CN116436657A - Intelligent coal mine office network safety management method and system - Google Patents

Intelligent coal mine office network safety management method and system Download PDF

Info

Publication number
CN116436657A
CN116436657A CN202310331723.9A CN202310331723A CN116436657A CN 116436657 A CN116436657 A CN 116436657A CN 202310331723 A CN202310331723 A CN 202310331723A CN 116436657 A CN116436657 A CN 116436657A
Authority
CN
China
Prior art keywords
network
information
coal mine
equipment
access request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310331723.9A
Other languages
Chinese (zh)
Inventor
李慧
王刚
杜金洲
焦渭战
李汉汉
伏明
张倍宁
胡兵
孙晓虎
于忠升
金建成
李义朝
赵凯
刘维
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaneng Coal Industry Co ltd
Huaneng Qingyang Coal Power Co ltd
Shaanxi Mining Branch Of Huaneng Coal Industry Co ltd
Huating Coal Group Co Ltd
Dalai Nur Coal Industry Co Ltd
Huaneng Coal Technology Research Co Ltd
Huaneng Yunnan Diandong Energy Co Ltd
Original Assignee
Huaneng Coal Industry Co ltd
Huaneng Qingyang Coal Power Co ltd
Shaanxi Mining Branch Of Huaneng Coal Industry Co ltd
Huating Coal Group Co Ltd
Dalai Nur Coal Industry Co Ltd
Huaneng Coal Technology Research Co Ltd
Huaneng Yunnan Diandong Energy Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaneng Coal Industry Co ltd, Huaneng Qingyang Coal Power Co ltd, Shaanxi Mining Branch Of Huaneng Coal Industry Co ltd, Huating Coal Group Co Ltd, Dalai Nur Coal Industry Co Ltd, Huaneng Coal Technology Research Co Ltd, Huaneng Yunnan Diandong Energy Co Ltd filed Critical Huaneng Coal Industry Co ltd
Priority to CN202310331723.9A priority Critical patent/CN116436657A/en
Publication of CN116436657A publication Critical patent/CN116436657A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

In the intelligent coal mine office network security management method, system and storage medium, a network access request message is acquired, wherein the network access request message comprises personnel information and equipment information of a network access request; determining corresponding network use rights according to the personnel information and the equipment information; and configuring network resources matched with the network use permission according to the network use permission. Therefore, the method can automatically determine the corresponding network use permission according to the personnel information and the equipment information in the network request message, and configure the network resource matched with the network use permission, so that the accessed equipment information can be recorded, the equipment accessed to the coal mine office network is ensured to be the equipment which needs to be accessed, the network permission of the equipment is controlled, and the threat of the equipment accessed to the network to the safety of the coal mine office network is avoided.

Description

Intelligent coal mine office network safety management method and system
Technical Field
The disclosure relates to the technical field of network security management, in particular to an intelligent coal mine office network security management method, system and storage medium.
Background
Along with the rapid development of the intelligentization of coal mine office, the network relationship of the coal mine office area is more and more complex. Based on this, the network of the coal mine office area needs to be managed to ensure the network security of the coal mine office area.
In the related art, equipment which is accessed to a coal mine office network is configured manually, and network configuration information corresponding to the equipment is recorded. However, in the related art, errors may occur in manually recording network configuration information, and based on manually configuring devices accessing the coal mine office network, the accessed devices may not be traced, so that the devices that should not access the coal mine office network may not access the coal mine office network, thereby threatening the security of the coal mine office network.
Disclosure of Invention
The disclosure provides an intelligent coal mine office network security management method, system and storage medium, which aim to solve the technical problems in the related art.
An embodiment of a first aspect of the present disclosure provides an intelligent coal mine office network security management method, including:
acquiring a network access request message, wherein the network access request message comprises personnel information and equipment information of a network access request;
determining corresponding network use rights according to the personnel information and the equipment information;
and configuring network resources matched with the network use permission according to the network use permission.
Optionally, before the obtaining the network access request message, the method includes:
acquiring topographic information of a coal mine office area, and generating an area topographic map of the coal mine office area according to the topographic information;
and acquiring equipment information and network resource information with network connection requirements in the coal mine office area, and displaying the equipment information and the network resource information in an area topographic map to obtain a network topological map of the coal mine office area.
Optionally, the determining the corresponding network usage right according to the personnel information and the equipment information includes:
determining a corresponding network use level according to the personnel information;
determining corresponding network resource information according to the equipment information;
and determining corresponding network use permission based on the network use grade and the network resource information.
Optionally, the network resource information includes intranet resource information and extranet resource information.
Optionally, the configuring, according to the network usage right, a network resource matched with the network usage right includes:
according to the network use permission, determining a network port and a network IP address matched with the network use permission;
the network port and the network IP address are added in the network management equipment so as to allow the network port and the network IP address to access the network.
Optionally, the method further comprises:
and collecting and storing the network usage record corresponding to the equipment information.
An embodiment of a second aspect of the present disclosure provides an intelligent coal mine office network security management system, including:
the acquisition module is used for acquiring a network access request message, wherein the network access request message comprises personnel information and equipment information of a network access request;
the determining module is used for determining corresponding network use permission according to the personnel information and the equipment information;
and the configuration module is used for configuring network resources matched with the network use permission according to the network use permission.
The embodiment of the third aspect of the application provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor executes the program to implement the method as described in the first aspect.
The embodiment of the fourth aspect of the application provides a computer storage medium, where the computer storage medium stores computer executable instructions; the computer executable instructions, when executed by a processor, are capable of implementing the method as described in the first aspect above.
In the intelligent coal mine office network security management method, system and storage medium, a network access request message is acquired, wherein the network access request message comprises personnel information and equipment information of a network access request; determining corresponding network use rights according to the personnel information and the equipment information; and configuring network resources matched with the network use permission according to the network use permission. Therefore, the method can automatically determine the corresponding network use permission according to the personnel information and the equipment information in the network request message, and configure the network resource matched with the network use permission, so that the accessed equipment information can be recorded, the equipment accessed to the coal mine office network is ensured to be the equipment which needs to be accessed, the network permission of the equipment is controlled, and the threat of the equipment accessed to the network to the safety of the coal mine office network is avoided.
Additional aspects and advantages of the disclosure will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the disclosure.
Drawings
The foregoing and/or additional aspects and advantages of the present disclosure will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a flow diagram of an intelligent coal mine office network security management method provided in accordance with an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of an intelligent coal mine office network security management system provided according to another embodiment of the present disclosure.
Detailed Description
Embodiments of the present disclosure are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are exemplary only for explaining the present disclosure and are not to be construed as limiting the present disclosure. On the contrary, the embodiments of the disclosure include all alternatives, modifications, and equivalents as may be included within the spirit and scope of the appended claims.
Example 1
Fig. 1 is a flow chart of an intelligent coal mine office network security management method according to an embodiment of the disclosure, as shown in fig. 1, the method includes:
step 101, acquiring a network access request message, wherein the network access request message comprises personnel information and equipment information of a network access request.
In this embodiment of the present application, the personnel information may include identity information of a person sending the network access request message. By way of example, the person information may include the name, department, job of the person. In this embodiment of the present application, the device information may include a device type and a description of a network to be used. By way of example, the device information may include device type, functionality, usage network.
In this embodiment of the present application, before the network access request message is obtained, a network topology map of the coal mine office area needs to be obtained, so that network resources are configured for devices in the network access request message later.
Specifically, in the embodiment of the present application, the method for acquiring a network topology map of a coal mine office area may include the following steps:
step 1011, obtaining the topographic information of the coal mine office area, and generating an area topographic map of the coal mine office area according to the topographic information;
in this embodiment of the present application, the coal mine office area may include a mine area or a park in a coal mine.
In the embodiment of the application, the topographic information of the coal mine office area can be obtained through the measurement information of the coal mine office area.
Further, in the embodiment of the present application, after the topographic information of the coal mine office area is obtained, an area topographic map (such as a plane or a 3D topographic map) of the coal mine office area may be generated according to the topographic information.
Step 1012, collecting equipment information and network resource information with network connection requirements in the coal mine office area, and displaying the equipment information and the network resource information in the area topographic map to obtain a network topological diagram of the coal mine office area.
In the embodiment of the application, equipment information and network resource information with network connection requirements in the coal mine office area can be acquired through input. In this embodiment of the present application, the network resource information may include intranet resource information and extranet resource information.
Specifically, in the embodiment of the present application, the existing network resources are divided into the external network resources and the internal network resources. In this embodiment of the present application, the external network resource may communicate with the public network, that is, an external user may access an external network website, and the internal network resource may establish communication with the external network resource, so that the internal network resource accesses the external network through the external network resource.
In the embodiment of the application, the network structure of the coal mine office area and the network information and the network connection relation corresponding to all the devices can be obtained through the network topology diagram of the coal mine office area. For example, devices such as a firewall and an encryption gateway are arranged between the intranet resource and the extranet resource so as to ensure the network security of the intranet resource and the extranet resource.
Step 102, determining corresponding network use rights according to the personnel information and the equipment information.
In the embodiment of the application, after the personnel information and the equipment information are acquired, the corresponding network use permission can be determined according to the personnel information and the equipment information.
Specifically, in the embodiment of the present application, the method for determining the corresponding network usage right according to the personnel information and the equipment information may include the following steps:
step 1021, determining a corresponding network use level according to the personnel information;
in this embodiment of the present application, the method for determining the corresponding network usage time limit level according to the personnel information may include: the departments and the roles of the personnel initiating the network access request message can be determined according to the personnel information, and the corresponding network use level is determined according to the departments and the roles corresponding to the personnel. The network usage level may be a security level of network usage.
Step 1022, determining corresponding network resource information according to the device information;
in this embodiment of the present application, the method for determining corresponding network resource information according to the device information may include: and determining corresponding network resource information according to the equipment type and the function in the equipment information. For example, assuming that the device information is a fort machine and the function is to record and control the intranet operation, determining that the network resource information corresponding to the device is intranet resource information.
Step 1023, determining the corresponding network use permission based on the network use level and the network resource information.
In this embodiment of the present application, after obtaining the network usage level and the network resource information, the network usage level and the network resource information may be determined as corresponding network usage rights.
Step 103, according to the network use permission, configuring the network resource matched with the network use permission.
In this embodiment of the present application, the method for configuring, according to the network usage rights, the network resource matching the network usage rights may include the following steps:
step 1031, according to the network use authority, determining a network port and a network IP address matched with the network use authority;
in this embodiment of the present application, the network IP address corresponds to the network use permission, that is, when the network use permission is intranet resource information, the corresponding network IP address is an intranet IP address; when the network use authority is the external network resource information, the corresponding network IP address is the external network IP address.
Step 1032, adding the network port and the network IP address to the network management device to allow the network port and the network IP address to access the network.
In the embodiment of the application, the network port and the network IP address can be added into the network management device (such as a firewall) so as to allow the network port and the network IP address to access the network.
In an embodiment of the present application, the method may further include: and collecting and storing the network usage records corresponding to the device information. Specifically, in the embodiment of the present application, the network usage record (traffic or log) corresponding to the device information may be collected (e.g., grabbed), and the collected network usage record may be stored (e.g., for more than half a year).
In the intelligent coal mine office network security management method, a network access request message is acquired, wherein the network access request message comprises personnel information and equipment information of a network access request; determining corresponding network use rights according to the personnel information and the equipment information; and configuring network resources matched with the network use permission according to the network use permission. Therefore, the method can automatically determine the corresponding network use permission according to the personnel information and the equipment information in the network request message, and configure the network resource matched with the network use permission, so that the accessed equipment information can be recorded, the equipment accessed to the coal mine office network is ensured to be the equipment which needs to be accessed, the network permission of the equipment is controlled, and the threat of the equipment accessed to the network to the safety of the coal mine office network is avoided.
Fig. 2 is a schematic structural diagram of an intelligent coal mine office network security management system according to another embodiment of the present disclosure, as shown in fig. 2, the system includes:
an obtaining module 201, configured to obtain a network access request message, where the network access request message includes personnel information and equipment information of a network access request;
a determining module 202, configured to determine a corresponding network usage right according to the personnel information and the equipment information;
and the configuration module 203 is configured to configure network resources matched with the network usage rights according to the network usage rights.
In this embodiment of the present application, the intelligent coal mine office network security management system may further include a network access device and a core switch server, where the network core switch may include an intranet (private network) switch and an external network switch connected to a public network, where the external network switch may be connected to the intranet switch in a communication manner, protection devices such as a firewall and an encryption gateway are disposed between the external network switch and the intranet switch, and the network access device is connected to the central server.
In addition, in the embodiment of the present application, the intelligent coal mine office network security management system may further include a visible light security communication gateway.
Optionally, in an embodiment of the present application, the above system is further configured to:
acquiring topographic information of a coal mine office area, and generating an area topographic map of the coal mine office area according to the topographic information;
and acquiring equipment information and network resource information with network connection requirements in the coal mine office area, and displaying the equipment information and the network resource information in the area topographic map to obtain a network topological map of the coal mine office area.
Optionally, in the embodiment of the present application, the determining module 202 is specifically configured to:
determining a corresponding network use level according to the personnel information;
determining corresponding network resource information according to the equipment information;
and determining the corresponding network use permission based on the network use time limit level and the network resource information.
Optionally, in the embodiment of the present application, the network resource information includes intranet resource information and extranet resource information.
Optionally, in the embodiment of the present application, the configuration module 203 is specifically configured to:
according to the network use authority, determining a network port and a network IP address matched with the network use authority;
the network port and the network IP address are added to the network management device to allow the network port and the network IP address to access the network.
Optionally, in an embodiment of the present application, the above system is further configured to:
and collecting and storing the network usage records corresponding to the device information.
In the intelligent coal mine office network security management system, a network access request message is acquired, wherein the network access request message comprises personnel information and equipment information of a network access request; determining corresponding network use rights according to the personnel information and the equipment information; and configuring network resources matched with the network use permission according to the network use permission. Therefore, the method can automatically determine the corresponding network use permission according to the personnel information and the equipment information in the network request message, and configure the network resource matched with the network use permission, so that the accessed equipment information can be recorded, the equipment accessed to the coal mine office network is ensured to be the equipment which needs to be accessed, the network permission of the equipment is controlled, and the threat of the equipment accessed to the network to the safety of the coal mine office network is avoided.
In order to implement the above-described embodiments, the present disclosure also proposes a computer storage medium.
The computer storage medium provided by the embodiment of the disclosure stores an executable program; the executable program, when executed by a processor, is capable of implementing the method as shown in any of fig. 1.
In order to implement the above-mentioned embodiments, the present disclosure also proposes a computer device.
The embodiment of the disclosure provides a computer device comprising a memory, a processor and a computer program stored on the memory and capable of running on the processor; the processor, when executing the program, is capable of implementing the method as shown in any one of fig. 1.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and additional implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the embodiments of the present application.
Although embodiments of the present application have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the application, and that variations, modifications, alternatives, and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the application.

Claims (10)

1. An intelligent coal mine office network safety management method is characterized by comprising the following steps:
acquiring a network access request message, wherein the network access request message comprises personnel information and equipment information of a network access request;
determining corresponding network use rights according to the personnel information and the equipment information;
and configuring network resources matched with the network use permission according to the network use permission.
2. The method of claim 1, wherein prior to the obtaining the network access request message, comprising:
acquiring topographic information of a coal mine office area, and generating an area topographic map of the coal mine office area according to the topographic information;
and acquiring equipment information and network resource information with network connection requirements in the coal mine office area, and displaying the equipment information and the network resource information in an area topographic map to obtain a network topological map of the coal mine office area.
3. The method of claim 1, wherein the determining the corresponding network usage rights based on the personnel information and the device information comprises:
determining a corresponding network use level according to the personnel information;
determining corresponding network resource information according to the equipment information;
and determining corresponding network use permission based on the network use time limit level and the network resource information.
4. A method according to any of claims 2-3, wherein the network resource information comprises intranet resource information and extranet resource information.
5. The method of claim 1, wherein configuring network resources matching the network usage rights according to the network usage rights comprises:
according to the network use permission, determining a network port and a network IP address matched with the network use permission;
the network port and the network IP address are added in the network management equipment so as to allow the network port and the network IP address to access the network.
6. The method of claim 1, wherein the method further comprises:
and collecting and storing the network usage record corresponding to the equipment information.
7. An intelligent coal mine office network security management system, comprising:
the acquisition module is used for acquiring a network access request message, wherein the network access request message comprises personnel information and equipment information of a network access request;
the determining module is used for determining corresponding network use permission according to the personnel information and the equipment information;
and the configuration module is used for configuring network resources matched with the network use permission according to the network use permission.
8. The system of claim 7, wherein the system is further configured to:
acquiring topographic information of a coal mine office area, and generating an area topographic map of the coal mine office area according to the topographic information;
and acquiring equipment information and network resource information with network connection requirements in the coal mine office area, and displaying the equipment information and the network resource information in an area topographic map to obtain a network topological map of the coal mine office area.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any of claims 1-6 when the program is executed.
10. A computer storage medium, wherein the computer storage medium stores computer-executable instructions; the computer-executable instructions, when executed by a processor, are capable of implementing the method of any of claims 1-6.
CN202310331723.9A 2023-03-30 2023-03-30 Intelligent coal mine office network safety management method and system Pending CN116436657A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310331723.9A CN116436657A (en) 2023-03-30 2023-03-30 Intelligent coal mine office network safety management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310331723.9A CN116436657A (en) 2023-03-30 2023-03-30 Intelligent coal mine office network safety management method and system

Publications (1)

Publication Number Publication Date
CN116436657A true CN116436657A (en) 2023-07-14

Family

ID=87086624

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310331723.9A Pending CN116436657A (en) 2023-03-30 2023-03-30 Intelligent coal mine office network safety management method and system

Country Status (1)

Country Link
CN (1) CN116436657A (en)

Similar Documents

Publication Publication Date Title
CN113596184B (en) Hybrid cloud system, gatekeeper, network access method and storage medium
CN105684391B (en) Access control rule based on label automatically generates
CN108134764B (en) Distributed data sharing and exchanging method and system
CN101901315B (en) Security isolation and monitoring management method of USB mobile storage media
US8813225B1 (en) Provider-arbitrated mandatory access control policies in cloud computing environments
CN110858833B (en) Access control policy configuration method, device and system and storage medium
US11122411B2 (en) Distributed, crowdsourced internet of things (IoT) discovery and identification using block chain
CN105095103B (en) For the storage device management method and apparatus under cloud environment
US10089371B2 (en) Extensible extract, transform and load (ETL) framework
CN111800408B (en) Policy configuration device, security policy configuration method of terminal, and readable storage medium
WO2019128299A1 (en) Test system and test method
KR20190130933A (en) Method and apparatus for constructing data based blockchain
CN111147527A (en) Internet of things system and equipment authentication method, device, equipment and medium thereof
CN111310230B (en) Spatial data processing method, device, equipment and medium
CN112765663A (en) File access control method, device, equipment, server and storage medium
CN105183799B (en) Authority management method and client
CN112751704B (en) Method, device and equipment for checking connectivity of heterogeneous network in network target range
KR102142045B1 (en) A server auditing system in a multi cloud environment
CN116436657A (en) Intelligent coal mine office network safety management method and system
CN115604103A (en) Configuration method and device of cloud computing system, storage medium and electronic equipment
CN114257438B (en) Electric power monitoring system management method and device based on honeypot and computer equipment
CN116095642A (en) Power wireless network data management system
CN114880717A (en) Data archiving method and device
Cisco Monitoring Routers
CN106130969A (en) The method of controlling security of a kind of system for cloud computing and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination