CN115913692A - Automatic isolation system of networking equipment - Google Patents
Automatic isolation system of networking equipment Download PDFInfo
- Publication number
- CN115913692A CN115913692A CN202211400951.9A CN202211400951A CN115913692A CN 115913692 A CN115913692 A CN 115913692A CN 202211400951 A CN202211400951 A CN 202211400951A CN 115913692 A CN115913692 A CN 115913692A
- Authority
- CN
- China
- Prior art keywords
- network
- management system
- intrusion detection
- detection device
- network management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure relates to an automatic isolation system for networking devices, which can rapidly disconnect a network when network viruses invade, and avoid the propagation of the network viruses. The system comprises: the system comprises an intrusion detection device arranged in a networking system, a network forbidding module arranged on each network device, a network management system arranged on a server, the intrusion detection device, the network device and the network management system which are in communication connection respectively; the network management system is configured with a plurality of strategies and is used for determining a target strategy corresponding to the network problem detected by the intrusion detection device and controlling the network equipment with the network problem to execute the operation corresponding to the target strategy. According to the network problem detected by the intrusion detection device, the network management system controls the network equipment with the network problem to execute the operation of the target strategy corresponding to the network problem, the operation is executed according to the urgency degree of the network problem, the network equipment is quickly cut off when the network virus intrudes, the network virus is prevented from being spread, the whole process does not need manual intervention, and the labor cost is reduced.
Description
Technical Field
The disclosure relates to the technical field of network security, in particular to an automatic isolation system of networking equipment.
Background
With the development of internet technology, the problem of network security is becoming more serious, especially in key industries such as power industry and bank, data security and network security need to be effectively guaranteed, and the prior art mainly studies the protection of network equipment, such as firewall, reinforcement software, bastion machine and vulnerability scanning, and after the network equipment goes wrong, the network equipment needs to be manually processed: network disconnection, virus killing, system reinstallation and data recovery. The isolation cannot be automatically and quickly isolated, and network virus spread is caused.
Disclosure of Invention
The purpose of the present disclosure is to provide an automatic isolation system for networking devices, which can execute the strategy corresponding to the network problem in time and avoid the network virus propagation.
In order to achieve the above object, the present disclosure provides an automatic isolation system for networking devices, the system comprising: the network management system comprises an intrusion detection device arranged in a networking system, a network disabling module arranged on each network device and a network management system deployed on a server, wherein the intrusion detection device, the network device and the network management system are in communication connection respectively;
the network management system is configured with a plurality of strategies, and the network management system is used for determining the target strategy corresponding to the network problem detected by the intrusion detection device and controlling the network equipment with the network problem to execute the operation corresponding to the target strategy.
Optionally, the multiple policies configured on the network management system include a primary policy, a secondary policy, and a tertiary policy;
the first-level strategy corresponds to network abnormity, the second-level strategy corresponds to network failure, and the third-level strategy corresponds to network safety.
Optionally, when the network problem detected by the intrusion detection device is a network anomaly, the network management system determines that the network anomaly corresponds to the primary policy, and controls the network device with the network anomaly to send early warning information to maintenance personnel.
Optionally, when the network problem detected by the intrusion detection apparatus is a network fault, the network management system determines that the network fault corresponds to the secondary policy, and controls the network device in which the network fault occurs to send fault information to a manager and a maintainer.
Optionally, in a case that the network problem detected by the intrusion detection device is network security, the network management system determines that the network security corresponds to the third-level policy, disconnects the network of the network device where the network security occurs, and controls the network device where the network security occurs to send security information to a manager and a maintainer.
Optionally, the network management system starts the IP address of the network disabling module switching system.
Optionally, the network management system starts the network disabling module to switch the system to automatically acquire an IP address; or
And the network management system starts the network forbidding module to switch the system into a fixed IP address.
Optionally, the network management system starts the network disabling module on the network device to close a port of a server corresponding to the network device.
Optionally, the network management system starts the network disabling module on the network device to close all ports of the network device.
Optionally, when the system version of each network device is different, the version of the network disabling module is consistent with the system version of the network device in which the network disabling module is located.
According to the technical scheme, the networking equipment isolation system is characterized in that an intrusion detection device is arranged in the networking system, a network disabling module is installed on the networking equipment, and a networking management system is deployed on a server; after the intrusion detection device detects the network problem, the network management system determines a target strategy corresponding to the network problem and controls the network equipment with the network problem to execute the corresponding target strategy, and the networking equipment can be automatically and quickly isolated, so that network virus propagation is avoided, and manual intervention is not needed.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
fig. 1 is a block diagram illustrating a networking device isolation system according to an exemplary embodiment of the present disclosure.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
It should be noted that all the actions of acquiring signals, information or data in the present disclosure are performed under the premise of complying with the corresponding data protection regulation policy of the country of the location and obtaining the authorization given by the owner of the corresponding device.
As the background art shows, with the development of internet technology, the network security problem is becoming more serious, especially in the key industries such as the power industry and banks, data security and network security need to be effectively guaranteed, and many industry standards and specifications are currently established, such as GB/T20984-2007 information security risk assessment specification, GB/T18336: general information technology security audit criteria, power plant monitoring system safety protection schemes, electric power monitoring system safety protection evaluation specifications and information security management system requirements ISO27001:2005, etc.
The prior art is mainly studied on the protection of network equipment, such as prevent hot wall, reinforcement software, fort machine and technologies such as leak scanning, after network equipment goes wrong, need artifical manual to handle: network breaking, virus killing, system reinstallation and data recovery. The isolation cannot be automatically and quickly isolated, and network virus spread is caused.
In view of this, the present disclosure provides an automatic isolation system for networking devices, which can automatically and quickly disconnect a network, avoid network virus propagation, and does not need manual intervention.
Fig. 1 is a block diagram illustrating a networking device isolation system according to an exemplary embodiment of the present disclosure. Referring to fig. 1, the system 100 includes: the intrusion detection device 101 is arranged in a networking system, the network disabling module 103 is arranged on each network device 102, the network management system 105 is arranged on the server 104, and the intrusion detection device 101, the network devices 102 and the network management system 105 are in communication connection respectively;
the network management system 105 is configured with a plurality of policies, and the network management system 105 is configured to determine a target policy corresponding to the network problem detected by the intrusion detection apparatus 101, and control the network device 102 having the network problem to execute an operation corresponding to the target policy.
Specifically, the intrusion detection apparatus 101 is configured to detect a physical fault, a possible attack, and content security that may occur to each network device 102 in the network device isolation system, where the attack includes an attack event, an attack service type, an attack source IP rating, an attack type rating, an attacked rating, and the like that may occur to the network device, and the content security includes an illegal site IP rating, an application IP rating, and a weak password IP rating, and the like that are involved in a network device surfing process. All physical faults, attacks and content safety are taken as network problems and classified, and the network problems can be classified into network abnormity, network faults, network accidents and the like from low urgency degree to high urgency degree.
Specifically, the intrusion detection device 101 performs detection according to a preset frequency, where the preset frequency is a refresh frequency of the intrusion detection device within a preset time range, and may be preset according to a network security level or a monitoring requirement of a user, for example, 12 times/h or 20 times/h, and the disclosure does not specifically limit this.
Specifically, the network disabling module 103 includes a network security probe and/or a network disabling script, and the network management system may control the network device 102 in which the network is located to execute the policy operation through the network security probe, the network disabling script, or the network security probe and the network disabling script.
Specifically, the network device includes a terminal device in networking, such as a switch.
The method comprises the steps that an intrusion detection device is arranged in a networking system, a network forbidding module is installed on network equipment, and a networking management system is deployed on a server; after the intrusion detection device detects the network problem, the network management system determines a target strategy corresponding to the network problem, can control the network equipment with the network problem to execute strategies of different levels, and can execute corresponding operations according to different network problems by the networking equipment, so that the isolation system of the networking equipment is more intelligent, manual intervention is not needed in the whole process, and the labor cost is reduced.
In order to make those skilled in the art understand the networking device isolation system provided in the present disclosure, the following detailed description illustrates the components involved in the above-mentioned networking device isolation system.
In a possible embodiment, the plurality of policies configured on the network management system 105 include a primary policy, a secondary policy, and a tertiary policy;
the first-level strategy corresponds to network abnormity, the second-level strategy corresponds to network fault, and the third-level strategy corresponds to network safety.
Specifically, each strategy is consistent with the urgency degree of the corresponding network problem, and as the urgency degree of network abnormality is lower than the urgency degree of network failure and the urgency degree of network failure is lower than the urgency degree of network safety, the urgency degree of the first-level strategy is lower than the second-level strategy, and the urgency degree of the second-level strategy is lower than the third-level strategy.
Specifically, by configuring different levels of policies on the network management system, the network management system can control the network device with the network problem to execute corresponding operations according to the network problem, so that the whole networking device isolation system can adjust the network state of the network device more flexibly.
In a possible embodiment, when the network problem detected by the intrusion detection device 101 is a network anomaly, the network management system 105 determines that the network anomaly corresponds to a primary policy, and controls the network device 102 with the anomaly to send the warning information to the maintenance staff.
The early warning information includes information such as an IP address of the network device 102 in which the abnormality occurs, an abnormality type, and time in which the abnormality occurs, and the abnormality type includes a network abnormality caused by a physical fault; network anomalies that may occur to network devices, such as network anomalies caused by link traffic characteristic changes.
In the present disclosure, the network management system 105 controls the network device 102 with the network anomaly to send the warning information to the maintenance staff in response to the network anomaly detected by the intrusion detection apparatus 101, so that the maintenance staff can maintain the network device 102 with the network anomaly in time.
In a possible embodiment, when the network problem detected by the intrusion detection device 101 is a network fault, the network management system 105 determines that the network fault corresponds to the secondary policy, and controls the network device 102 with the network fault to send fault information to the administrator and the maintenance staff.
The failure information includes an IP address of the failed network device 102, a failure type and a time of the failure, where the failure type includes a network failure that may occur in the network device, such as a network failure caused by a router failure and a network failure caused by link failure.
In the present disclosure, the network management system 105 controls the network device 102 with the network abnormality to send the warning information to the manager and the maintainer in response to the network abnormality detected by the intrusion detection device 101, so that the manager can timely know the network fault type of the network device, and the maintainer can timely maintain the network device 102 with the network fault.
In a possible embodiment, when the network problem detected by the intrusion detection device 101 is network security, the network management system 105 determines that the network security corresponds to a three-level policy, disconnects the network of the network device 102 with the network security, and controls the network device 102 with the network security to send security information to the administrator and the maintenance staff.
The security information includes the IP address of the network device 102 where the network security occurs, the security location, and the time, for example, when the network device is attacked by a network virus through application networking, the security information includes the IP address of the network device, a specific application name, and the time of the attack.
In the present disclosure, the network management system 105 responds to the network security detected by the intrusion detection device 101, disconnects the network of the network device 102 with the network security, and controls the network device 102 to send security information to the administrator and the maintenance personnel, so that the administrator can timely know the network security type of the network device, and the maintenance personnel can timely maintain the network device 102 with the network security.
In a possible embodiment, the network management system 105 enables the network disabling module 103 to switch the IP address of the system.
In the network management system 105, the network safety probe and/or the network forbidden script are/is used for switching the IP address of the system, the network of the network equipment with the network safety is disconnected, the network virus isolation is realized, a complex network disconnection program is not needed, and the whole process is quick and simple.
In a possible embodiment, the network management system 105 activates the network disabling module 103 to switch the network device 102 to automatically obtain the IP address.
In a possible embodiment, the network management system 105 starts the network disabling module 103 to switch the network device to the fixed IP address.
In a possible embodiment, the network management system 105 activates the network disabling module 103 on the network device 102 to close the port of the server corresponding to the network device 102.
For example, if a single device is invaded by a network virus, a network management system starts a network security probe and/or a network disable script on the switch, and closes a port of the device corresponding to a server on the switch, thereby realizing network disconnection protection.
In a possible embodiment, the network management system 105 enables the network disabling module 103 on the network device 102 to close all ports of the network device 102.
In the case of a switch, if a plurality of devices are invaded by network viruses, the network management system starts a network security probe and/or a network forbidden script on the switch, closes all ports on the switch, and realizes network disconnection protection.
In a possible embodiment, in a case where the system version of each network device 102 is different, the version of the network disabling module 103 is consistent with the system version of the network device 102 where it is located.
The network disabling module installed on each network device is ensured to be consistent with the system version of the network disabling module, and the network disabling module is prevented from being invalid due to system incompatibility.
The intrusion detection device is arranged in a networking system, the network disabling module is installed on network equipment, a network management system is deployed on a server, and corresponding strategies are configured on the urgency degrees of corresponding network problems in the network management system; after the intrusion detection device detects the network problem, the network management system determines a target strategy corresponding to the network problem, controls the network equipment with the network problem to execute the operation corresponding to the target strategy, and can execute the corresponding operation according to different urgency degrees of the network problem, so that the networking equipment isolation system is more intelligent, the network of the network equipment can be quickly and timely disconnected when the network equipment is invaded by the network virus, the quick partition is realized, the network virus propagation is avoided, the whole process does not need manual intervention, and the labor cost is reduced.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that the various features described in the foregoing embodiments may be combined in any suitable manner without contradiction. In order to avoid unnecessary repetition, various possible combinations will not be separately described in this disclosure.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.
Claims (10)
1. Networking equipment automatic isolation system, its characterized in that, the system includes: the system comprises an intrusion detection device arranged in a networking system, network forbidding modules arranged on network equipment and a network management system arranged on a server, wherein the intrusion detection device, the network equipment and the network management system are respectively in communication connection;
the network management system is configured with a plurality of strategies, and the network management system is used for determining the target strategy corresponding to the network problem detected by the intrusion detection device and controlling the network equipment with the network problem to execute the operation corresponding to the target strategy.
2. The system according to claim 1, wherein the plurality of policies configured on the network management system include a primary policy, a secondary policy, and a tertiary policy;
the first-level strategy corresponds to network abnormity, the second-level strategy corresponds to network failure, and the third-level strategy corresponds to network safety.
3. The system according to claim 2, wherein when the network problem detected by the intrusion detection device is a network anomaly, the network management system determines that the network anomaly corresponds to the primary policy, and controls the network device with the network anomaly to send an early warning message to a maintenance staff.
4. The system of claim 2, wherein when the network problem detected by the intrusion detection device is a network failure, the network management system determines that the network failure corresponds to the secondary policy, and controls the network device having the network failure to send failure information to a manager and a maintainer.
5. The system of claim 2, wherein in case that the network problem detected by the intrusion detection device is network security, the network management system determines that the network security corresponds to the three-level policy, disconnects the network of the network device where the network security occurs, and controls the network device where the network security occurs to send security information to a manager and a maintainer.
6. The system of claim 5, wherein the network management system initiates the network disabling module to switch the IP address of the network device.
7. The system of claim 6, wherein the network management system initiates the network disabling module to switch the network device to automatically obtain an IP address; or
And the network management system starts the network forbidding module to switch the network equipment into a fixed IP address.
8. The system of claim 5, wherein the network management system activates the network disabling module on the network device to close a port of a server corresponding to the network device.
9. The system of claim 5, wherein the network management system enables the network disabling module on the network device to close all ports of the network device.
10. The system according to claim 1, wherein in a case that the system version of each of the network devices is different, the version of the network disabling module is consistent with the system version of the network device in which it is located.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211400951.9A CN115913692A (en) | 2022-11-09 | 2022-11-09 | Automatic isolation system of networking equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211400951.9A CN115913692A (en) | 2022-11-09 | 2022-11-09 | Automatic isolation system of networking equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115913692A true CN115913692A (en) | 2023-04-04 |
Family
ID=86477751
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211400951.9A Pending CN115913692A (en) | 2022-11-09 | 2022-11-09 | Automatic isolation system of networking equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115913692A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117240623A (en) * | 2023-11-13 | 2023-12-15 | 杭州海康威视数字技术股份有限公司 | Worm virus blocking system, method and device for guaranteeing service continuity |
-
2022
- 2022-11-09 CN CN202211400951.9A patent/CN115913692A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117240623A (en) * | 2023-11-13 | 2023-12-15 | 杭州海康威视数字技术股份有限公司 | Worm virus blocking system, method and device for guaranteeing service continuity |
| CN117240623B (en) * | 2023-11-13 | 2024-02-02 | 杭州海康威视数字技术股份有限公司 | Worm virus blocking system, method and device for guaranteeing service continuity |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7228564B2 (en) | Method for configuring a network intrusion detection system | |
| CN101034976B (en) | Intrusion detection in an IP connected security system | |
| US20080222702A1 (en) | System and method for preventing viruses from intruding into network | |
| CN214306527U (en) | Gas pipe network scheduling monitoring network safety system | |
| CN112738125A (en) | Network security collaborative defense system | |
| CN115913692A (en) | Automatic isolation system of networking equipment | |
| US20140297004A1 (en) | Method for detecting abnormal traffic on control system protocol | |
| KR101343693B1 (en) | Network security system and method for process thereof | |
| WO2023039676A1 (en) | Methods and systems for assessing and enhancing cybersecurity of a network | |
| CN116015895A (en) | Big data computer network safety protection system | |
| CN112583932B (en) | Service processing method, device and network architecture | |
| KR102145421B1 (en) | Digital substation with smart gateway | |
| CN117041760B (en) | Communication network switching device, system and method | |
| KR20080076638A (en) | Method of curing computer viruses and patching programs in networked computers using communication control and system for the same | |
| CN215912109U (en) | Industrial control network architecture for real-time detection of network data traffic and attack | |
| KR102160537B1 (en) | Digital substation with smart gateway | |
| KR102160539B1 (en) | Digital substation with smart gateway | |
| Kiuchi et al. | Security technologies, usage and guidelines in SCADA system networks | |
| CN111031062B (en) | Industrial control system panoramic perception monitoring method, device and system with self-learning function | |
| JP2018129712A (en) | Network monitoring system | |
| US20240121213A1 (en) | Firewall gateway device and related methods for protecting distributed energy resources and other operational technologies against cyberattacks | |
| CN117240550B (en) | Isolation control method and firewall for production control zone I and zone II of transformer substation | |
| CN117640246A (en) | Urban industrial control network safety reinforcing system | |
| Kun et al. | Design and implementation of a network emergency response mechanism based on flow and application | |
| CN115047822A (en) | Industrial control network safety protection method based on PLC |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |