CN116418600B - Node security operation and maintenance method, device, equipment and storage medium - Google Patents
Node security operation and maintenance method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN116418600B CN116418600B CN202310678835.1A CN202310678835A CN116418600B CN 116418600 B CN116418600 B CN 116418600B CN 202310678835 A CN202310678835 A CN 202310678835A CN 116418600 B CN116418600 B CN 116418600B
- Authority
- CN
- China
- Prior art keywords
- node
- target
- final
- maintenance
- unique identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012423 maintenance Methods 0.000 title claims abstract description 108
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012546 transfer Methods 0.000 claims abstract description 38
- 238000012795 verification Methods 0.000 claims description 28
- 230000004044 response Effects 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 claims description 6
- 239000004973 liquid crystal related substance Substances 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 39
- 238000004590 computer program Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0471—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
The embodiment of the disclosure provides a node security operation and maintenance method, device, equipment and storage medium, which are applied to the technical field of operation and maintenance management and control. The method includes responding to the received operation instruction and the IP address of the target final node; determining a corresponding unique identification ID according to the IP address of the target final-stage node; determining a corresponding target transit node according to the IP address of the target final-stage node; and sending the unique identification ID and the operation and maintenance operation instruction to the target transfer node so that the target transfer node determines the target final stage node according to the unique identification ID and forwards the operation and maintenance operation instruction to the target final stage node. In this way, the one-key automatic safe operation and maintenance management of a plurality of nodes can be realized under one operation and maintenance management platform, meanwhile, the IP and the position of the operation and maintenance management platform can not be directly traced from the final-stage node, and the anonymous security of the operation and maintenance management platform is ensured.
Description
Technical Field
The disclosure relates to the technical field of operation and maintenance management and control, and in particular relates to a node security operation and maintenance method, device, equipment and storage medium.
Background
With the explosive development of the internet industry, besides various network attacks, some hacking situations are not uncommon. This event is more destructive than a network attack, the system is hacked, information may be lost, and the application system is destroyed once. With the consequent long interruption of service, the operation and maintenance industry presents unprecedented challenges. Particularly, in the global internet environment, how to realize one-key automatic safe operation and maintenance management on a plurality of nodes under a unified management platform, and simultaneously ensure the anonymous security of the unified management platform is a problem to be solved.
Disclosure of Invention
The disclosure provides a node security operation and maintenance method, device, equipment and storage medium.
According to a first aspect of the present disclosure, a node security operation and maintenance method is provided. The method comprises the following steps:
responding to the received operation instruction and the IP address of the target final node; determining a corresponding unique identification ID according to the IP address of the target final-stage node;
determining a corresponding target transit node according to the IP address of the target final-stage node;
and sending the unique identification ID and the operation and maintenance operation instruction to the target transfer node so that the target transfer node determines the target final stage node according to the unique identification ID and forwards the operation and maintenance operation instruction to the target final stage node.
Further, the operation and maintenance management platform server stores IP addresses of a plurality of final nodes and corresponding unique identifiers IDs thereof, wherein the generating process of any one unique identifier ID includes:
generating an identification code according to the IP address of the final node and a preset character string;
and carrying out MD5 encryption on the identification code to obtain a unique identification ID of the final stage node.
Further, the operation and maintenance management platform server stores a corresponding relationship between a transit node and a final-stage node, and the determining a corresponding target transit node according to the IP address of the target final-stage node includes:
and searching a corresponding transfer node in a pre-stored corresponding relation between the transfer node and the final-stage node according to the IP address of the target final-stage node, and obtaining the target transfer node.
Further, the target transit node stores IP addresses of a plurality of final nodes and corresponding unique identifiers IDs thereof, and the determining the target final node according to the unique identifiers IDs and forwarding the operation and maintenance instruction to the target final node includes:
in response to receiving the operation and maintenance instruction and the unique identification ID, determining an IP address of the target final stage node according to the unique identification ID;
and sending the operation and maintenance operation instruction to the target final stage node according to the IP address of the target final stage node, so that the target final stage node performs operation and maintenance operation according to the operation and maintenance operation instruction and returns state data.
Further, the target final node performs operation and returns status data according to the operation and maintenance instruction, including:
the target final stage node responds to the received operation and maintenance operation instruction, and data acquisition is carried out according to the operation and maintenance operation instruction;
encrypting the acquired data to obtain encrypted state data;
MD5 calculation is carried out on the encrypted state data to obtain a verification value;
and sending the encrypted state data and the verification value to the target transit node so that the target transit node forwards the encrypted state data and the verification value to the operation and maintenance management platform server.
Further, the method further comprises:
in response to receiving the encrypted state data and the verification value, performing MD5 calculation on the encrypted state data to obtain a verification value;
verifying the encrypted state data according to the verification value and the verification value;
and decrypting and storing the encrypted state data in response to verification of correctness.
Further, the method further comprises:
and in response to the fact that the encrypted state data is not received within a preset time, sending an instruction for restarting the target final-stage node to the target transit node, so that the target transit node forwards the restarting instruction to the target final-stage node.
According to a second aspect of the present disclosure, a node security operation and maintenance device is provided. The device comprises:
the information acquisition module is used for responding to the received operation and maintenance operation instruction and the IP address of the target final-stage node; determining a corresponding unique identification ID according to the IP address of the target final-stage node;
the transfer node determining module is used for determining a corresponding target transfer node according to the IP address of the target final-stage node;
and the operation and maintenance operation instruction sending module is used for sending the unique identification ID and the operation and maintenance operation instruction to the target transfer node so that the target transfer node can determine the target final-stage node according to the unique identification ID and forward the operation and maintenance operation instruction to the target final-stage node.
According to a third aspect of the present disclosure, an electronic device is provided. The electronic device includes: a memory and a processor, the memory having stored thereon a computer program, the processor implementing the method as described above when executing the program.
According to a fourth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method according to the first aspect of the present disclosure.
The embodiment of the disclosure provides a node security operation and maintenance method, device, equipment and storage medium. Determining a corresponding unique identification ID through an IP address of a target final node; determining a corresponding target transit node according to the IP address of the target final-stage node; and sending the unique identification ID and the operation and maintenance operation instruction to the target transfer node so that the target transfer node determines the target final stage node according to the unique identification ID and forwards the operation and maintenance operation instruction to the target final stage node. In this way, the one-key automatic safe operation and maintenance management of a plurality of nodes can be realized under one unified management platform, meanwhile, the IP and the position of the unified management platform can not be directly traced from the final-stage node, and the anonymous security of the unified management platform is ensured.
It should be understood that what is described in this summary is not intended to limit the critical or essential features of the embodiments of the disclosure nor to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. For a better understanding of the present disclosure, and without limiting the disclosure thereto, the same or similar reference numerals denote the same or similar elements, wherein:
FIG. 1 illustrates a flow chart of a node security operation and maintenance method according to an embodiment of the present disclosure;
FIG. 2 illustrates a partial schematic of an operation and maintenance management platform, a transit node, and a final node according to the present disclosure;
FIG. 3 illustrates a flow chart of a node security operation and maintenance method according to yet another embodiment of the present disclosure;
FIG. 4 illustrates a block diagram of a node security operation and maintenance device according to an embodiment of the present disclosure;
fig. 5 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some embodiments of the present disclosure, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments in this disclosure without inventive faculty, are intended to be within the scope of this disclosure.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
In the method, a transfer node is added between the operation and maintenance management platform and the final-stage node, the transfer node is responsible for communication transfer between the operation and maintenance management platform and the final-stage node, and the final-stage node cannot directly trace to the operation and maintenance management platform. Meanwhile, the operation and maintenance management platform is actively connected outwards, any service is not developed outwards, and the operation and maintenance management platform cannot be attacked by external attackers under the condition that no service exists, so that the safety of the platform is improved.
Fig. 1 illustrates a flow chart of a node security operation and maintenance method 100 according to an embodiment of the present disclosure. The method 100 comprises the following steps:
step 110, responding to the received operation instruction and the IP address of the target final stage node; and determining a corresponding unique identification ID according to the IP address of the target final stage node.
In some embodiments, the operation and maintenance management platform server stores IP addresses of a plurality of final nodes and corresponding unique identification IDs thereof, wherein for any one generation process of the unique identification IDs, the generation process includes: generating an identification code according to the IP address of the final node and a preset character string; and carrying out MD5 encryption on the identification code to obtain a unique identification ID of the final stage node.
In some embodiments, when a user needs to perform an operation on a final node, the operation and maintenance management platform determines a corresponding unique identifier ID according to the IP address of the final node on which the operation and maintenance is performed.
And step 120, determining a corresponding target transit node according to the IP address of the target final-stage node.
In some embodiments, the operation and maintenance management platform, the transit node, and the final node are partially structured as shown in FIG. 2. The operation and maintenance management platform server stores the corresponding relation between the transfer nodes and the final nodes, namely, one group of transfer nodes corresponds to a plurality of groups of final nodes, and can determine the corresponding transfer node according to the IP address of the target final node, namely, the corresponding transfer node is searched in the corresponding relation between the pre-stored transfer node and the final nodes according to the IP address of the target final node, so as to obtain the target transfer node. For example, when the management platform performs operation and maintenance management on the final node 5, the target transit node can be determined to be the transit node 2 through the corresponding relationship that the final node 5 corresponds to the transit node 2.
And 130, transmitting the unique identification ID and the operation and maintenance operation instruction to the target transit node.
So that the target transit node determines the target final stage node from the unique identification ID and forwards the operation and maintenance instruction to the target final stage node.
In some embodiments, the target transit node stores IP addresses of a plurality of final-stage nodes and corresponding unique identifiers IDs, and when the target transit node receives an operation command sent by an operation management platform and the unique identifiers IDs, the IP address of the target final-stage node is determined according to the unique identifiers IDs. And then, sending the operation and maintenance operation instruction to the target final stage node according to the IP address of the target final stage node, so that the target final stage node performs operation and maintenance operation according to the operation and maintenance operation instruction and returns state data. In the whole transmission process, the IP address is not carried for transmission, so that the IP security is ensured, and all the node IP addresses are prevented from being acquired by malicious personnel. For example, an operation instruction to the final stage node 5 is issued to the transit node 2, and the unique identification ID with the final stage node 5 is sent to the transit node 2, and when the transit node 2 receives the unique identification ID, the IP address of the final stage node 5 is resolved and compared through the unique identification ID, so that a corresponding operation instruction is sent to the final stage node 5.
In some embodiments, it may also be implemented to perform operation and maintenance management on multiple final nodes simultaneously.
According to the node security operation and maintenance method provided by the embodiment of the disclosure, the corresponding unique identification ID is determined through the IP address of the target final-stage node; determining a corresponding target transit node according to the IP address of the target final-stage node; and sending the unique identification ID and the operation and maintenance operation instruction to the target transfer node so that the target transfer node determines the target final stage node according to the unique identification ID and forwards the operation and maintenance operation instruction to the target final stage node. In this way, the safe operation and maintenance management of a plurality of nodes can be realized under one operation and maintenance management platform, meanwhile, the IP and the position of the operation and maintenance management platform can not be directly traced from the final-stage node, and the anonymous security of the operation and maintenance management platform is ensured.
Based on the above embodiment, in a flowchart of a node security operation and maintenance method as shown in fig. 3 according to another embodiment provided in the present disclosure, that is, a target final node performs an operation and maintenance operation according to the operation and maintenance operation instruction and returns status data, the method includes the following steps:
in step 310, the target final stage node responds to the received operation and maintenance operation instruction, and performs data acquisition according to the operation and maintenance operation instruction.
Step 320, encrypt the collected data to obtain encrypted state data.
And 330, performing MD5 calculation on the encrypted state data to obtain a verification value.
And step 340, transmitting the encrypted state data and the verification value to the target transit node.
And the target transit node transmits the encrypted state data and the verification value to the operation and maintenance management platform server.
In some embodiments, when the target final stage node receives the operation instruction sent by the target transit node, data acquisition is performed according to the operation instruction. And then encrypting the acquired data to ensure the safe transmission of the data. And then the MD5 code of the encrypted data is calculated and used as the verification value of the data. And the data and the MD5 code are sent to the operation and maintenance management platform through the transfer node, so that when the operation and maintenance management platform performs data verification, the MD5 code of the data is verified a priori, and if the verification is inconsistent, the data is directly discarded and is not processed, thereby improving the operation and maintenance operation efficiency.
Based on the above embodiment, in a further embodiment provided by the present disclosure, the method further includes decrypting and storing the state data of the last-stage node by the operation and maintenance management platform.
In some embodiments, when the operation and maintenance management platform receives the encrypted state data and the verification value, performing MD5 calculation on the encrypted state data to obtain the verification value; verifying the encrypted state data according to the verification value and the verification value; and in response to the verification correctness, decrypting and storing the encrypted state data to realize the accurate verification of the state data. And data which does not pass the verification is not stored.
Based on the foregoing embodiment, in another embodiment provided by the present disclosure, the method further includes the operation and maintenance management platform sending a restart node instruction when the state data is not received beyond a preset time.
In some embodiments, when the operation and maintenance management platform does not receive the encrypted state data within a preset time, an instruction for restarting the target final-stage node is sent to the target transit node, so that the target transit node forwards the restarting instruction to the target final-stage node.
In some embodiments, further comprising data analysis of the received state data to determine a safe state of the final node for timely safety management of the final node.
In some embodiments, the operation and maintenance management platform is provided with a timer for collecting data, and periodically starts the data collection work so as to facilitate the automatic management of the safe operation and maintenance.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present disclosure is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present disclosure. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all alternative embodiments, and that the acts and modules referred to are not necessarily required by the present disclosure.
The foregoing is a description of embodiments of the method, and the following further describes embodiments of the present disclosure through examples of apparatus.
Fig. 4 illustrates a block diagram of a node security operation and maintenance device 400 according to an embodiment of the present disclosure. As shown in fig. 4, the apparatus 400 includes:
an information acquisition module 410 for responding to the received operation instruction and the IP address of the target final node; determining a corresponding unique identification ID according to the IP address of the target final-stage node;
a transit node determining module 420, configured to determine a corresponding target transit node according to the IP address of the target final node;
and an operation and maintenance instruction sending module 430, configured to send the unique identifier ID and the operation and maintenance instruction to the target transit node, so that the target transit node determines the target final stage node according to the unique identifier ID and forwards the operation and maintenance instruction to the target final stage node.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the described modules may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
According to embodiments of the present disclosure, the present disclosure also provides an electronic device, a readable storage medium and a computer program product.
Fig. 5 shows a schematic block diagram of an electronic device 500 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
The electronic device 500 includes a computing unit 501 that can perform various appropriate actions and processes according to a computer program stored in a ROM502 or a computer program loaded from a storage unit 508 into a RAM 503. In the RAM503, various programs and data required for the operation of the electronic device 500 may also be stored. The computing unit 501, ROM502, and RAM503 are connected to each other by a bus 504. I/O interface 505 is also connected to bus 504.
A number of components in electronic device 500 are connected to I/O interface 505, including: an input unit 506 such as a keyboard, a mouse, etc.; an output unit 507 such as various types of displays, speakers, and the like; a storage unit 508 such as a magnetic disk, an optical disk, or the like; and a communication unit 509 such as a network card, modem, wireless communication transceiver, etc. The communication unit 509 allows the electronic device 500 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The computing unit 501 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 501 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 501 performs the various methods and processes described above, such as method 100. For example, in some embodiments, the method 100 may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as the storage unit 508. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 500 via the ROM502 and/or the communication unit 509. When the computer program is loaded into RAM503 and executed by computing unit 501, one or more steps of method 100 described above may be performed. Alternatively, in other embodiments, the computing unit 501 may be configured to perform the method 100 by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server incorporating a blockchain.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel, sequentially, or in a different order, provided that the desired results of the disclosed aspects are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (8)
1. The node security operation and maintenance method is characterized by being applied to an operation and maintenance management platform server and comprising the following steps:
responding to the received operation instruction and the IP address of the target final node; determining a corresponding unique identification ID according to the IP address of the target final-stage node; the operation and maintenance management platform server stores IP addresses of a plurality of final nodes and corresponding unique identification IDs, wherein the generation process of any unique identification ID comprises the following steps: generating an identification code according to the IP address of the final node and a preset character string; performing MD5 encryption on the identification code to obtain a unique identification ID of a final stage node;
the operation and maintenance management platform server stores the corresponding relation between the transfer node and the final-stage node; searching a corresponding transfer node in a pre-stored corresponding relation between the transfer node and the final-stage node according to the IP address of the target final-stage node to obtain a target transfer node;
and sending the unique identification ID and the operation and maintenance operation instruction to the target transfer node so that the target transfer node determines the target final stage node according to the unique identification ID and forwards the operation and maintenance operation instruction to the target final stage node.
2. The method of claim 1, wherein the target transit node stores IP addresses of a plurality of final nodes and their corresponding unique identification IDs, wherein determining the target final node from the unique identification IDs and forwarding the operation and maintenance instructions to the target final node comprises:
in response to receiving the operation and maintenance instruction and the unique identification ID, determining an IP address of the target final stage node according to the unique identification ID;
and sending the operation and maintenance operation instruction to the target final stage node according to the IP address of the target final stage node, so that the target final stage node performs operation and maintenance operation according to the operation and maintenance operation instruction and returns state data.
3. The method of claim 2, wherein the target final stage node performs an operation and returns status data in accordance with the operation instruction, comprising:
the target final stage node responds to the received operation and maintenance operation instruction, and data acquisition is carried out according to the operation and maintenance operation instruction;
encrypting the acquired data to obtain encrypted state data;
MD5 calculation is carried out on the encrypted state data to obtain a verification value;
and sending the encrypted state data and the verification value to the target transit node so that the target transit node forwards the encrypted state data and the verification value to the operation and maintenance management platform server.
4. A method according to claim 3, characterized in that the method further comprises:
in response to receiving the encrypted state data and the verification value, performing MD5 calculation on the encrypted state data to obtain a verification value;
verifying the encrypted state data according to the verification value and the verification value;
and decrypting and storing the encrypted state data in response to verification of correctness.
5. A method according to claim 3, characterized in that the method further comprises:
and in response to the fact that the encrypted state data is not received within a preset time, sending an instruction for restarting the target final-stage node to the target transit node, so that the target transit node forwards the restarting instruction to the target final-stage node.
6. The node security operation and maintenance device is characterized by being applied to an operation and maintenance management platform server and comprising:
the information acquisition module is used for responding to the received operation and maintenance operation instruction and the IP address of the target final-stage node; determining a corresponding unique identification ID according to the IP address of the target final-stage node; the operation and maintenance management platform server stores IP addresses of a plurality of final nodes and corresponding unique identification IDs, wherein the generation process of any unique identification ID comprises the following steps: generating an identification code according to the IP address of the final node and a preset character string; performing MD5 encryption on the identification code to obtain a unique identification ID of a final stage node;
the transfer node determining module is used for storing the corresponding relation between the transfer node and the final node in the operation and maintenance management platform server; searching a corresponding transfer node in a pre-stored corresponding relation between the transfer node and the final-stage node according to the IP address of the target final-stage node to obtain a target transfer node;
and the operation and maintenance operation instruction sending module is used for sending the unique identification ID and the operation and maintenance operation instruction to the target transfer node so that the target transfer node can determine the target final-stage node according to the unique identification ID and forward the operation and maintenance operation instruction to the target final-stage node.
7. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-5.
8. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310678835.1A CN116418600B (en) | 2023-06-09 | 2023-06-09 | Node security operation and maintenance method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310678835.1A CN116418600B (en) | 2023-06-09 | 2023-06-09 | Node security operation and maintenance method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116418600A CN116418600A (en) | 2023-07-11 |
| CN116418600B true CN116418600B (en) | 2023-08-15 |
Family
ID=87049572
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310678835.1A Active CN116418600B (en) | 2023-06-09 | 2023-06-09 | Node security operation and maintenance method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116418600B (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010069229A1 (en) * | 2008-12-18 | 2010-06-24 | 腾讯科技(深圳)有限公司 | Method for selecting the transit node in p2p system and the p2p node thereof |
| CN101932367A (en) * | 2009-03-30 | 2010-12-29 | 华为技术有限公司 | Method, apparatus and system for processing the private message |
| CN104106240A (en) * | 2012-02-24 | 2014-10-15 | 华为技术有限公司 | Balancing of Forwarding and Address Resolution in Overlay Networks |
| CN109218076A (en) * | 2018-08-09 | 2019-01-15 | 华为技术有限公司 | A kind of O&M method and device |
| WO2020154865A1 (en) * | 2019-01-28 | 2020-08-06 | 北京大学深圳研究生院 | Progressive ip removal method and system supporting multi-mode identifier network addressing and storage medium |
| CN113259393A (en) * | 2021-06-28 | 2021-08-13 | 北京华云安信息技术有限公司 | Data forwarding method and device based on multi-level nodes |
| CN113438172A (en) * | 2021-08-26 | 2021-09-24 | 北京华云安信息技术有限公司 | Data transmission method and device based on multi-level node network |
| CN113922972A (en) * | 2021-12-10 | 2022-01-11 | 北京华云安信息技术有限公司 | Data forwarding method and device based on MD5 identification code |
| US11244350B1 (en) * | 2016-11-03 | 2022-02-08 | Michael Soliman | Digital space estate management and intelligent content distribution |
| CN114338510A (en) * | 2021-12-09 | 2022-04-12 | 北京华云安信息技术有限公司 | Data forwarding method and system with separated control and forwarding |
| CN114490565A (en) * | 2020-10-27 | 2022-05-13 | 网联清算有限公司 | Database fault processing method and device |
| CN115277864A (en) * | 2022-07-27 | 2022-11-01 | 海通证券股份有限公司 | Route determining method and device, computer readable storage medium and terminal |
| CN115550363A (en) * | 2022-09-26 | 2022-12-30 | 安徽华云安科技有限公司 | Node hierarchical management method and device and electronic equipment |
| CN116167092A (en) * | 2023-04-21 | 2023-05-26 | 支付宝(杭州)信息技术有限公司 | Secret state data query method and device, storage medium and electronic equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8458285B2 (en) * | 2008-03-20 | 2013-06-04 | Post Dahl Co. Limited Liability Company | Redundant data forwarding storage |
| US10819685B2 (en) * | 2018-03-02 | 2020-10-27 | Futurewei Technologies, Inc. | Lightweight secure autonomic control plane |
-
2023
- 2023-06-09 CN CN202310678835.1A patent/CN116418600B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010069229A1 (en) * | 2008-12-18 | 2010-06-24 | 腾讯科技(深圳)有限公司 | Method for selecting the transit node in p2p system and the p2p node thereof |
| CN101932367A (en) * | 2009-03-30 | 2010-12-29 | 华为技术有限公司 | Method, apparatus and system for processing the private message |
| CN104106240A (en) * | 2012-02-24 | 2014-10-15 | 华为技术有限公司 | Balancing of Forwarding and Address Resolution in Overlay Networks |
| US11244350B1 (en) * | 2016-11-03 | 2022-02-08 | Michael Soliman | Digital space estate management and intelligent content distribution |
| CN109218076A (en) * | 2018-08-09 | 2019-01-15 | 华为技术有限公司 | A kind of O&M method and device |
| WO2020154865A1 (en) * | 2019-01-28 | 2020-08-06 | 北京大学深圳研究生院 | Progressive ip removal method and system supporting multi-mode identifier network addressing and storage medium |
| CN114490565A (en) * | 2020-10-27 | 2022-05-13 | 网联清算有限公司 | Database fault processing method and device |
| CN113259393A (en) * | 2021-06-28 | 2021-08-13 | 北京华云安信息技术有限公司 | Data forwarding method and device based on multi-level nodes |
| CN113438172A (en) * | 2021-08-26 | 2021-09-24 | 北京华云安信息技术有限公司 | Data transmission method and device based on multi-level node network |
| CN114338510A (en) * | 2021-12-09 | 2022-04-12 | 北京华云安信息技术有限公司 | Data forwarding method and system with separated control and forwarding |
| CN113922972A (en) * | 2021-12-10 | 2022-01-11 | 北京华云安信息技术有限公司 | Data forwarding method and device based on MD5 identification code |
| CN115277864A (en) * | 2022-07-27 | 2022-11-01 | 海通证券股份有限公司 | Route determining method and device, computer readable storage medium and terminal |
| CN115550363A (en) * | 2022-09-26 | 2022-12-30 | 安徽华云安科技有限公司 | Node hierarchical management method and device and electronic equipment |
| CN116167092A (en) * | 2023-04-21 | 2023-05-26 | 支付宝(杭州)信息技术有限公司 | Secret state data query method and device, storage medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116418600A (en) | 2023-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105471760A (en) | Routing method, load balancing device and data communication system | |
| CN112953938B (en) | Network attack defense method, device, electronic equipment and readable storage medium | |
| CN114070752B (en) | Test method, test device, electronic equipment and computer readable storage medium | |
| CN114157480B (en) | Method, device, equipment and storage medium for determining network attack scheme | |
| CN107885634B (en) | Method and device for processing abnormal information in monitoring | |
| CN116418600B (en) | Node security operation and maintenance method, device, equipment and storage medium | |
| CN113312560A (en) | Group detection method and device and electronic equipment | |
| CN115514718B (en) | Data interaction method, control layer and equipment based on data transmission system | |
| CN115811421A (en) | Network security event monitoring method and device, electronic equipment and storage medium | |
| CN116015860A (en) | Network asset simulation method, device, equipment and medium based on honeypot technology | |
| CN111767489B (en) | Webpage running acceleration method, device, equipment and storage medium | |
| CN113965514A (en) | Link construction and display method and device and electronic equipment | |
| CN113114588A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN115664844B (en) | Honeypot camouflage simulation method and device based on protocol agent and electronic equipment | |
| CN116015960A (en) | Multi-node traffic confusion method, device, equipment and storage medium | |
| CN112506796B (en) | Data processing method, device, equipment and storage medium | |
| US11552965B2 (en) | Abnormality cause specification support system and abnormality cause specification support method | |
| CN117240596A (en) | Identity authentication method, device and equipment for adding new node into multi-stage node | |
| CN117632149A (en) | Control method and device of application program, electronic equipment and storage medium | |
| CN116208363A (en) | Network attack tool mining method, device, equipment and storage medium | |
| CN117499161A (en) | Network security testing method and device, electronic equipment and storage medium | |
| CN116232684A (en) | Authority verification method, device, equipment and storage medium based on route jump | |
| CN115408357A (en) | File record processing method, device, equipment and medium | |
| CN117728999A (en) | Web access flow control method, device, equipment and storage medium | |
| CN116594894A (en) | Interface testing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |