CN118157885A - Remote access processing method, device, equipment and storage medium - Google Patents
Remote access processing method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN118157885A CN118157885A CN202211559575.8A CN202211559575A CN118157885A CN 118157885 A CN118157885 A CN 118157885A CN 202211559575 A CN202211559575 A CN 202211559575A CN 118157885 A CN118157885 A CN 118157885A
- Authority
- CN
- China
- Prior art keywords
- remote access
- port
- service
- access
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 42
- 238000001914 filtration Methods 0.000 claims abstract description 50
- 230000004044 response Effects 0.000 claims description 100
- 238000012545 processing Methods 0.000 claims description 48
- 238000000034 method Methods 0.000 claims description 25
- 230000008569 process Effects 0.000 claims description 14
- 230000035515 penetration Effects 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 5
- 125000004122 cyclic group Chemical group 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004353 relayed correlation spectroscopy Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application belongs to the technical field of information security, and discloses a remote access processing method, a device, equipment and a storage medium. When the remote access message is intercepted, the access protocol type and the target server corresponding to the remote access message are acquired; replacing sensitive data in the remote access message by a sensitive filtering strategy corresponding to the access protocol type to obtain a secure access message; the secure access message is forwarded to the target server. Because the remote access information is intercepted, and after the interception, the sensitive information is filtered by adopting different strategies according to the access protocol type corresponding to the remote access information, the front interception of the remote service access is realized, the filtration of malicious attacks and dangerous operations is ensured, and the effective protection of domain penetration attacks is realized.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a remote access processing method, apparatus, device, and storage medium.
Background
In the enterprise network informatization construction, most enterprises select AD (Active Directory) domains as a scheme for unified management of users and hosts due to huge internal assets and user quantity, however, due to imperfect protection systems, attackers often attack the internal core equipment of the enterprises through attack domain control to acquire confidential data of the enterprises.
Domain penetration is represented by RPC (Remote Procedure Call) remote right-raising and NTML RELAY attack modes, and inspection of ISP (INTERNET SERVICE Provider) firewalls and exit gateway firewalls is not needed, while most enterprises tend to have relatively weak protection in the internal domain environment, and the traditional security protection systems (such as firewalls and IDS (intrusion detection system)) are insufficient to resist the current domain penetration threat, so that the protection effect on the attack means is not ideal.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present invention and is not intended to represent an admission that the foregoing is prior art.
Disclosure of Invention
The invention mainly aims to provide a remote access processing method, a device, equipment and a storage medium, and aims to solve the technical problem that the protection effect on domain penetration attack based on remote access is not ideal in the prior art.
In order to achieve the above object, the present invention provides a remote access processing method, the method comprising the steps of:
when a remote access message is intercepted, an access protocol type corresponding to the remote access message and a target server are acquired;
Replacing sensitive data in the remote access message through a sensitive filtering strategy corresponding to the access protocol type to obtain a secure access message;
Forwarding the secure access message to the target server.
Optionally, the step of replacing the sensitive data in the remote access message by the sensitive filtering policy corresponding to the access protocol type to obtain a secure access message includes:
If the access protocol type is a request response type, detecting whether the remote access message is service query information;
if the remote access message is not service inquiry information, extracting an access service identifier and a request access port from the remote access message;
Acquiring a port replacement rule corresponding to the access service identifier;
Determining a real service port according to the request access port and the port replacement rule;
And replacing the request access port in the remote access message with the real service port to obtain a secure access message.
Optionally, if the access protocol type is a request response type, the step of detecting whether the remote access message is service query information includes:
if the access protocol type is a request response type, extracting a request access port from the remote access message;
and if the service query port is consistent with the request access port, judging that the remote access message is service query information.
Optionally, after the step of detecting whether the remote access message is service query information if the access protocol type is a request response type, the method further includes:
If the remote access message is service query information, forwarding the remote access message to the target server, and acquiring a service query response fed back by the target server according to the remote access message;
port replacement is carried out on the service inquiry response, and replacement response information is obtained;
and sending the replacement response information to a message sending end corresponding to the remote access message.
Optionally, the step of performing port replacement on the service query response to obtain replacement response information includes:
extracting service identification information and a real service port from the service inquiry response;
Detecting whether a port replacement rule corresponding to the service identification information exists or not;
If the port replacement rule corresponding to the service identification information exists, determining a service pair external port according to the port replacement rule and the real service port;
and replacing the real service port in the service inquiry response with the service external port to obtain replacement response information.
Optionally, the step of detecting whether the port replacement rule corresponding to the service identification information exists includes:
searching a port replacement rule corresponding to the service identification information in a preset replacement rule library;
If the port replacement rule corresponding to the service identification information can be found, judging that the port replacement rule corresponding to the service identification information exists.
Optionally, the step of replacing the sensitive data in the remote access message by the sensitive filtering policy corresponding to the access protocol type to obtain a secure access message includes:
if the access protocol type is a pipeline connection type, detecting whether an instruction contained in the remote access message is a pipeline starting instruction or not;
If the command is a pipeline starting command, detecting whether an access target corresponding to the remote access message is a sensitive target or not;
And if the access target is a sensitive target, performing pipeline name replacement on the remote access message to obtain a secure access message.
Optionally, the step of detecting whether the instruction included in the remote access message is a pipe start instruction includes:
Extracting remote access parameters from the remote access message;
and if the remote access parameter is the type of the starting object, judging that the instruction contained in the remote access message is a pipeline starting instruction.
Optionally, if the access target is a sensitive target, performing pipe name replacement on the remote access message to obtain a secure access message, including:
if the access target is a sensitive target, searching a pipeline replacement rule corresponding to the target server;
matching the access target with the pipeline replacement rule to obtain a pipeline to be replaced;
and replacing the pipeline name of the remote access message according to the pipeline to be replaced to obtain a secure access message.
Optionally, if the access protocol type is a pipe connection type, the step of detecting whether the instruction included in the remote access message is a pipe start instruction includes:
if the access protocol type is a pipeline connection type, acquiring a sender IP corresponding to the remote access message;
detecting whether the sender IP is present in an access blacklist;
And if the command does not exist in the access blacklist, detecting whether the command contained in the remote access message is a pipeline starting command.
Optionally, if the access target is a sensitive target, performing pipe name replacement on the remote access message, and after the step of obtaining the secure access message, further includes:
acquiring historical pipeline replacement times corresponding to the sender IP;
Adding one to the historical pipeline replacement times to obtain the current replacement times;
And if the current replacement times are larger than a preset replacement threshold, adding the sender IP into the access blacklist.
In addition, to achieve the above object, the present invention also proposes a remote access processing apparatus, including:
The message interception module is used for acquiring an access protocol type and a target server corresponding to the remote access message when the remote access message is intercepted;
The sensitive filtering module is used for replacing sensitive data in the remote access message through a sensitive filtering strategy corresponding to the access protocol type to obtain a secure access message;
and the message forwarding module is used for forwarding the security access message to the target server.
Optionally, the sensitive filtering module is further configured to detect whether the remote access message is service query information if the access protocol type is a request response type; if the remote access message is not service inquiry information, extracting an access service identifier and a request access port from the remote access message; acquiring a port replacement rule corresponding to the access service identifier; determining a real service port according to the request access port and the port replacement rule; and replacing the request access port in the remote access message with the real service port to obtain a secure access message.
Optionally, the sensitive filtering module is further configured to extract a request access port from the remote access message if the access protocol type is a request response type; acquiring a service query port corresponding to the target server; and if the service query port is consistent with the request access port, judging that the remote access message is service query information.
Optionally, the sensitive filtering module is further configured to forward the remote access message to the target server if the remote access message is service query information, and obtain a service query response fed back by the target server according to the remote access message; port replacement is carried out on the service inquiry response, and replacement response information is obtained; and sending the replacement response information to a message sending end corresponding to the remote access message.
Optionally, the sensitive filtering module is further configured to extract service identification information and a real service port from the service query response; detecting whether a port replacement rule corresponding to the service identification information exists or not; if the port replacement rule corresponding to the service identification information exists, determining a service pair external port according to the port replacement rule and the real service port; replacing a real service port in the service inquiry response with the service external port to obtain replacement response information; and sending the replacement response information to a message sending end of the remote access message.
Optionally, the sensitive filtering module is further configured to search a preset replacement rule base for a port replacement rule corresponding to the service identification information; if the port replacement rule corresponding to the service identification information can be found, judging that the port replacement rule corresponding to the service identification information exists.
Optionally, the sensitive filtering module is further configured to detect whether an instruction included in the remote access message is a pipe start instruction if the access protocol type is a pipe connection type; if the command is a pipeline starting command, detecting whether an access target corresponding to the remote access message is a sensitive target or not; and if the access target is a sensitive target, performing pipeline name replacement on the remote access message to obtain a secure access message.
In addition, in order to achieve the above object, the present invention also proposes a remote access processing apparatus including: a processor, a memory and a remote access process program stored on the memory and executable on the processor, which when executed implements the steps of the remote access process method as described above.
In addition, in order to achieve the above object, the present invention also proposes a computer-readable storage medium having stored thereon a remote access processing program which, when executed, implements the steps of the remote access processing method as described above.
When the remote access message is intercepted, the access protocol type and the target server corresponding to the remote access message are acquired; replacing sensitive data in the remote access message by a sensitive filtering strategy corresponding to the access protocol type to obtain a secure access message; the secure access message is forwarded to the target server. Because the remote access information is intercepted, and after the interception, the sensitive information is filtered by adopting different strategies according to the access protocol type corresponding to the remote access information, the front interception of the remote service access is realized, the filtration of malicious attacks and dangerous operations is ensured, and the effective protection of domain penetration attacks is realized.
Drawings
FIG. 1 is a schematic diagram of an electronic device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart of a remote access processing method according to a first embodiment of the present invention;
FIG. 3 is a flowchart of a remote access processing method according to a second embodiment of the present invention;
FIG. 4 is a schematic diagram of a port replacement flow chart according to an embodiment of the invention;
FIG. 5 is a flowchart of a remote access processing method according to a third embodiment of the present invention;
FIG. 6 is a schematic diagram of a pipe name replacement according to an embodiment of the present invention;
FIG. 7 is a diagram illustrating remote server access according to an embodiment of the present invention;
Fig. 8 is a block diagram showing the construction of a first embodiment of a remote access processing apparatus according to the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a remote access processing device of a hardware running environment according to an embodiment of the present invention.
As shown in fig. 1, the electronic device may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., a wireless FIdelity (WI-FI) interface). The Memory 1005 may be a high-speed random access Memory (Random Access Memory, RAM) or a stable nonvolatile Memory (NVM), such as a disk Memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
Those skilled in the art will appreciate that the structure shown in fig. 1 is not limiting of the electronic device and may include more or fewer components than shown, or may combine certain components, or may be arranged in different components.
As shown in fig. 1, an operating system, a network communication module, a user interface module, and a remote access processing program may be included in the memory 1005 as one type of storage medium.
In the electronic device shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the electronic device of the present invention may be disposed in a remote access processing device, where the electronic device invokes a remote access processing program stored in the memory 1005 through the processor 1001 and executes the remote access processing method provided by the embodiment of the present invention.
An embodiment of the present invention provides a remote access processing method, and referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of the remote access processing method of the present invention.
In this embodiment, the remote access processing method includes the following steps:
Step S10: when a remote access message is intercepted, an access protocol type and a target server corresponding to the remote access message are acquired.
The execution body of the present embodiment may be the remote access processing device, and the remote access processing device may be an electronic device such as a personal computer or a server, or may be any other electronic device capable of implementing the same or similar functions, which is not limited in this embodiment, and in the present embodiment and the following embodiments, the remote access processing method of the present invention is described by taking the remote access processing device as an example.
It should be noted that the server may be a server for unified management of remote servers, which may be mainly used as a registry of remote services, and is mainly used for providing a query function of remote services (for example, querying service name, access address, access port and other related information of remote services of a certain remote service) for a user, and forwarding a message to a corresponding remote server, where the remote access processing device may be the server itself or a proxy server capable of intercepting a message received/sent by the server.
In a specific implementation, the remote access message may be a message sent to the server by the user terminal when the user terminal needs to use the remote service. The target server may be a server that the user terminal actually accesses, and may be determined by attribution of a service that the remote access message needs to access, for example: when a user side sends a remote access message to inquire information of a remote service, the inquiry service is provided by a server side, and the target server is the server side; when a specific remote service is accessed, the remote server providing the remote service is the target server.
In a specific implementation, the access protocol types may be classified into two types, namely, a request response type and a pipe connection type, for example: taking windows system as an example, its remote access protocol can be divided into: ncacn _ip_tcp and ncacn _np, wherein ncacn _ip_tcp is a request response type and ncacn _np is a pipe connection type.
In actual use, the access protocol type corresponding to the remote access message can be determined by intercepting the remote access message, and remote access messages transmitted by different access protocol types can be intercepted by different modes;
For example: for a remote access message transmitted by a request response type, the remote access processing device can intercept a request received by a user and detect whether a protocol type in the intercepted request is a remote access protocol; for remote access messages transmitted by pipe connection types, the remote access processing device may intercept by mounting a named pipe file system (NAMED PIPE FILE SYSTEM, NPFS).
Step S20: and replacing the sensitive data in the remote access message by a sensitive filtering strategy corresponding to the access protocol type to obtain the secure access message.
It can be understood that the formats of the remote access messages transmitted for different access protocol types are different, on the basis that the types of the sensitive data contained therein may be different, and the positions of the sensitive data may be different, and when the sensitive data are replaced, the required modes are different, so that the corresponding sensitive filtering strategies can be searched according to the access protocol types, and then the sensitive data in the remote access messages are replaced according to the sensitive filtering strategies, thereby obtaining the secure access messages.
Step S30: forwarding the secure access message to the target server.
It will be appreciated that after the sensitive data is replaced, the remote access message may be secured, and thus the secure access message may be forwarded directly to the target server for specific processing by the target server.
In practical use, when the secure access message is forwarded to the target server, different message forwarding modes (such as a pipeline or an ALPC mode) can be selected according to different access protocol types to forward the secure access message to the target server, and the service in the target server is invoked for processing.
In a specific implementation, after the secure access message is forwarded to the target server for processing, if the target server also feeds back the corresponding data, the remote access processing device can intercept the data fed back by the target server for further processing, and feed back the data to the user side after the processing is completed.
According to the embodiment, when the remote access message is intercepted, the access protocol type and the target server corresponding to the remote access message are acquired; replacing sensitive data in the remote access message by a sensitive filtering strategy corresponding to the access protocol type to obtain a secure access message; the secure access message is forwarded to the target server. Because the remote access information is intercepted, and after the interception, the sensitive information is filtered by adopting different strategies according to the access protocol type corresponding to the remote access information, the front interception of the remote service access is realized, the filtration of malicious attacks and dangerous operations is ensured, and the effective protection of domain penetration attacks is realized.
Referring to fig. 3, fig. 3 is a flowchart of a second embodiment of a remote access processing method according to the present invention.
Based on the above-mentioned first embodiment, the step S20 of the remote access processing method of the present embodiment includes:
Step S201: and if the access protocol type is a request response type, detecting whether the remote access message is service inquiry information.
It should be noted that, if the access protocol type is a request response type, it means that the user side invokes the remote service through the request-response type, and the access port of the remote service is generally uniformly allocated and managed by the server side for the remote service registered in the server side.
In a specific implementation, in order to accurately determine whether the remote access message is service query information, step S201 in this embodiment may include:
if the access protocol type is a request response type, extracting a request access port from the remote access message;
and if the service query port is consistent with the request access port, judging that the remote access message is service query information.
It should be noted that, the server may designate a fixed port in advance as a service query port, and provide a port number query function of the remote service through the fixed port, so as to facilitate the remote caller to query a specific port number of the remote service.
Further, since data is transmitted between the user terminal and the server terminal in a request and response manner in the process of querying the service port, the data may be intercepted by a malicious attacker, thereby obtaining a specific access port of the remote service to attack, and in order to ensure security, a part of important ports of the remote service may be replaced, and after step S201, the method may further include:
If the remote access message is service query information, forwarding the remote access message to the target server, and acquiring a service query response fed back by the target server according to the remote access message;
port replacement is carried out on the service inquiry response, and replacement response information is obtained;
and sending the replacement response information to a message sending end corresponding to the remote access message.
It should be noted that, if the remote access message is service query information, this indicates that the user side needs to query a service access port of the remote service, so that the remote access message may be forwarded to the target server (where the target server is a service side), then the target server may extract service identification information from the remote access message, then find corresponding information according to the service identification information, and encapsulate the service query response, and then, in order to ensure that the real port is not revealed, the remote access processing device may intercept the service query response, then replace the port, replace the service access port of the remote service included therein with another controllable port number, and after the replacement, send replacement response information to the message sending end (i.e. the user side) corresponding to the remote access message.
In actual use, the real service port in the service inquiry response is replaced by the service external port, and the replacement response information can be obtained by replacing the real service port in the service inquiry response by the service external port, and taking the replaced service inquiry response as the replacement response information.
In a specific implementation, in order to ensure that the replaced port can be restored normally and ensure that the subsequent user terminal can access the remote service normally, the step of replacing the port for the service query response to obtain the replacement response information in this embodiment may include:
extracting service identification information and a real service port from the service inquiry response;
Detecting whether a port replacement rule corresponding to the service identification information exists or not;
If the port replacement rule corresponding to the service identification information exists, determining a service pair external port according to the port replacement rule and the real service port;
and replacing the real service port in the service inquiry response with the service external port to obtain replacement response information.
It should be noted that, the service identification information may be a unique identification of the remote service queried by the user side, and the real service port may be a real port for accessing the remote service queried by the user. If a port replacement rule corresponding to the service identification information exists, the remote service corresponding to the service identification information is important, and the port replacement is needed.
In a specific implementation, determining the service-to-external port according to the port replacement rule and the real service port may be determining a mapping relationship between the real service port and the external service port, and searching the service-to-external port corresponding to the real service port in the mapping relationship.
Further, since the remote access processing device may be used as a proxy server to simultaneously manage a plurality of different servers, the different servers may have different replacement rules for different users, so as to avoid misjudgment
The step of detecting whether the port replacement rule corresponding to the service identification information exists in this embodiment includes:
searching a port replacement rule corresponding to the service identification information in a preset replacement rule library;
If the port replacement rule corresponding to the service identification information can be found, judging that the port replacement rule corresponding to the service identification information exists.
It should be noted that the preset replacement rule base may be a database storing port replacement rules corresponding to different service identification information. If the port replacement rule corresponding to the service identification information can be found in the preset replacement rule base, the manager of the remote access processing equipment is indicated to have set the corresponding port replacement rule for the manager and stores the corresponding port replacement rule into the preset replacement rule base, so that the existence of the port replacement rule corresponding to the service identification information can be judged.
For easy understanding, referring to fig. 4, but without limiting the present solution, fig. 4 is a schematic port replacement flow chart of this embodiment, as shown in fig. 4, if a client (i.e. a user side) needs to query a port number (i.e. a service access port) of a remote service, a request is generated according to service identification information (Target UUID) of the remote service and sent to a server, an EPM module in the server responds to the request, searches a corresponding entry in a service list of the server, if the request is found successfully, a service query response in Towwer form is generated according to the entry and is tried to be fed back to the client, at this time, a EPM FILTER module in a remote access processing device intercepts the service query response in Towwer form, extracts service identification information from the service query response, searches a corresponding port replacement rule according to the service identification information, modifies and replaces the port number in the service query response according to the port replacement rule, and sends replacement response information obtained by replacement to a message sending end (i.e. the user end sending the remote access message) after the replacement is completed.
Step S202: and if the remote access message is not the service inquiry information, extracting an access service identifier and a request access port from the remote access message.
It should be noted that, if the remote access message is not service query information, it indicates that the user side is accessing a specific remote service at this time, but because the access port of the obtained remote service is replaced when the user side queries the remote service, if the remote service cannot be normally accessed in real time without processing, the access service identifier and the request access port can be extracted from the remote access message at this time so as to restore the real service access port. The access service identifier may be service identifier information of a remote service that the remote access message needs to access, and the request access port may be a service access port included in the remote access information needs.
Step S203: and acquiring a port replacement rule corresponding to the access service identifier.
It should be noted that, the obtaining the port replacement rule corresponding to the access service identifier may be searching for the port replacement rule corresponding to the access service identifier in a preset replacement rule base.
It can be understood that if the port replacement rule corresponding to the access service identifier is not found, it indicates that the remote service to be accessed at this time is not an important remote service, and when the service access port is sent to the user side, the replacement is not performed, and at this time, the subsequent step may not be performed any more, and instead, the remote access message is directly used as the security access message.
Step S204: and determining a real service port according to the request access port and the port replacement rule.
It should be noted that, the mapping relationship between the real service port and the external service port is extracted from the port replacement rule, and the request access port is used as the service external port to search the corresponding real service port.
Step S205: and replacing the request access port in the remote access message with the real service port to obtain a secure access message.
In actual use, the request access port in the remote access message is replaced with the real service port, and the secure access message may be obtained by replacing the request access port contained in the remote access message with the real service port, and using the replaced remote access message as the secure access message.
In this embodiment, if the access protocol type is a request response type, whether the remote access message is service query information is detected; if the remote access message is not service inquiry information, extracting an access service identifier and a request access port from the remote access message; acquiring a port replacement rule corresponding to the access service identifier; determining a real service port according to the request access port and the port replacement rule; and replacing the request access port in the remote access message with the real service port to obtain a secure access message. The real access port of the remote service is not exposed outside during access, but the external access port is exposed outside, so that a malicious attacker cannot acquire the real access port of the remote service, and the attack of the malicious attacker on the remote service is avoided.
Referring to fig. 5, fig. 5 is a flowchart of a third embodiment of a remote access processing method according to the present invention.
Based on the above-mentioned first embodiment, the step S20 of the remote access processing method of the present embodiment includes:
Step S201': and if the access protocol type is a pipeline connection type, detecting whether an instruction contained in the remote access message is a pipeline starting instruction.
It should be noted that, when the user end uses the pipe connection type protocol to transfer the message, the user end does not need to acquire a port, and can directly connect through the pipe, so as to call the remote service, and when a malicious attacker attacks through the pipe connection, the malicious attacker opens a certain pipe and tamper the pipe, so that the attack is realized, and when the access protocol type is the pipe connection type, whether the instruction contained in the remote access message is a pipe start instruction, namely, whether the instruction is an instruction for opening a certain pipe can be detected.
In a specific implementation, in order to accurately determine whether an instruction included in a remote access message is a pipeline start instruction, the step of detecting whether the instruction included in the remote access message is a pipeline start instruction in this embodiment may include:
Extracting remote access parameters from the remote access message;
and if the remote access parameter is the type of the starting object, judging that the instruction contained in the remote access message is a pipeline starting instruction.
It should be noted that, when a pipe is opened, the parameter input in the command will be an object, and the type of the object is the type of the start object, so that the remote access parameter can be extracted from the remote access message, and then it is determined whether the remote access parameter is the type of the start object, so as to determine whether the instruction contained in the remote access message is the pipe start instruction.
In a specific implementation, determining whether the remote access parameter is of the type of the start object may be attempting to convert the remote access parameter into a format corresponding to the type of the start object, and if the conversion may be successful, determining that the remote access parameter is of the type of the start object.
For example: taking remote invocation of windows system as an example, the parameter input in the pipeline start instruction is an irp_mj_create request object, so it can be determined whether the instruction included in the remote access message is the pipeline start instruction by detecting whether the remote access parameter is the irp_mj_create request object or not, if so, it is determined that the instruction included in the remote access message is the pipeline start instruction.
Further, in order to cope with the cyclic attack manner of the malicious attacker and avoid consuming too much device resources due to the cyclic attack, step S201' in this embodiment may include:
if the access protocol type is a pipeline connection type, acquiring a sender IP corresponding to the remote access message;
detecting whether the sender IP is present in an access blacklist;
And if the command does not exist in the access blacklist, detecting whether the command contained in the remote access message is a pipeline starting command.
It should be noted that the sender IP may be an IP address of a device that transmits the remote access message. The sender IP corresponding to the remote access message may be obtained by extracting the sender IP from the remote access message, or by performing IP tracing to obtain the sender IP of the remote access message. The access blacklist may be a data table storing IP addresses of malicious attackers.
It will be appreciated that if the sender IP is not present in the access blacklist, this indicates that the sender of the remote access message has not been identified as a malicious attacker, and therefore, the subsequent steps may continue. If the sender IP exists in the access blacklist, it indicates that the sender of the remote access message has been identified as a malicious attacker, and at this time, the remote access message may be directly cleared without further processing, so as to avoid wasting excessive device resources for the remote access message.
Step S202': if the command is a pipeline starting command, detecting whether the access target corresponding to the remote access message is a sensitive target or not.
It can be understood that if the instruction included in the remote access message is a pipeline start instruction, further detection is needed at this time to determine whether the remote access message is initiated when a malicious attacker attacks the remote access message, so that an access target corresponding to the remote access message can be obtained, and then whether the access target is a sensitive target is determined.
In a specific implementation, detecting whether an access target corresponding to the remote access message is a sensitive target may be extracting a pipe name of a pipe accessed by the remote access message from the remote access message, detecting whether the pipe name is in a preset sensitive pipe list, if so, determining whether the access target corresponding to the remote access message is the sensitive target, wherein the preset sensitive pipe list includes a name of a sensitive pipe, and the preset sensitive pipe list may be set by a manager of the remote access processing device.
Step S203': and if the access target is a sensitive target, performing pipeline name replacement on the remote access message to obtain a secure access message.
It can be understood that if the access target is a sensitive target, it means that the remote access message is most likely to be initiated by a malicious attacker and is continued to be accessed, and the remote server may be attacked, so that the remote access message may be replaced by a pipe name, the replaced remote access message is used as a secure access message, and the accessed pipe is transferred to a preset secure pipe, so as to ensure that the remote server is not attacked.
Further, in order to discover the malicious attacker in time, to avoid consuming too much equipment resources due to the cyclic attack of the malicious attacker, after step S203' in this embodiment, the method may further include:
acquiring historical pipeline replacement times corresponding to the sender IP;
Adding one to the historical pipeline replacement times to obtain the current replacement times;
And if the current replacement times are larger than a preset replacement threshold, adding the sender IP into the access blacklist.
The historical pipe replacement number may be the number of pipe name replacements performed on the remote access message sent by the sender IP. The preset replacement threshold may be preset by a manager of the remote access processing device according to actual needs, for example: the preset replacement threshold is set to 5.
It will be appreciated that if the current number of substitutions is greater than the preset substitution threshold, this indicates that the sender IP has attempted to open a sensitive pipe multiple times, and therefore the sender may be determined to be a malicious attacker, and therefore the sender may be added to the access blacklist.
For easy understanding, referring to fig. 6, but without limiting the scheme, fig. 6 is a pipe name replacement schematic diagram of the present embodiment, as shown in fig. 6, a remote access processing device intercepts a remote access message (i.e. an IPR request) with a pipe connection type by mounting NPFS devices in advance, then extracts a remote access parameter therein, detects whether the remote access parameter is an irp_mj_create request object, and if not, directly sends the remote access parameter to NPFS for pipe connection; if yes, extracting the pipeline name from the list, changing the pipeline name when the pipeline name is judged to be in a preset sensitive pipeline list (namely EaLength > 0), and sending the modified remote access message to NPFS for pipeline connection after the change is completed.
For ease of understanding, the present disclosure will be described with reference to fig. 7, but this is not limited to this embodiment, and fig. 7 is a schematic view of remote server access in this embodiment, where, as shown in fig. 7, the remote access processing device includes at least three modules, EPM FILTER, PIPE FILTER, and RPC Proxy, and when the client makes an RPC call, the client sends a remote access message to the server, the server sends the remote access message to the remote access processing device, and the remote access processing device selects a corresponding module according to the access protocol type to process, and after the processing is completed, sends the message to the RPC Proxy module, and the RPC Proxy module forwards the message to the real remote server (RPC SERVER).
In this embodiment, if the access protocol type is a pipe connection type, it is detected whether an instruction included in the remote access message is a pipe start instruction; if the command is a pipeline starting command, detecting whether an access target corresponding to the remote access message is a sensitive target or not; and if the access target is a sensitive target, performing pipeline name replacement on the remote access message to obtain a secure access message. Because the instruction in the pipeline connection process is identified, when a remote visitor tries to open a sensitive target through a pipeline, the remote visitor replaces the pipeline name, so that dangerous operation is filtered, the safety in the remote access process is improved, and the effective protection against domain penetration attack is realized.
In addition, the embodiment of the invention also provides a storage medium, wherein the storage medium stores a remote access processing program, and the remote access processing program realizes the steps of the remote access processing method when being executed by a processor.
Referring to fig. 5, fig. 5 is a block diagram showing the structure of a first embodiment of a remote access processing apparatus according to the present invention.
As shown in fig. 5, a remote access processing apparatus according to an embodiment of the present invention includes:
The message interception module 10 is configured to obtain an access protocol type and a target server corresponding to a remote access message when the remote access message is intercepted;
the sensitive filtering module 20 is configured to replace sensitive data in the remote access message by a sensitive filtering policy corresponding to the access protocol type, so as to obtain a secure access message;
And a message forwarding module 30, configured to forward the secure access message to the target server.
According to the embodiment, when the remote access message is intercepted, the access protocol type and the target server corresponding to the remote access message are acquired; replacing sensitive data in the remote access message by a sensitive filtering strategy corresponding to the access protocol type to obtain a secure access message; the secure access message is forwarded to the target server. Because the remote access information is intercepted, and after the interception, the sensitive information is filtered by adopting different strategies according to the access protocol type corresponding to the remote access information, the front interception of the remote service access is realized, the filtration of malicious attacks and dangerous operations is ensured, and the effective protection of domain penetration attacks is realized.
Further, the sensitive filtering module 20 is further configured to detect whether the remote access message is service query information if the access protocol type is a request response type; if the remote access message is not service inquiry information, extracting an access service identifier and a request access port from the remote access message; acquiring a port replacement rule corresponding to the access service identifier; determining a real service port according to the request access port and the port replacement rule; and replacing the request access port in the remote access message with the real service port to obtain a secure access message.
Further, the sensitive filtering module 20 is further configured to extract a request access port from the remote access message if the access protocol type is a request response type; acquiring a service query port corresponding to the target server; and if the service query port is consistent with the request access port, judging that the remote access message is service query information.
Further, the sensitive filtering module 20 is further configured to forward the remote access message to the target server if the remote access message is service query information, and obtain a service query response fed back by the target server according to the remote access message; port replacement is carried out on the service inquiry response, and replacement response information is obtained; and sending the replacement response information to a message sending end corresponding to the remote access message.
Further, the sensitive filtering module 20 is further configured to extract service identification information and a real service port from the service query response; detecting whether a port replacement rule corresponding to the service identification information exists or not; if the port replacement rule corresponding to the service identification information exists, determining a service pair external port according to the port replacement rule and the real service port; replacing a real service port in the service inquiry response with the service external port to obtain replacement response information; and sending the replacement response information to a message sending end of the remote access message.
Further, the sensitive filtering module 20 is further configured to search a preset replacement rule base for a port replacement rule corresponding to the service identification information; if the port replacement rule corresponding to the service identification information can be found, judging that the port replacement rule corresponding to the service identification information exists.
Further, the sensitive filtering module 20 is further configured to detect whether an instruction included in the remote access message is a pipe start instruction if the access protocol type is a pipe connection type; if the command is a pipeline starting command, detecting whether an access target corresponding to the remote access message is a sensitive target or not; and if the access target is a sensitive target, performing pipeline name replacement on the remote access message to obtain a secure access message.
Further, the sensitive filtering module 20 is further configured to extract a remote access parameter from the remote access message; and if the remote access parameter is the type of the starting object, judging that the instruction contained in the remote access message is a pipeline starting instruction.
Further, the sensitive filtering module 20 is further configured to search a pipe replacement rule corresponding to the target server if the access target is a sensitive target; matching the access target with the pipeline replacement rule to obtain a pipeline to be replaced; and replacing the pipeline name of the remote access message according to the pipeline to be replaced to obtain a secure access message.
Further, the sensitive filtering module 20 is further configured to obtain a sender IP corresponding to the remote access message if the access protocol type is a pipe connection type; detecting whether the sender IP is present in an access blacklist; and if the command does not exist in the access blacklist, detecting whether the command contained in the remote access message is a pipeline starting command.
Further, the sensitive filtering module 20 is further configured to obtain a historical pipe replacement number corresponding to the sender IP; adding one to the historical pipeline replacement times to obtain the current replacement times; and if the current replacement times are larger than a preset replacement threshold, adding the sender IP into the access blacklist.
It should be understood that the foregoing is illustrative only and is not limiting, and that in specific applications, those skilled in the art may set the invention as desired, and the invention is not limited thereto.
It should be noted that the above-described working procedure is merely illustrative, and does not limit the scope of the present invention, and in practical application, a person skilled in the art may select part or all of them according to actual needs to achieve the purpose of the embodiment, which is not limited herein.
In addition, technical details that are not described in detail in this embodiment may refer to the remote access processing method provided in any embodiment of the present invention, which is not described herein.
Furthermore, it should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. Read Only Memory)/RAM, magnetic disk, optical disk) and including several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
The invention discloses A1, a remote access processing method, which comprises the following steps:
when a remote access message is intercepted, an access protocol type corresponding to the remote access message and a target server are acquired;
Replacing sensitive data in the remote access message through a sensitive filtering strategy corresponding to the access protocol type to obtain a secure access message;
Forwarding the secure access message to the target server.
A2, the remote access processing method according to A1, wherein the step of replacing the sensitive data in the remote access message by the sensitive filtering strategy corresponding to the access protocol type to obtain the secure access message comprises the following steps:
If the access protocol type is a request response type, detecting whether the remote access message is service query information;
if the remote access message is not service inquiry information, extracting an access service identifier and a request access port from the remote access message;
Acquiring a port replacement rule corresponding to the access service identifier;
Determining a real service port according to the request access port and the port replacement rule;
And replacing the request access port in the remote access message with the real service port to obtain a secure access message.
A3, the remote access processing method as described in A2, wherein the step of detecting whether the remote access message is service query information if the access protocol type is a request response type comprises:
if the access protocol type is a request response type, extracting a request access port from the remote access message;
and if the service query port is consistent with the request access port, judging that the remote access message is service query information.
A4, the remote access processing method according to A2, wherein after the step of detecting whether the remote access message is service query information if the access protocol type is a request response type, further comprises:
If the remote access message is service query information, forwarding the remote access message to the target server, and acquiring a service query response fed back by the target server according to the remote access message;
port replacement is carried out on the service inquiry response, and replacement response information is obtained;
and sending the replacement response information to a message sending end corresponding to the remote access message.
A5, the remote access processing method as described in A4, wherein the step of performing port replacement on the service query response to obtain replacement response information includes:
extracting service identification information and a real service port from the service inquiry response;
Detecting whether a port replacement rule corresponding to the service identification information exists or not;
If the port replacement rule corresponding to the service identification information exists, determining a service pair external port according to the port replacement rule and the real service port;
and replacing the real service port in the service inquiry response with the service external port to obtain replacement response information.
A6, the remote access processing method as described in A5, wherein the step of detecting whether the port replacement rule corresponding to the service identification information exists comprises the following steps:
searching a port replacement rule corresponding to the service identification information in a preset replacement rule library;
If the port replacement rule corresponding to the service identification information can be found, judging that the port replacement rule corresponding to the service identification information exists.
A7, the remote access processing method according to A1, wherein the step of replacing the sensitive data in the remote access message by the sensitive filtering strategy corresponding to the access protocol type to obtain the secure access message comprises the following steps:
if the access protocol type is a pipeline connection type, detecting whether an instruction contained in the remote access message is a pipeline starting instruction or not;
If the command is a pipeline starting command, detecting whether an access target corresponding to the remote access message is a sensitive target or not;
And if the access target is a sensitive target, performing pipeline name replacement on the remote access message to obtain a secure access message.
A8, the remote access processing method as described in A7, wherein the step of detecting whether the instruction contained in the remote access message is a pipe start instruction comprises:
Extracting remote access parameters from the remote access message;
and if the remote access parameter is the type of the starting object, judging that the instruction contained in the remote access message is a pipeline starting instruction.
A9, the remote access processing method as described in A7, wherein if the access target is a sensitive target, the step of performing pipeline name replacement on the remote access message to obtain a secure access message includes:
if the access target is a sensitive target, searching a pipeline replacement rule corresponding to the target server;
matching the access target with the pipeline replacement rule to obtain a pipeline to be replaced;
and replacing the pipeline name of the remote access message according to the pipeline to be replaced to obtain a secure access message.
A10, the remote access processing method as described in A7, wherein the step of detecting whether the instruction contained in the remote access message is a pipe start instruction if the access protocol type is a pipe connection type, comprises:
if the access protocol type is a pipeline connection type, acquiring a sender IP corresponding to the remote access message;
detecting whether the sender IP is present in an access blacklist;
And if the command does not exist in the access blacklist, detecting whether the command contained in the remote access message is a pipeline starting command.
A11, the remote access processing method as described in A10, wherein if the access target is a sensitive target, performing pipe name replacement on the remote access message, and after the step of obtaining the secure access message, further comprises:
acquiring historical pipeline replacement times corresponding to the sender IP;
Adding one to the historical pipeline replacement times to obtain the current replacement times;
And if the current replacement times are larger than a preset replacement threshold, adding the sender IP into the access blacklist.
The invention also discloses a B12 and a remote access processing device, wherein the remote access processing device comprises the following modules:
The message interception module is used for acquiring an access protocol type and a target server corresponding to the remote access message when the remote access message is intercepted;
The sensitive filtering module is used for replacing sensitive data in the remote access message through a sensitive filtering strategy corresponding to the access protocol type to obtain a secure access message;
and the message forwarding module is used for forwarding the security access message to the target server.
B13, the remote access processing device as described in B12, wherein the sensitive filtering module is further configured to detect whether the remote access message is service query information if the access protocol type is a request response type; if the remote access message is not service inquiry information, extracting an access service identifier and a request access port from the remote access message; acquiring a port replacement rule corresponding to the access service identifier; determining a real service port according to the request access port and the port replacement rule; and replacing the request access port in the remote access message with the real service port to obtain a secure access message.
B14, the remote access processing device of B13, the sensitive filtering module is further configured to extract a request access port from the remote access message if the access protocol type is a request response type; acquiring a service query port corresponding to the target server; and if the service query port is consistent with the request access port, judging that the remote access message is service query information.
B15, the remote access processing device as described in B13, the sensitive filtering module is further configured to forward the remote access message to the target server and obtain a service query response fed back by the target server according to the remote access message if the remote access message is service query information; port replacement is carried out on the service inquiry response, and replacement response information is obtained; and sending the replacement response information to a message sending end corresponding to the remote access message.
B16, the remote access processing device of B15, where the sensitive filtering module is further configured to extract service identification information and a real service port from the service query response; detecting whether a port replacement rule corresponding to the service identification information exists or not; if the port replacement rule corresponding to the service identification information exists, determining a service pair external port according to the port replacement rule and the real service port; replacing a real service port in the service inquiry response with the service external port to obtain replacement response information; and sending the replacement response information to a message sending end of the remote access message.
B17, the remote access processing device as described in B16, wherein the sensitive filtering module is further configured to search a port replacement rule corresponding to the service identification information in a preset replacement rule base; if the port replacement rule corresponding to the service identification information can be found, judging that the port replacement rule corresponding to the service identification information exists.
B18, the remote access processing device as described in B12, wherein the sensitive filtering module is further configured to detect whether an instruction included in the remote access message is a pipe start instruction if the access protocol type is a pipe connection type; if the command is a pipeline starting command, detecting whether an access target corresponding to the remote access message is a sensitive target or not; and if the access target is a sensitive target, performing pipeline name replacement on the remote access message to obtain a secure access message.
The invention also discloses C19, a remote access processing device, the remote access processing device includes: a processor, a memory and a remote access process program stored on the memory and executable on the processor, which when executed implements the steps of the remote access process method as described above.
The invention also discloses D20, a computer readable storage medium, wherein the computer readable storage medium stores a remote access processing program, and the remote access processing program realizes the steps of the remote access processing method when being executed.
Claims (10)
1. A remote access processing method, characterized in that the remote access processing method comprises the following steps:
when a remote access message is intercepted, an access protocol type corresponding to the remote access message and a target server are acquired;
Replacing sensitive data in the remote access message through a sensitive filtering strategy corresponding to the access protocol type to obtain a secure access message;
Forwarding the secure access message to the target server.
2. The remote access processing method as claimed in claim 1, wherein the step of replacing the sensitive data in the remote access message by the sensitive filtering policy corresponding to the access protocol type to obtain the secure access message comprises:
If the access protocol type is a request response type, detecting whether the remote access message is service query information;
if the remote access message is not service inquiry information, extracting an access service identifier and a request access port from the remote access message;
Acquiring a port replacement rule corresponding to the access service identifier;
Determining a real service port according to the request access port and the port replacement rule;
And replacing the request access port in the remote access message with the real service port to obtain a secure access message.
3. The remote access processing method as claimed in claim 2, wherein the step of detecting whether the remote access message is service query information if the access protocol type is a request response type, comprises:
if the access protocol type is a request response type, extracting a request access port from the remote access message;
and if the service query port is consistent with the request access port, judging that the remote access message is service query information.
4. The remote access processing method as claimed in claim 2, wherein after the step of detecting whether the remote access message is service query information if the access protocol type is a request response type, further comprising:
If the remote access message is service query information, forwarding the remote access message to the target server, and acquiring a service query response fed back by the target server according to the remote access message;
port replacement is carried out on the service inquiry response, and replacement response information is obtained;
and sending the replacement response information to a message sending end corresponding to the remote access message.
5. The remote access processing method as claimed in claim 4, wherein the step of performing port replacement on the service inquiry response to obtain replacement response information includes:
extracting service identification information and a real service port from the service inquiry response;
Detecting whether a port replacement rule corresponding to the service identification information exists or not;
If the port replacement rule corresponding to the service identification information exists, determining a service pair external port according to the port replacement rule and the real service port;
and replacing the real service port in the service inquiry response with the service external port to obtain replacement response information.
6. The remote access processing method as claimed in claim 5, wherein the step of detecting whether the port replacement rule corresponding to the service identification information exists comprises:
searching a port replacement rule corresponding to the service identification information in a preset replacement rule library;
If the port replacement rule corresponding to the service identification information can be found, judging that the port replacement rule corresponding to the service identification information exists.
7. The remote access processing method as claimed in claim 1, wherein the step of replacing the sensitive data in the remote access message by the sensitive filtering policy corresponding to the access protocol type to obtain the secure access message comprises:
if the access protocol type is a pipeline connection type, detecting whether an instruction contained in the remote access message is a pipeline starting instruction or not;
If the command is a pipeline starting command, detecting whether an access target corresponding to the remote access message is a sensitive target or not;
And if the access target is a sensitive target, performing pipeline name replacement on the remote access message to obtain a secure access message.
8. A remote access processing apparatus, the remote access processing apparatus comprising:
The message interception module is used for acquiring an access protocol type and a target server corresponding to the remote access message when the remote access message is intercepted;
The sensitive filtering module is used for replacing sensitive data in the remote access message through a sensitive filtering strategy corresponding to the access protocol type to obtain a secure access message;
and the message forwarding module is used for forwarding the security access message to the target server.
9. A remote access processing device, the remote access processing device comprising: a processor, a memory and a remote access process program stored on the memory and executable on the processor, which when executed implements the steps of the remote access process method of any of claims 1-7.
10. A computer readable storage medium, wherein a remote access processing program is stored on the computer readable storage medium, which when executed implements the steps of the remote access processing method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211559575.8A CN118157885A (en) | 2022-12-06 | 2022-12-06 | Remote access processing method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211559575.8A CN118157885A (en) | 2022-12-06 | 2022-12-06 | Remote access processing method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118157885A true CN118157885A (en) | 2024-06-07 |
Family
ID=91290866
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211559575.8A Pending CN118157885A (en) | 2022-12-06 | 2022-12-06 | Remote access processing method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118157885A (en) |
-
2022
- 2022-12-06 CN CN202211559575.8A patent/CN118157885A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9762543B2 (en) | Using DNS communications to filter domain names | |
| US10003610B2 (en) | System for tracking data security threats and method for same | |
| US10929538B2 (en) | Network security protection method and apparatus | |
| US8413238B1 (en) | Monitoring darknet access to identify malicious activity | |
| US7552126B2 (en) | Access record gateway | |
| JP7299415B2 (en) | Security vulnerability protection methods and devices | |
| US9325738B2 (en) | Methods and apparatus for blocking unwanted software downloads | |
| US9413785B2 (en) | System and method for interlocking a host and a gateway | |
| KR20230004222A (en) | System and method for selectively collecting computer forensic data using DNS messages | |
| US10230691B2 (en) | Systems, devices, and methods for improved domain name system firewall protection | |
| US20040199647A1 (en) | Method and system for preventing unauthorized action in an application and network management software environment | |
| WO2020221095A1 (en) | Network access control method and device | |
| US20160205135A1 (en) | Method and system to actively defend network infrastructure | |
| CN118157885A (en) | Remote access processing method, device, equipment and storage medium | |
| US11683337B2 (en) | Harvesting fully qualified domain names from malicious data packets | |
| CN114024752A (en) | Network security defense method, equipment and system based on whole network linkage | |
| JP4710889B2 (en) | Attack packet countermeasure system, attack packet countermeasure method, attack packet countermeasure apparatus, and attack packet countermeasure program | |
| US20240267359A1 (en) | Domain name system (dns) security | |
| CN115174243A (en) | Malicious IP address blocking processing method, device, equipment and storage medium | |
| CN117278288A (en) | Network attack protection method and device, electronic equipment and storage medium | |
| CN115913693A (en) | Network security protection method and device, electronic equipment and storage medium | |
| CN110768983A (en) | Message processing method and device | |
| Dunyi | Research and Implementation of Firewall System Based on SNS Attributes | |
| IL230407A (en) | System and method for providing network and computer firewall protection with dynamic address isolation to a device | |
| KR20080002214A (en) | A control method and the device terminating the internet for security check engine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |