CN1459949A - Network safety system for recording and counterattacking black visitor and method - Google Patents

Network safety system for recording and counterattacking black visitor and method Download PDF

Info

Publication number
CN1459949A
CN1459949A CN 02119718 CN02119718A CN1459949A CN 1459949 A CN1459949 A CN 1459949A CN 02119718 CN02119718 CN 02119718 CN 02119718 A CN02119718 A CN 02119718A CN 1459949 A CN1459949 A CN 1459949A
Authority
CN
China
Prior art keywords
counter
user
hacker
record
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 02119718
Other languages
Chinese (zh)
Other versions
CN1179515C (en
Inventor
方可成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CNB021197180A priority Critical patent/CN1179515C/en
Publication of CN1459949A publication Critical patent/CN1459949A/en
Application granted granted Critical
Publication of CN1179515C publication Critical patent/CN1179515C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A network security system with the function of recording hacker and applying sanction to it features that a switch system (such as firewall with audit mechanism, IP share unit and gateway) is used to prevent the internal data system (such as network server, achieves server and network workstation) from being intruded, stolen, or destroyed. The authenticated user can be switched to the internal data system. The unauthorized user is switched to a sanction system, which has the virtual output format same as that of internal data system to induce the hacker to take further actions in order to record and track it.

Description

Record and counter hacker's network safety system and method
Technical field
The present invention is about a kind of network safety system and method, and particularly can write down and break through person's network safety system and method without permission about a kind of.
Background technology
Computer, server that today is nearly all, even personal communication apparatus as mobile phone, all are connected on the network.Except world-wide web, also have enterprise network (Intranet), communication network (telecommunication network) etc.In a word, network has been that life can't be avoided important tool.Yet at the same time, network often offers some some destructions of illegal effractor or steals the chance of confidential data.For these illegal effractors, that people claim usually is hacker (hacker).How to provide the network security environment of a safety therefore to become a very important problem.Today, common a kind of mode was exactly that LAN at enterprise or tissue is connected to external network, during as world-wide web, added a fire compartment wall of being responsible for filtering.
Fire compartment wall has so-called hardware fire compartment wall and software fire compartment wall, and no matter be hardware fire compartment wall or software fire compartment wall, mainly all provides the setting that system operator carries out some safety conditions.The example of these safety conditions comprises the Datagram that filtration is transmitted from unacquainted address, or the transmission mouth (port) that some transfer protocol uses is closed.Yet the work that the fire compartment wall of today is done all is that simply anti-blocking hacker is in the invasion of phase I.In case the hacker has passed through safety condition, then the hacker just can destroy unbridledly or steal the action of data.The mode that modal hacker uses is exactly a large amount of duplicate test passwords, cracks safety system.But the fire compartment wall of today also can't be detected hacker's action, and give suitable processing in early days.In case the hacker cracks safety system, all destructions or the record of stealing data also all can be eliminated by the hacker simultaneously.Login and carry out record even if the hacker is tested password attempt, also because the hacker further moves as yet, and can't take in response to legal means.
Summary of the invention
Therefore, one of main purpose of the present invention, just provide an action that can detect the hacker in early days, and and then its further unwarranted action carried out record, or start a predetermined counter action, make unlikely network safety system that incurs danger of important data and method at the same time.
A kind of record and counter hacker's network safety system, user's requirement that a user is sent is inspected and handled to this network safety system, and it is to send at an inside information system that this user requires, and it is characterized in that: this network safety system comprises
One counter system;
One checks module, and this inspection module receives this user's requirement and checks this user requires whether to meet a predetermined safety condition, to produce a check result; And
One adapting system, this adapting system receives this check result of this inspection module, wherein when this check result shows that this user requires to meet this predetermined safety condition, this adapting system requires switching to give this inside information system this user, when this check result shows that this user requires not meet this predetermined safety condition, this adapting system requires switching to this counter system this user, this counter system requires to provide one to respond content in a predefined answer mode according to this user, and the response result that this responses content and this inside information system are done in response to this user's requirement has a same format.
Adapting system respectively with an external network, counter system, system is connected with inside information.Adapting system receives user's requirement via external network.When if this user requires to meet a predetermined safety condition, for example by password test, adapting system is sent at least one inside information system with this user's requirement, to carry out subsequent job.
When if this user requires not meet predetermined safety condition, for example password mistake and retry more than three times or order check person's of not being inconsistent (attacking principle) as SQL Injection, adapting system requires to send to the counter system with this user.The counter system provides one to respond content after receiving this user's requirement.This response content inside information system therewith requires to have identical form in response to this user.Therefore, this user does not know that it has invaded failure, and the data of carrying out next step is stolen or sabotage.Yet, be stored in that data system in the counter system fakes or by system operator from the virtual data of ordering or the bait program of tool specific function, thereby the unlikely safety that influences system.In addition, counter system and the action that can write down the user, or carry out other counter actions, with certain maintaining network safety.
A kind of record and counter hacker's network security method, this network security method is for inspecting and handle user's requirement that a user is sent, and it is to send at an inside information system that this user requires, and this network security method comprises the following step:
Receive this user's requirement;
Check this user requires whether to meet a predetermined safety condition, to produce a check result;
When this check result shows that this user requires to meet this predetermined safety condition, one adapting system requires switching to give this inside information system this user, when this check result shows that this user requires not meet this predetermined safety condition, this adapting system requires switching to give a counter system this user, wherein should the counter system require provide one to respond content according to this user, and the response result that this responses content and this inside information system are done in response to this user's requirement have a same format in a predefined answer mode.
Description of drawings
Fig. 1 is the schematic diagram of one first embodiment;
The flow chart of crust first embodiment till Fig. 2;
Fig. 3 A is first kind of execution mode schematic diagram of first embodiment;
Fig. 3 B is second kind of execution mode schematic diagram of first embodiment;
Fig. 3 C is the third execution mode schematic diagram of first embodiment;
Fig. 3 D is first kind of execution mode schematic diagram of second embodiment;
Fig. 3 E is second kind of execution mode schematic diagram of second embodiment;
Fig. 3 F is the third execution mode schematic diagram of second embodiment;
Figure number is to as directed:
101 adapting systems; 102 inside information systems; 103 counter systems;
104 external networks; 105 user's requirements; 106 electronic installations;
107 users; 108 check module; 109 internal networks.
Embodiment
First embodiment
At first, please referring to Fig. 1.The first embodiment of the present invention has an adapting system 101 and a counter system 103.Adapting system 101 is connected respectively to an external network 104, an inside information system 102 and counter system 103.
Then, please alternately with reference to Fig. 1 and Fig. 2, Fig. 2 flow chart of specific embodiment for this reason wherein.Under normal situation, user 107 uses an electronic installation 106, and for example computer requires 105 with a user, is connected to adapting system 101 (step 200) via external network 104.When user 107 user required 105 to meet a predetermined safety condition (step 202), adapting system 101 required 105 switchings to continue to handle to inside information system 102 (step 204) user.The enforcement of this adapting system 101 comprises that IP Wireless Router, hardware firewall or software firewall or other tool communications protocols pass on ability person, and the embodiment of this inside information system 102 comprises the various machines that type can be provided in response to the data that the user requires to give information such as website server, archives server.
When this user require 105 its can't be when this predetermined safe condition (step 202), that is judge that it is one unwarranted when movable, adapting system 101 is not directly rejected the user and is required 105, but requires 105 switchings to give counter system 103 (step 206) user.Counter system 103 in a predefined answer mode, requires 105 in response to this user after this user of reception requires 105, a predefined answer content (step 208) is provided.
At this moment, this responds content is through painstakingly adjustment, makes that this responds content and if the response data that 102 these users of reception of this inside information system required provided at 105 o'clock has a same format.
In other words, because counter system 103 requires the 105 response data that provide an interface to be similar to inside information system 102 according to the user, unwarranted user 107 can take for and successfully invade this inside information system 102.If this unwarranted user 107 continues the action that further data is stolen or destroyed, counter system 103 continues its illegal movement of record, and produce various in response to measure, for example report to the police, the counter related data of detecting this user 107, as the IP address of electronic installation 106, write down these user's 107 further movements or the like.Certainly, counter system 103 also can be in this its action of opening entry when person 107 attempts logining without permission.
Because important data, for example confidential data system deposits in inside information system 102, but not counter system 103, therefore this specific embodiment can successfully be detected unwarranted user's 107 further action, and carry out various counter actions, allow the inside information system 102 that has capsule information incur danger and be unlikely.By this kind method, we provide an important way that solves network security.
Then please alternately referring to Fig. 3 A to Fig. 3 C, first embodiment of this three figure explanation in Fig. 1 adds several distinct methods of checking module 108, this inspection module 108 is to be used for judging that aforesaid user requires 105 whether to meet predetermined safety condition.
In Fig. 3 A, one checks that module 108 is coupled in inside information system 102.How the embodiment of following key diagram 3A operates.At first, a unwarranted user 107 sends a user by electronic installation 106 and requires (step r01).This user requires to pass to adapting system 101 (step r02) via external network 104.Adapting system 101 requires the user to be given to the inspection module 108 (step r03) of inside information system 102 according to user's requirement.When checking that module 108 judges that these users require not meet predetermined safety condition, inspection module 108 is passed to adapting system 101 (step r04) with check result with a control command form, and the embodiment of this control command comprises the mapping mode of setting transmission mouth or IP.After the setting of accepting this check result, adapting system 101 requires switching to give counter system 103 (step r05) user.Counter system 103 requires to provide one to respond content (step r06) with a predetermined way in response to this user.This responds content and then passes external network 104 (step r07) back via adapting system 101.This responds content and is returned to electronic installation 106 (step r08) via external network 104.
As above-mentioned, because counter system 103 is that the response data that provides an interface to be similar to inside information system 102 is returned to user 107, therefore unwarranted user 107 can take for and successfully invade this inside information system 102, and carries out next step action.At this moment, counter system 103 just can carry out various counter activities according to the setting of system operator.
Among the embodiment in Fig. 3 A, check that the embodiment of module 108 comprises, but be not restricted to, with the module of password as access control.At common server, for example website server or archives server system accesses to your password as access control.In the example of this class, the real inspection module of doing is included in the user and uses wrong password according to the present invention, accumulation is certain continuously or during different login the frequency of failure after, adapting system is sent the check result of control command form, make adapting system 101, as fire compartment wall, service IP and transmission mouthful (port) that this user is required are reset to counter system 103.Another embodiment that checks module 108 also is included in after user 107 attempts logining failure, but judges that whether user 107 logins employed electronic installation 106 is a machine in being scheduled to accessing system safety list not.
In addition, the embodiment of counter system 103 has a configuration interface, sets its needed counter mode for system operator through configuration interface thus.Embodiment of these counter modes comprise the further action of writing down person without permission, follow the trail of this IP address or the like of person without permission.And the response content of counter system 103 comprises that the false data that can be set by system operator, mistake data etc. do not influence safe virtual data.This embodiment that responds content also is included in to respond in the content and adds the counter program, and the embodiment of counter program comprises virus code, trojan horse program or the like.
Then, please referring to Fig. 3 B, this figure explanation will check that module 108 is coupled in the embodiment of adapting system 101.With Fig. 3 category-A seemingly, in this example, user 107 sends after the user requires via electronic installation 106, passes through step r11, r12, r13, r14, r15, r16 in regular turn.As above-mentioned, counter system 103 carries out various counter activities then just according to the setting of system operator.
Among the embodiment in Fig. 3 B, check that the embodiment of module 108 comprises, but be not restricted to, with the identification code of user's 107 employed electronic installations 106 module as access control.In one embodiment of the invention, inside information system 102 does not open to the outside world, and only offers some predetermined electronic installations via the external network access, for example mail server, system etc. makes a draft of money.In this type of example, inspection module 108 is checked the identification code of the electronic installation 106 that sends user's requirement, to judge whether the being machine of mandate.The example of this identification code comprise electronic installation 106 IP address, processor identification code, software identification code, and mix the identification code of forming via multiple data.In addition, for fear of suffering that the hacker copies this identification code, the formation of this identification code also must see through cipher mode, different contents occurs in different time, cracks or the like method to avoid suffering the hacker.
Then, please referring to Fig. 3 C, this figure explanation will check that module 108 is coupled in the embodiment of counter system 103.In this example, user 107 passes through step r21, r22, r23 after sending user's requirement via electronic installation 106 in regular turn.When checking that module 108 check results are scheduled to safety condition for meeting, inspection module 108 is passed to adapting system 101 (step r24) with check result.This moment, check result was a control command form, was used for setting the function mode of adapting system 101.Adapting system 101 passes through step r25, r26, r27 after then this user being required switching to give inside information system 102 in regular turn.At last, electronic installation 106 is passed to user 107 from external network 104 with the response data.
If the user that user 107 is sent requires not meet predetermined safety condition, just counter system 103 carries out above-mentioned various counter activities then according to the setting of system operator.
In addition, the embodiment of inspection module 108 also comprises that independence exists with an electronic installation form.
Second embodiment
Then, please referring to Fig. 3 D to Fig. 3 F, this three figure illustrates according to the second embodiment of the present invention.In this embodiment, we illustrate that the present invention also can be used in the framework of internal network.Succinct for what illustrate, we use the label identical with first embodiment, to represent similar structure in the description of this second embodiment.
In Fig. 3 D, Fig. 3 E and Fig. 3 F, adapting system 101, inside information system 102, counter system 103 are connected to an internal network 109 with electronic installation 106.As in Fig. 3 D, Fig. 3 E and Fig. 3 F, check that the embodiment of module 108 then is coupled in inside information system 102, adapting system 101 and counter system 103 respectively.Wherein, the embodiment of this internal network 109 comprises wired or wireless network, TCP/IP network, telecommunication network or the various network media that communication function is provided.
In the example of Fig. 3 D, user 107 sends after the user requires internal network 109 via electronic installation 106, passes through step r31, r32, r33, r34, r35, r36, r37, r38, r39 in regular turn.Right Hou, user 107 receives the response content (step r391) that is transmitted by internal network 109 via electronic installation 106.
As aforementioned, because counter system 103 is that the response data that provides an interface to be similar to inside information system 102 is returned to user 107, therefore unwarranted user 107 can take for and successfully invade this inside information system 102, and carries out next step action.At this moment, counter system 103 just can carry out various counter activities according to the setting of system operator.
In Fig. 3 E, check that module 108 is to be coupled in the adapting system 101.Person 107 attempts via the failure of electronic installation 106 without permission, the action that breaks through via step r41, r42, r43, r44, r45, r46.About the represented example of the similar Fig. 3 B of detailed operation mode of this embodiment, content is as above-mentioned.
And in Fig. 3 F, check that module 108 is to be coupled in the counter system 103.Require in regular turn to obtain corresponding content through user that authorized person 107 sent via step r51, r52, r53, r54, r55, r56, r57, r58, r59, r591.If user 107 is person without permission, then directly break through action by counter system 103.About the represented example of the similar Fig. 3 C of detailed operation mode of this embodiment, content is as above-mentioned.
It must be noted that, be with functional block diagram this specific embodiment to be described herein, with the reference that provides prior art person to do in fact according to this.Yet be not to be used for limiting the present invention, the framework that its content constraints is disclosed to Fig. 3 F in Fig. 1, Fig. 2, Fig. 3 A.For example, counter system 103 can respectively or be coupled with adapting system 101, inside information system 102 simultaneously.Adapting system 101 can respectively or be coupled with counter system 103, inside information system 102 simultaneously.Inside information system 102 also can respectively or be coupled with adapting system 101, counter system 103 simultaneously.
In addition, being connected between adapting system 101 and counter system 103, inside information system 102 and the external network 104 comprises wired, wireless, direct or indirect ways of connecting.In addition, the number of inside information system 102 not only comprises one, more can be most inner servers.
In addition, the embodiment of this outside network 104, internal network 109 comprises world-wide web (Internet), Intranet (Intranet), wireless network (Wireless Network), communication network (Telecommunication Network) or the like.This user requires 105 type to comprise that the file transfer protocol of world-wide web agreement package (IP Package) form requires (FileTransfer Protocol request, FTP), the hypertext transfer protocol (Hypertext TransferProtocol request, HTTP), microsoft network neighbor agreement and homologue thereof etc.The embodiment of adapting system 101 comprises fire compartment wall (Firewall), IP Wireless Router of hardware and software form or the like.The embodiment of inside information system 102 comprises website (Web Site), archives server (File Server), data bank server (Database Server), PC or the like.The embodiment that sends the electronic installation 106 of user's requirement comprises PC, personal digital assistant (PDA), mobile phone, work station or the like.
Embodiment as for aforesaid predetermined safety condition comprises that then the password mistake retry that requires to have above a pre-determined number as the user moves, and the identification code of sending the machine 106 of user's requirement.The embodiment of this identification code comprises identification code, the network card of processor or cooperates the identification code of various softwares even identification code of basic input/output system (BIOS) or the like.This predetermined safety condition also must set the user require content order or the command content that can carry, for example in the embodiment of website servo system, system operator can be set order or the command service that part only is provided, but not whole HTTP command context is provided.
Predefined answer mode as for aforesaid counter system 103 must be set by a system operator, or directly is set in the counter system 103.In addition, the mode of the predefined answer of this counter system 103 also can be included in after user 107 receives the response content of these counter systems 103, writes down this user 107 and continues action that this counter system 103 is carried out.User's 107 possible actions comprise the data of stealing or destroy counter system 103.So, just can see through these actions, user 107 is carried out corresponding law action.In addition, the response mode of this counter system 103 also can comprise the related data of following the trail of user 107, for example address of its machine that uses 106.
The response content that is provided as for counter system 103 can be set at the virtual data similar to inner server 102, the unlikely leakage secret of these virtual data, and do not have the anxiety of safety.Even this responds in the content also can comprise anti-tracing program, so that follow the trail of this user's 107 related data.Certainly, this response content also can comprise trojan horse program.This trojan horse program can be carried out at user's 107 employed machines.
In addition, the embodiment of adapting system comprises software firewall system and hardware firewall system.In the embodiment of hardware firewall, the embodiment of the inspection module of this predetermined safe condition comprises in the firmware mode and being stored in this hardware firewall system.At this moment, a system operator must be revised the content of this firmware, to change predetermined safety condition.At the embodiment of software fire compartment wall, system operator also must see through interface, or the rewriting of procedure code, setting shelves is to change the predetermined safe condition.
In addition, in order to ensure the use of network bandwidth, in the another embodiment of the present invention, adapting system 102 has a management interfaces, sets in the unit interval by this management interfaces for system operator and breaks through person's maximum number without permission.For surpassing this number person, then directly return its requirement and not via the counter system handles.
Understand as the person skilled in the art, the above only is preferred embodiment of the present invention, is not in order to limit claim of the present invention; All other do not break away from the equivalence of being finished under the disclosed spirit and changes or modification, all should be included in the following claim.

Claims (27)

  1. One kind the record and the counter hacker network safety system, user's requirement that a user is sent is inspected and handled to this network safety system, it is to send at an inside information system that this user requires, it is characterized in that: this network safety system comprises
    One counter system;
    One checks module, and this inspection module receives this user's requirement and checks this user requires whether to meet a predetermined safety condition, to produce a check result; And
    One adapting system, this adapting system receives this check result of this inspection module, wherein when this check result shows that this user requires to meet this predetermined safety condition, this adapting system requires switching to give this inside information system this user, when this check result shows that this user requires not meet this predetermined safety condition, this adapting system requires switching to this counter system this user, this counter system requires to provide one to respond content in a predefined answer mode according to this user, and the response result that this responses content and this inside information system are done in response to this user's requirement has a same format.
  2. 2. record as claimed in claim 1 and counter hacker's network safety system is characterized in that: this inspection module system optionally is coupled among this counter system, this inspection module and this adapting system three.
  3. 3. record as claimed in claim 1 and counter hacker's network safety system, it is characterized in that: this counter system has an interface, optionally sets the multiple corresponding content of this predefined answer mode of generation for a system operator.
  4. 4. record as claimed in claim 2 and counter hacker's network safety system, it is characterized in that: this interface of this counter system is also optionally set a counter number for this system operator, and this counter number is this counter system maximum number that handled this user who does not meet this predetermined safety condition requires in a unit interval.
  5. 5. record as claimed in claim 1 and counter hacker's network safety system is characterized in that: this predefined answer mode of this counter system comprises at least one subsequent action of this user of record after receiving this response content.
  6. 6. record as claimed in claim 5 and counter hacker's network safety system, it is characterized in that: this predefined answer mode of this counter system more comprises a related data of following the trail of this user.
  7. 7. record as claimed in claim 1 and counter hacker's network safety system is characterized in that: this response content that this counter system is provided is one not influence safe virtual data.
  8. 8. record as claimed in claim 7 and counter hacker's network safety system is characterized in that: this counter system provides an interface to supply a system operator to set the content of this virtual data, and this virtual data optionally comprises at least one counter program.
  9. 9. record as claimed in claim 1 and counter hacker's network safety system, it is characterized in that: this adapting system is a hardware firewall system, and this inspection module system is stored in this hardware firewall system in a firmware mode, wherein should predetermined safety condition to change by optionally revising this firmware.
  10. 10. record as claimed in claim 1 and counter hacker's network safety system, it is characterized in that: this adapting system is a software firewall system.
  11. 11. record as claimed in claim 1 and counter hacker's network safety system is characterized in that: this predetermined safety condition is that this user requires is that failure is logined in the trial that surpasses a pre-determined number.
  12. 12. record as claimed in claim 1 and counter hacker's network safety system is characterized in that: this predetermined safety condition is to comprise a predetermined command content during this user requires.
  13. 13. record as claimed in claim 1 and counter hacker's network safety system, it is characterized in that: this predetermined safety condition is the identification code that an electronic installation of this user's requirement is sent in check, and wherein this identification code optionally combines via a cipher mode.
  14. 14. a network security method that writes down and break through the hacker, this network security method is for inspecting and handle user's requirement that a user is sent, and it is to send at an inside information system that this user requires, and this network security method comprises the following step:
    Receive this user's requirement;
    Check this user requires whether to meet a predetermined safety condition, to produce a check result;
    When this check result shows that this user requires to meet this predetermined safety condition, one adapting system requires switching to give this inside information system this user, when this check result shows that this user requires not meet this predetermined safety condition, this adapting system requires switching to give a counter system this user, wherein should the counter system require provide one to respond content according to this user, and the response result that this responses content and this inside information system are done in response to this user's requirement have a same format in a predefined answer mode.
  15. 15. record as claimed in claim 14 and counter hacker's network security method, it is characterized in that: this predefined answer mode of this counter system is optionally set by a system operator.
  16. 16. record as claimed in claim 14 and counter hacker's network security method, it is characterized in that: check this user requires whether to meet this predetermined condition system and checks the module execution by one, and this inspection module is coupled in optionally among this adapting system, this inside information system and this three of counter system.
  17. 17. record as claimed in claim 14 and counter hacker's network security method is characterized in that: this counter system provides an interface to set this predefined answer mode for a system operator.
  18. 18. record as claimed in claim 17 and counter hacker's network security method, it is characterized in that: this interface of this counter system is also optionally set a counter number for this system operator, and this counter number is this counter system maximum number that handled this user who does not meet this predetermined safety condition requires in a unit interval.
  19. 19. record as claimed in claim 14 and counter hacker's network security method is characterized in that: this predefined answer mode of this counter system comprises at least one subsequent action of this user of record after receiving this response content.
  20. 20. record as claimed in claim 19 and counter hacker's network security method, it is characterized in that: this predefined answer mode of this counter system more comprises a related data of following the trail of this user.
  21. 21. record as claimed in claim 14 and counter hacker's network security method is characterized in that: this response content that this counter system is provided is one not influence safe virtual data.
  22. 22. record as claimed in claim 21 and counter hacker's network security method is characterized in that: this counter system provides an interface to supply a system operator to set the content of this virtual data, and this virtual data optionally comprises at least one counter program.
  23. 23. record as claimed in claim 14 and counter hacker's network security method, it is characterized in that: this adapting system is a hardware firewall system, and this inspection module system is stored in this hardware firewall system in a firmware mode, wherein should predetermined safety condition to change by optionally revising this firmware.
  24. 24. record as claimed in claim 14 and counter hacker's network security method, it is characterized in that: this adapting system is a software firewall system.
  25. 25. record as claimed in claim 14 and counter hacker's network security method is characterized in that: this predetermined safety condition is that failure is logined in the trial that this user requires to have above a pre-determined number.
  26. 26. record as claimed in claim 14 and counter hacker's network security method is characterized in that: this predetermined safety condition is to comprise a predetermined command content during this user requires.
  27. 27. record as claimed in claim 14 and counter hacker's network security method, it is characterized in that: this predetermined safety condition is the identification code that an electronic installation of this user's requirement is sent in check, and wherein this identification code optionally forms via a cipher mode.
CNB021197180A 2002-05-15 2002-05-15 Network safety system for recording and counterattacking black visitor and method Expired - Lifetime CN1179515C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB021197180A CN1179515C (en) 2002-05-15 2002-05-15 Network safety system for recording and counterattacking black visitor and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB021197180A CN1179515C (en) 2002-05-15 2002-05-15 Network safety system for recording and counterattacking black visitor and method

Publications (2)

Publication Number Publication Date
CN1459949A true CN1459949A (en) 2003-12-03
CN1179515C CN1179515C (en) 2004-12-08

Family

ID=29426863

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB021197180A Expired - Lifetime CN1179515C (en) 2002-05-15 2002-05-15 Network safety system for recording and counterattacking black visitor and method

Country Status (1)

Country Link
CN (1) CN1179515C (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107154939A (en) * 2017-05-10 2017-09-12 深信服科技股份有限公司 A kind of method and system of data tracing
CN108833388A (en) * 2018-06-05 2018-11-16 上海垣安环保科技有限公司 A kind of active response net peace system for network identity invasion

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107154939A (en) * 2017-05-10 2017-09-12 深信服科技股份有限公司 A kind of method and system of data tracing
CN108833388A (en) * 2018-06-05 2018-11-16 上海垣安环保科技有限公司 A kind of active response net peace system for network identity invasion
CN108833388B (en) * 2018-06-05 2020-10-02 上海垣安环保科技有限公司 Active response network security system aiming at network identity intrusion

Also Published As

Publication number Publication date
CN1179515C (en) 2004-12-08

Similar Documents

Publication Publication Date Title
US10447730B2 (en) Detection of SQL injection attacks
CN100489806C (en) Method for protecting the computer data
US7752662B2 (en) Method and apparatus for high-speed detection and blocking of zero day worm attacks
CN108121914B (en) Document divulgence protection tracking system
US8219496B2 (en) Method of and apparatus for ascertaining the status of a data processing environment
TWI235580B (en) Network security system and method for recording and resisting hacker
CN111683157B (en) Network security protection method for Internet of things equipment
WO2010061801A1 (en) Client computer for protecting confidential file, server computer therefor, method therefor, and computer program
JP4718216B2 (en) Program, client authentication request method, server authentication request processing method, client, and server
US20050273673A1 (en) Systems and methods for minimizing security logs
US20060190993A1 (en) Intrusion detection in networks
US20050138402A1 (en) Methods and apparatus for hierarchical system validation
Wang Measures of retaining digital evidence to prosecute computer-based cyber-crimes
US20190081968A1 (en) Method and Apparatus for Network Fraud Detection and Remediation Through Analytics
JP4984531B2 (en) Server monitoring program, relay device, server monitoring method
CN107317816A (en) A kind of method for network access control differentiated based on client application
CN110087238B (en) Information security protection system of mobile electronic equipment
CN108694329B (en) Mobile intelligent terminal security event credible recording system and method based on combination of software and hardware
WO2001073533A1 (en) System and method for safeguarding electronic files and digital information in a network environment
US7565690B2 (en) Intrusion detection
US20040003294A1 (en) Method and apparatus for monitoring a network data processing system
CN1179515C (en) Network safety system for recording and counterattacking black visitor and method
CN116894259A (en) Safety access control system of database
CN107294994B (en) CSRF protection method and system based on cloud platform
CN107508829B (en) A kind of webshell detection method of non-intrusion type

Legal Events

Date Code Title Description
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term

Granted publication date: 20041208

CX01 Expiry of patent term