CN116436657A - Intelligent coal mine office network safety management method and system - Google Patents
Intelligent coal mine office network safety management method and system Download PDFInfo
- Publication number
- CN116436657A CN116436657A CN202310331723.9A CN202310331723A CN116436657A CN 116436657 A CN116436657 A CN 116436657A CN 202310331723 A CN202310331723 A CN 202310331723A CN 116436657 A CN116436657 A CN 116436657A
- Authority
- CN
- China
- Prior art keywords
- network
- information
- coal mine
- equipment
- access request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 239000003245 coal Substances 0.000 title claims abstract description 66
- 238000007726 management method Methods 0.000 title claims abstract description 24
- 238000000034 method Methods 0.000 claims abstract description 28
- 238000004590 computer program Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 239000000463 material Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
In the intelligent coal mine office network security management method, system and storage medium, a network access request message is acquired, wherein the network access request message comprises personnel information and equipment information of a network access request; determining corresponding network use rights according to the personnel information and the equipment information; and configuring network resources matched with the network use permission according to the network use permission. Therefore, the method can automatically determine the corresponding network use permission according to the personnel information and the equipment information in the network request message, and configure the network resource matched with the network use permission, so that the accessed equipment information can be recorded, the equipment accessed to the coal mine office network is ensured to be the equipment which needs to be accessed, the network permission of the equipment is controlled, and the threat of the equipment accessed to the network to the safety of the coal mine office network is avoided.
Description
Technical Field
The disclosure relates to the technical field of network security management, in particular to an intelligent coal mine office network security management method, system and storage medium.
Background
Along with the rapid development of the intelligentization of coal mine office, the network relationship of the coal mine office area is more and more complex. Based on this, the network of the coal mine office area needs to be managed to ensure the network security of the coal mine office area.
In the related art, equipment which is accessed to a coal mine office network is configured manually, and network configuration information corresponding to the equipment is recorded. However, in the related art, errors may occur in manually recording network configuration information, and based on manually configuring devices accessing the coal mine office network, the accessed devices may not be traced, so that the devices that should not access the coal mine office network may not access the coal mine office network, thereby threatening the security of the coal mine office network.
Disclosure of Invention
The disclosure provides an intelligent coal mine office network security management method, system and storage medium, which aim to solve the technical problems in the related art.
An embodiment of a first aspect of the present disclosure provides an intelligent coal mine office network security management method, including:
acquiring a network access request message, wherein the network access request message comprises personnel information and equipment information of a network access request;
determining corresponding network use rights according to the personnel information and the equipment information;
and configuring network resources matched with the network use permission according to the network use permission.
Optionally, before the obtaining the network access request message, the method includes:
acquiring topographic information of a coal mine office area, and generating an area topographic map of the coal mine office area according to the topographic information;
and acquiring equipment information and network resource information with network connection requirements in the coal mine office area, and displaying the equipment information and the network resource information in an area topographic map to obtain a network topological map of the coal mine office area.
Optionally, the determining the corresponding network usage right according to the personnel information and the equipment information includes:
determining a corresponding network use level according to the personnel information;
determining corresponding network resource information according to the equipment information;
and determining corresponding network use permission based on the network use grade and the network resource information.
Optionally, the network resource information includes intranet resource information and extranet resource information.
Optionally, the configuring, according to the network usage right, a network resource matched with the network usage right includes:
according to the network use permission, determining a network port and a network IP address matched with the network use permission;
the network port and the network IP address are added in the network management equipment so as to allow the network port and the network IP address to access the network.
Optionally, the method further comprises:
and collecting and storing the network usage record corresponding to the equipment information.
An embodiment of a second aspect of the present disclosure provides an intelligent coal mine office network security management system, including:
the acquisition module is used for acquiring a network access request message, wherein the network access request message comprises personnel information and equipment information of a network access request;
the determining module is used for determining corresponding network use permission according to the personnel information and the equipment information;
and the configuration module is used for configuring network resources matched with the network use permission according to the network use permission.
The embodiment of the third aspect of the application provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor executes the program to implement the method as described in the first aspect.
The embodiment of the fourth aspect of the application provides a computer storage medium, where the computer storage medium stores computer executable instructions; the computer executable instructions, when executed by a processor, are capable of implementing the method as described in the first aspect above.
In the intelligent coal mine office network security management method, system and storage medium, a network access request message is acquired, wherein the network access request message comprises personnel information and equipment information of a network access request; determining corresponding network use rights according to the personnel information and the equipment information; and configuring network resources matched with the network use permission according to the network use permission. Therefore, the method can automatically determine the corresponding network use permission according to the personnel information and the equipment information in the network request message, and configure the network resource matched with the network use permission, so that the accessed equipment information can be recorded, the equipment accessed to the coal mine office network is ensured to be the equipment which needs to be accessed, the network permission of the equipment is controlled, and the threat of the equipment accessed to the network to the safety of the coal mine office network is avoided.
Additional aspects and advantages of the disclosure will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the disclosure.
Drawings
The foregoing and/or additional aspects and advantages of the present disclosure will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a flow diagram of an intelligent coal mine office network security management method provided in accordance with an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of an intelligent coal mine office network security management system provided according to another embodiment of the present disclosure.
Detailed Description
Embodiments of the present disclosure are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are exemplary only for explaining the present disclosure and are not to be construed as limiting the present disclosure. On the contrary, the embodiments of the disclosure include all alternatives, modifications, and equivalents as may be included within the spirit and scope of the appended claims.
Example 1
Fig. 1 is a flow chart of an intelligent coal mine office network security management method according to an embodiment of the disclosure, as shown in fig. 1, the method includes:
In this embodiment of the present application, the personnel information may include identity information of a person sending the network access request message. By way of example, the person information may include the name, department, job of the person. In this embodiment of the present application, the device information may include a device type and a description of a network to be used. By way of example, the device information may include device type, functionality, usage network.
In this embodiment of the present application, before the network access request message is obtained, a network topology map of the coal mine office area needs to be obtained, so that network resources are configured for devices in the network access request message later.
Specifically, in the embodiment of the present application, the method for acquiring a network topology map of a coal mine office area may include the following steps:
step 1011, obtaining the topographic information of the coal mine office area, and generating an area topographic map of the coal mine office area according to the topographic information;
in this embodiment of the present application, the coal mine office area may include a mine area or a park in a coal mine.
In the embodiment of the application, the topographic information of the coal mine office area can be obtained through the measurement information of the coal mine office area.
Further, in the embodiment of the present application, after the topographic information of the coal mine office area is obtained, an area topographic map (such as a plane or a 3D topographic map) of the coal mine office area may be generated according to the topographic information.
Step 1012, collecting equipment information and network resource information with network connection requirements in the coal mine office area, and displaying the equipment information and the network resource information in the area topographic map to obtain a network topological diagram of the coal mine office area.
In the embodiment of the application, equipment information and network resource information with network connection requirements in the coal mine office area can be acquired through input. In this embodiment of the present application, the network resource information may include intranet resource information and extranet resource information.
Specifically, in the embodiment of the present application, the existing network resources are divided into the external network resources and the internal network resources. In this embodiment of the present application, the external network resource may communicate with the public network, that is, an external user may access an external network website, and the internal network resource may establish communication with the external network resource, so that the internal network resource accesses the external network through the external network resource.
In the embodiment of the application, the network structure of the coal mine office area and the network information and the network connection relation corresponding to all the devices can be obtained through the network topology diagram of the coal mine office area. For example, devices such as a firewall and an encryption gateway are arranged between the intranet resource and the extranet resource so as to ensure the network security of the intranet resource and the extranet resource.
In the embodiment of the application, after the personnel information and the equipment information are acquired, the corresponding network use permission can be determined according to the personnel information and the equipment information.
Specifically, in the embodiment of the present application, the method for determining the corresponding network usage right according to the personnel information and the equipment information may include the following steps:
step 1021, determining a corresponding network use level according to the personnel information;
in this embodiment of the present application, the method for determining the corresponding network usage time limit level according to the personnel information may include: the departments and the roles of the personnel initiating the network access request message can be determined according to the personnel information, and the corresponding network use level is determined according to the departments and the roles corresponding to the personnel. The network usage level may be a security level of network usage.
Step 1022, determining corresponding network resource information according to the device information;
in this embodiment of the present application, the method for determining corresponding network resource information according to the device information may include: and determining corresponding network resource information according to the equipment type and the function in the equipment information. For example, assuming that the device information is a fort machine and the function is to record and control the intranet operation, determining that the network resource information corresponding to the device is intranet resource information.
Step 1023, determining the corresponding network use permission based on the network use level and the network resource information.
In this embodiment of the present application, after obtaining the network usage level and the network resource information, the network usage level and the network resource information may be determined as corresponding network usage rights.
In this embodiment of the present application, the method for configuring, according to the network usage rights, the network resource matching the network usage rights may include the following steps:
step 1031, according to the network use authority, determining a network port and a network IP address matched with the network use authority;
in this embodiment of the present application, the network IP address corresponds to the network use permission, that is, when the network use permission is intranet resource information, the corresponding network IP address is an intranet IP address; when the network use authority is the external network resource information, the corresponding network IP address is the external network IP address.
Step 1032, adding the network port and the network IP address to the network management device to allow the network port and the network IP address to access the network.
In the embodiment of the application, the network port and the network IP address can be added into the network management device (such as a firewall) so as to allow the network port and the network IP address to access the network.
In an embodiment of the present application, the method may further include: and collecting and storing the network usage records corresponding to the device information. Specifically, in the embodiment of the present application, the network usage record (traffic or log) corresponding to the device information may be collected (e.g., grabbed), and the collected network usage record may be stored (e.g., for more than half a year).
In the intelligent coal mine office network security management method, a network access request message is acquired, wherein the network access request message comprises personnel information and equipment information of a network access request; determining corresponding network use rights according to the personnel information and the equipment information; and configuring network resources matched with the network use permission according to the network use permission. Therefore, the method can automatically determine the corresponding network use permission according to the personnel information and the equipment information in the network request message, and configure the network resource matched with the network use permission, so that the accessed equipment information can be recorded, the equipment accessed to the coal mine office network is ensured to be the equipment which needs to be accessed, the network permission of the equipment is controlled, and the threat of the equipment accessed to the network to the safety of the coal mine office network is avoided.
Fig. 2 is a schematic structural diagram of an intelligent coal mine office network security management system according to another embodiment of the present disclosure, as shown in fig. 2, the system includes:
an obtaining module 201, configured to obtain a network access request message, where the network access request message includes personnel information and equipment information of a network access request;
a determining module 202, configured to determine a corresponding network usage right according to the personnel information and the equipment information;
and the configuration module 203 is configured to configure network resources matched with the network usage rights according to the network usage rights.
In this embodiment of the present application, the intelligent coal mine office network security management system may further include a network access device and a core switch server, where the network core switch may include an intranet (private network) switch and an external network switch connected to a public network, where the external network switch may be connected to the intranet switch in a communication manner, protection devices such as a firewall and an encryption gateway are disposed between the external network switch and the intranet switch, and the network access device is connected to the central server.
In addition, in the embodiment of the present application, the intelligent coal mine office network security management system may further include a visible light security communication gateway.
Optionally, in an embodiment of the present application, the above system is further configured to:
acquiring topographic information of a coal mine office area, and generating an area topographic map of the coal mine office area according to the topographic information;
and acquiring equipment information and network resource information with network connection requirements in the coal mine office area, and displaying the equipment information and the network resource information in the area topographic map to obtain a network topological map of the coal mine office area.
Optionally, in the embodiment of the present application, the determining module 202 is specifically configured to:
determining a corresponding network use level according to the personnel information;
determining corresponding network resource information according to the equipment information;
and determining the corresponding network use permission based on the network use time limit level and the network resource information.
Optionally, in the embodiment of the present application, the network resource information includes intranet resource information and extranet resource information.
Optionally, in the embodiment of the present application, the configuration module 203 is specifically configured to:
according to the network use authority, determining a network port and a network IP address matched with the network use authority;
the network port and the network IP address are added to the network management device to allow the network port and the network IP address to access the network.
Optionally, in an embodiment of the present application, the above system is further configured to:
and collecting and storing the network usage records corresponding to the device information.
In the intelligent coal mine office network security management system, a network access request message is acquired, wherein the network access request message comprises personnel information and equipment information of a network access request; determining corresponding network use rights according to the personnel information and the equipment information; and configuring network resources matched with the network use permission according to the network use permission. Therefore, the method can automatically determine the corresponding network use permission according to the personnel information and the equipment information in the network request message, and configure the network resource matched with the network use permission, so that the accessed equipment information can be recorded, the equipment accessed to the coal mine office network is ensured to be the equipment which needs to be accessed, the network permission of the equipment is controlled, and the threat of the equipment accessed to the network to the safety of the coal mine office network is avoided.
In order to implement the above-described embodiments, the present disclosure also proposes a computer storage medium.
The computer storage medium provided by the embodiment of the disclosure stores an executable program; the executable program, when executed by a processor, is capable of implementing the method as shown in any of fig. 1.
In order to implement the above-mentioned embodiments, the present disclosure also proposes a computer device.
The embodiment of the disclosure provides a computer device comprising a memory, a processor and a computer program stored on the memory and capable of running on the processor; the processor, when executing the program, is capable of implementing the method as shown in any one of fig. 1.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and additional implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the embodiments of the present application.
Although embodiments of the present application have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the application, and that variations, modifications, alternatives, and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the application.
Claims (10)
1. An intelligent coal mine office network safety management method is characterized by comprising the following steps:
acquiring a network access request message, wherein the network access request message comprises personnel information and equipment information of a network access request;
determining corresponding network use rights according to the personnel information and the equipment information;
and configuring network resources matched with the network use permission according to the network use permission.
2. The method of claim 1, wherein prior to the obtaining the network access request message, comprising:
acquiring topographic information of a coal mine office area, and generating an area topographic map of the coal mine office area according to the topographic information;
and acquiring equipment information and network resource information with network connection requirements in the coal mine office area, and displaying the equipment information and the network resource information in an area topographic map to obtain a network topological map of the coal mine office area.
3. The method of claim 1, wherein the determining the corresponding network usage rights based on the personnel information and the device information comprises:
determining a corresponding network use level according to the personnel information;
determining corresponding network resource information according to the equipment information;
and determining corresponding network use permission based on the network use time limit level and the network resource information.
4. A method according to any of claims 2-3, wherein the network resource information comprises intranet resource information and extranet resource information.
5. The method of claim 1, wherein configuring network resources matching the network usage rights according to the network usage rights comprises:
according to the network use permission, determining a network port and a network IP address matched with the network use permission;
the network port and the network IP address are added in the network management equipment so as to allow the network port and the network IP address to access the network.
6. The method of claim 1, wherein the method further comprises:
and collecting and storing the network usage record corresponding to the equipment information.
7. An intelligent coal mine office network security management system, comprising:
the acquisition module is used for acquiring a network access request message, wherein the network access request message comprises personnel information and equipment information of a network access request;
the determining module is used for determining corresponding network use permission according to the personnel information and the equipment information;
and the configuration module is used for configuring network resources matched with the network use permission according to the network use permission.
8. The system of claim 7, wherein the system is further configured to:
acquiring topographic information of a coal mine office area, and generating an area topographic map of the coal mine office area according to the topographic information;
and acquiring equipment information and network resource information with network connection requirements in the coal mine office area, and displaying the equipment information and the network resource information in an area topographic map to obtain a network topological map of the coal mine office area.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any of claims 1-6 when the program is executed.
10. A computer storage medium, wherein the computer storage medium stores computer-executable instructions; the computer-executable instructions, when executed by a processor, are capable of implementing the method of any of claims 1-6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310331723.9A CN116436657A (en) | 2023-03-30 | 2023-03-30 | Intelligent coal mine office network safety management method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310331723.9A CN116436657A (en) | 2023-03-30 | 2023-03-30 | Intelligent coal mine office network safety management method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116436657A true CN116436657A (en) | 2023-07-14 |
Family
ID=87086624
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310331723.9A Pending CN116436657A (en) | 2023-03-30 | 2023-03-30 | Intelligent coal mine office network safety management method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116436657A (en) |
-
2023
- 2023-03-30 CN CN202310331723.9A patent/CN116436657A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108134764B (en) | Distributed data sharing and exchanging method and system | |
CN101901315B (en) | Security isolation and monitoring management method of USB mobile storage media | |
US8813225B1 (en) | Provider-arbitrated mandatory access control policies in cloud computing environments | |
CN110858833B (en) | Access control policy configuration method, device and system and storage medium | |
CN111800408B (en) | Policy configuration device, security policy configuration method of terminal, and readable storage medium | |
WO2019128299A1 (en) | Test system and test method | |
US20170185661A1 (en) | Extensible extract, transform and load (etl) framework | |
KR20190130933A (en) | Method and apparatus for constructing data based blockchain | |
CN111147527A (en) | Internet of things system and equipment authentication method, device, equipment and medium thereof | |
CN111310230B (en) | Spatial data processing method, device, equipment and medium | |
CN112765663A (en) | File access control method, device, equipment, server and storage medium | |
CN114257438B (en) | Electric power monitoring system management method and device based on honeypot and computer equipment | |
CN105183799B (en) | Authority management method and client | |
CN112751704B (en) | Method, device and equipment for checking connectivity of heterogeneous network in network target range | |
KR102142045B1 (en) | A server auditing system in a multi cloud environment | |
CN116436657A (en) | Intelligent coal mine office network safety management method and system | |
CN115604103A (en) | Configuration method and device of cloud computing system, storage medium and electronic equipment | |
CN116095642A (en) | Power wireless network data management system | |
CN114880717A (en) | Data archiving method and device | |
Schmieders et al. | Architectural runtime models for privacy checks of cloud applications | |
Cisco | Monitoring Routers | |
KR101113720B1 (en) | Shared folder access control system and method using internet protocol | |
CN104363276A (en) | Subdomain-based third-party cloud monitoring method | |
KR100404321B1 (en) | System and method for security evaluation of internet host system | |
CN117236645B (en) | IT asset management system for data center based on equipment information classification |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |