannot be achieved in the prior art.
The technical scheme of the invention is as follows: a method for automatically intercepting outgoing files based on a private cloud disk of an enterprise comprises the following steps:
s1: and setting intercepting condition information sent out by the file in the cloud disk system, and setting the priority order of the intercepting condition judgment in the intercepting condition information.
The interception condition in the interception condition information includes: user account number intercepting conditions and/or user IP intercepting conditions and/or file information intercepting conditions.
S2: the user terminal sends a request for sending out the file to the cloud disk system, and the cloud disk system performs packaging operation on the file to be sent out of the user terminal and obtains file package information of the file to be sent out.
The file package information includes: IP address and account information of the user terminal, size and number of the file to be sent out and type of the file to be sent out.
S3: and after acquiring the file packet information, the cloud disk system judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, if not, the file to be sent out is intercepted, and if so, the file to be sent out is sent.
Further, after the step S3, the method further includes:
s4: and if the file to be sent out is intercepted, the cloud disk system sends a file intercepting notice to the user terminal, and the intercepted file to be sent out is stored in the file intercepting area.
Further, the user account interception condition is whether the user account belongs to a user account in the designated user account information, wherein the designated user account information comprises at least one designated user account; and the user IP interception condition is whether the IP address of the user terminal belongs to the IP address in the external blacklist or not.
Further, the file information intercepting condition is whether the file type and/or the file size and/or the file number respectively meet the requirements of a corresponding preset file type, a corresponding preset file size threshold and a corresponding preset file number threshold.
Further, the priority order of the interception condition determination is as follows: the method comprises the following steps of user account interception conditions, user IP interception conditions, file information interception conditions or user account interception conditions, file information interception conditions, user IP interception conditions or user IP interception conditions, user account interception conditions, file information interception conditions or user IP interception conditions, file information interception conditions, user account interception conditions or file information interception conditions, user account interception conditions, user IP interception conditions or file information interception conditions, user IP interception conditions and user account interception conditions.
Further, the step S3 is: after acquiring the file packet information, the cloud disk system sequentially judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, if not, the file to be sent out is intercepted, and if one of the interception conditions is met, the judgment process is stopped, and the file to be sent out is sent.
By adopting the scheme, the invention provides an enterprise private cloud disk file outgoing automatic interception method, which has the following beneficial effects: the method can judge whether the file to be sent out meets the set interception condition or not according to the interception condition information set in the cloud disk system and the priority sequence judged by the interception condition in the interception condition information, if the file to be sent out meets the set interception condition, the file to be sent out is directly sent out, if the file to be sent out does not meet the set interception condition, the judgment operation can be sequentially carried out according to the priority sequence judged by the set interception condition, and when the file to be sent out does not meet all the interception conditions, the file to be sent out cannot be sent out, so that the file to be sent out is directly intercepted, the outgoing safety of the file to be sent out is ensured, meanwhile, the step-by-step judgment of the interception condition can be realized, the outgoing accuracy of the file to be sent out is effectively improved, meanwhile, the outgoing safety of the file to be sent out is effectively ensured, and the experience of a user is effectively improved.
Drawings
FIG. 1 is a block flow diagram of the present invention.
Detailed Description
The invention is described in detail below with reference to the figures and the specific embodiments.
Referring to fig. 1, the present invention provides a method for automatically intercepting outgoing files based on an enterprise private cloud disk, including:
s1: and setting intercepting condition information sent out by the file in the cloud disk system, and setting the priority order of the intercepting condition judgment in the intercepting condition information.
Specifically, the interception condition in the interception condition information includes: user account number intercepting conditions and/or user IP intercepting conditions and/or file information intercepting conditions. Therefore, there may be a plurality of the set interception conditions at the same time, or there may be only one interception condition, and when there are a plurality of the interception conditions, the priority order of the corresponding interception conditions when performing the determination needs to be set, so that the determination is performed in sequence according to the set priority order when performing the determination. Specifically, in this embodiment, the interception condition information is simultaneously provided with a user account interception condition, a user IP interception condition, and a file information interception condition, and the priority order determined by the interception condition is the user IP interception condition, the user account interception condition, and the file information interception condition.
S2: the cloud disk system packs files to be sent out of the user terminal, detects the files to be sent out and acquires file pack information of the files to be sent out.
Specifically, in this embodiment, the package information includes: the IP address and account information of the user terminal, the size and the number of the files to be sent out and the type of the files to be sent out. Specifically, the type of the file to be sent out may be set according to actual requirements, for example, the file is in an exe or txt format, and in this embodiment, the type of the file to be sent out is in a txt format.
S3: and after acquiring the file packet information, the cloud disk system judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, if not, the file to be sent out is intercepted, and if so, the file to be sent out is sent. In this embodiment, when determining, it is first determined whether the IP address of the user terminal meets the requirement of the user account interception condition, if yes, the file to be sent out is directly sent out, if not, it is further determined whether the user account of the user terminal meets the requirement of the user account interception condition, if yes, the file to be sent out is directly sent out, if not, the size and number of the file to be sent out and the type of the file to be sent out are further determined, if yes, the file to be sent out is sent out, and if not, the file to be sent out is intercepted.
According to the method for automatically intercepting the outgoing of the private cloud disk file of the enterprise, before the file is sent out by a user terminal, the information of a file package of the file to be sent out is acquired, whether the file to be sent out meets the set interception condition is judged according to the interception condition information set in a cloud disk system and the priority order judged according to the interception condition in the interception condition information, if yes, the file to be sent out is directly sent out, if not, the file to be sent out is judged to be operated according to the priority order judged according to the set interception condition, and if not, the file to be sent out cannot be sent out, so that the file to be sent out is directly intercepted, and the outgoing safety of the file to be sent out is ensured; the method and the device can realize the step-by-step judgment of the interception condition, improve the accuracy of outgoing of the file to be outgoing, effectively ensure the safety of the outgoing file after the outgoing, and effectively improve the experience of a user.
Specifically, in this embodiment, after the step S3, the method further includes:
s4: and if the file to be sent out is intercepted, the cloud disk system sends a file intercepting notice to the user terminal, and the intercepted file to be sent out is stored in the file intercepting area. Meanwhile, the cloud disk system records interception information (the number of intercepted files, the names, sizes, types and the like of the intercepted files) in the intercepted files, and the interception information is used for being checked by an administrator of the cloud disk system to realize management and control of the intercepted files.
Specifically, in this embodiment, the user account interception condition is whether the user account belongs to a user account in the designated user account information, the designated user account information includes at least one designated user account, and the name and ID number of the designated user account are determined and are preset information; the user IP interception condition is whether the IP address of the user terminal belongs to the IP address in an external blacklist or not; the file information interception condition is whether the file type and/or the file size and/or the file number respectively meet the requirements of a corresponding preset file type, a corresponding preset file size threshold and a corresponding preset file number threshold. The preset file type comprises formats such as exe and txt, and can be specifically set according to user requirements; the file size threshold, the file quantity threshold and the like are determined according to actual requirements. Specifically, when the judgment is carried out, whether the IP address of the user terminal belongs to the IP address in the outgoing blacklist or not is judged, if not, the file to be outgoing is directly outgoing, if yes, whether the user account of the user terminal belongs to the user account in the specified user account information or not is judged, if yes, the file to be outgoing is directly outgoing, if not, whether the size and the number of the file to be outgoing meet the requirements of a file size threshold value and a file number threshold value or not is judged, whether the type of the file to be outgoing belongs to a preset file type or not is judged, and if yes, the file to be outgoing is outgoing.
Specifically, in this embodiment, the step S3 is: and after acquiring the file packet information, the cloud disk system sequentially judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, intercepts the file to be sent out if all the interception conditions in the interception condition information are not met, stops the judgment process if one interception condition in the interception condition information is met, and sends the file to be sent out.
In summary, the invention provides a method for automatically intercepting outgoing files based on a private cloud disk of an enterprise, which has the following beneficial effects: the method can judge whether the file to be sent out meets the set interception condition or not according to the interception condition information set in the cloud disk system and the priority sequence judged by the interception condition in the interception condition information, if the file to be sent out meets the set interception condition, the file is directly sent out, if the file does not meet the set interception condition, the file to be sent out is judged according to the priority sequence judged by the set interception condition in sequence, and when the file does not meet all the interception conditions, the file to be sent out cannot be sent out.
The present invention is not limited to the above preferred embodiments, and any modifications, equivalent substitutions and improvements made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (6)

1. A method for automatically intercepting file outgoing based on an enterprise private cloud disk is characterized by comprising the following steps:
s1: setting intercepting condition information sent out by a file in the cloud disk system, and setting the priority order of judging the intercepting conditions in the intercepting condition information;
the interception condition in the interception condition information includes: user account number intercepting conditions and/or user IP intercepting conditions and/or file information intercepting conditions;
s2: the method comprises the steps that a user terminal sends a request for an outgoing file to a cloud disk system, the cloud disk system performs packaging operation on the file to be outgoing of the user terminal, and file package information of the file to be outgoing is obtained;
the file package information includes: IP address and account information of the user terminal, size and number of the file to be sent out and type of the file to be sent out;
s3: and after acquiring the file packet information, the cloud disk system judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, if not, the file to be sent out is intercepted, and if so, the file to be sent out is sent.
2. The method according to claim 1, wherein the step S3 is followed by further comprising:
s4: and if the file to be sent out is intercepted, the cloud disk system sends a file intercepting notice to the user terminal, and the intercepted file to be sent out is stored in the file intercepting area.
3. The method according to claim 1, wherein the user account interception condition is whether the user account belongs to a user account in designated user account information, wherein the designated user account information includes at least one designated user account; and the user IP interception condition is whether the IP address of the user terminal belongs to the IP address in the external blacklist or not.
4. The method according to claim 3, wherein the file information interception condition is whether the file type and/or the file size and/or the file number respectively satisfy the requirements of a corresponding preset file type, a corresponding preset file size threshold, and a corresponding preset file number threshold.
5. The method according to claim 1, wherein the interception condition is determined according to a priority order of: the method comprises the following steps of user account interception conditions, user IP interception conditions, file information interception conditions or user account interception conditions, file information interception conditions, user IP interception conditions or user IP interception conditions, user account interception conditions, file information interception conditions or user IP interception conditions, file information interception conditions, user account interception conditions or file information interception conditions, user account interception conditions, user IP interception conditions or file information interception conditions, user IP interception conditions and user account interception conditions.
6. The method according to claim 4, wherein the step S3 is that: after acquiring the file packet information, the cloud disk system sequentially judges whether the file to be sent out meets the interception condition information according to the set interception condition information and the priority order judged by the interception conditions, if not, the file to be sent out is intercepted, and if one of the interception conditions is met, the judgment process is stopped, and the file to be sent out is sent.
CN202210900632.8A 2022-07-28 2022-07-28 Method for automatically intercepting file outgoing based on enterprise private cloud disk Active CN115150189B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210900632.8A CN115150189B (en) 2022-07-28 2022-07-28 Method for automatically intercepting file outgoing based on enterprise private cloud disk

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210900632.8A CN115150189B (en) 2022-07-28 2022-07-28 Method for automatically intercepting file outgoing based on enterprise private cloud disk

Publications (2)

Publication Number Publication Date
CN115150189A true CN115150189A (en) 2022-10-04
CN115150189B CN115150189B (en) 2023-11-07

Family

ID=83414180

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210900632.8A Active CN115150189B (en) 2022-07-28 2022-07-28 Method for automatically intercepting file outgoing based on enterprise private cloud disk

Country Status (1)

Country Link
CN (1) CN115150189B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320409A (en) * 2014-11-10 2015-01-28 成都卫士通信息产业股份有限公司 Method for controlling access to cloud disk on basis of Hook technology
CN105550593A (en) * 2015-12-11 2016-05-04 北京奇虎科技有限公司 Cloud disk file monitoring method and device based on local area network
CN106446707A (en) * 2016-08-31 2017-02-22 北京明朝万达科技股份有限公司 Dynamic data leakage prevention system and method
CN108052833A (en) * 2017-12-11 2018-05-18 北京明朝万达科技股份有限公司 A kind of executable file anti-data-leakage scan method, system and gateway
CN109587074A (en) * 2017-09-29 2019-04-05 中兴通讯股份有限公司 Message processing method, device, storage medium and processor
US20190140895A1 (en) * 2015-06-08 2019-05-09 Infoblox Inc. Api gateway for network policy and configuration management with public cloud
CN111310205A (en) * 2020-02-11 2020-06-19 平安科技(深圳)有限公司 Sensitive information detection method and device, computer equipment and storage medium
CN111385238A (en) * 2018-12-27 2020-07-07 中兴通讯股份有限公司 Data transmission method and device
CN112671781A (en) * 2020-12-24 2021-04-16 北京华顺信安信息技术有限公司 RASP-based firewall system
CN113935068A (en) * 2021-10-21 2022-01-14 深圳市瑞云科技有限公司 Data desensitization method for mass file transmission system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320409A (en) * 2014-11-10 2015-01-28 成都卫士通信息产业股份有限公司 Method for controlling access to cloud disk on basis of Hook technology
US20190140895A1 (en) * 2015-06-08 2019-05-09 Infoblox Inc. Api gateway for network policy and configuration management with public cloud
CN105550593A (en) * 2015-12-11 2016-05-04 北京奇虎科技有限公司 Cloud disk file monitoring method and device based on local area network
CN106446707A (en) * 2016-08-31 2017-02-22 北京明朝万达科技股份有限公司 Dynamic data leakage prevention system and method
CN109587074A (en) * 2017-09-29 2019-04-05 中兴通讯股份有限公司 Message processing method, device, storage medium and processor
CN108052833A (en) * 2017-12-11 2018-05-18 北京明朝万达科技股份有限公司 A kind of executable file anti-data-leakage scan method, system and gateway
CN111385238A (en) * 2018-12-27 2020-07-07 中兴通讯股份有限公司 Data transmission method and device
CN111310205A (en) * 2020-02-11 2020-06-19 平安科技(深圳)有限公司 Sensitive information detection method and device, computer equipment and storage medium
CN112671781A (en) * 2020-12-24 2021-04-16 北京华顺信安信息技术有限公司 RASP-based firewall system
CN113935068A (en) * 2021-10-21 2022-01-14 深圳市瑞云科技有限公司 Data desensitization method for mass file transmission system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
熊明俊: ""私有云安全文件交换系统在涉密信息系统中的应用研究"", 《信息与电脑(理论版)》, vol. 32, no. 22, pages 199 - 201 *

Also Published As

Publication number Publication date
CN115150189B (en) 2023-11-07

Similar Documents

Publication Publication Date Title
US11533651B2 (en) Transmission control method and device
US7116675B2 (en) Methods and systems for transferring packets and preventing illicit access
US20120324222A1 (en) Multiple independent levels of security (mils) host to multilevel secure (mls) offload communications unit
JP5134141B2 (en) Unauthorized access blocking control method
CN104767655A (en) Analog result detection method and device
CN102271086B (en) Data transmission method and device
CN1152517C (en) Method of guarding network attack
CN109040016B (en) Information processing method and device and computer readable storage medium
CN115150189A (en) Method for automatically intercepting outgoing files based on enterprise private cloud disk
US20230370501A1 (en) Methods, Communication Devices and System Relating to Performing Lawful Interception
CN109104424A (en) A kind of safety protecting method and device of OPC communication
CN111162882B (en) Data transmission method, device, base station equipment and computer readable storage medium
CN115766201B (en) Solution for quick blocking of large number of IP addresses
WO2023155699A1 (en) Method and apparatus for mining security vulnerability of air interface protocol, and mobile terminal
WO2023159956A1 (en) Bare metal server inspection and deployment method and apparatus, and device and medium
CN113055921B (en) Fault processing method and terminal
CN103281754B (en) Local forwarding mode-based wireless access point information acquisition method and device
CN109508356B (en) Data abnormality early warning method, device, computer equipment and storage medium
US20160261377A1 (en) Packet transmission method
CN1863065A (en) Method for positioning fault of asynchronous transmission mode carrying IP data channel
CN115309498A (en) Container state adjusting method, device, equipment and storage medium for K8s cluster
CN114095398A (en) Method and device for determining detection time delay, electronic equipment and storage medium
KR100875912B1 (en) Apparatus and method for processing network event processing network events in open environment
CN111027029B (en) Method for judging whether file is installation package or not and limiting opening
CN117061638B (en) Message transmission method, device, storage medium, equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant