CN1705262A - Network security protecting system and method - Google Patents
Network security protecting system and method Download PDFInfo
- Publication number
- CN1705262A CN1705262A CN 200410042910 CN200410042910A CN1705262A CN 1705262 A CN1705262 A CN 1705262A CN 200410042910 CN200410042910 CN 200410042910 CN 200410042910 A CN200410042910 A CN 200410042910A CN 1705262 A CN1705262 A CN 1705262A
- Authority
- CN
- China
- Prior art keywords
- user
- security
- server
- network
- broadband access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
A network safety protection system and method, which contains attestation server for network accessing attestation and determining whether user accessing, security policy server for configuring and transmitting security policy, judging whether user is safety user or not and sending judgment result to attestation server, broadband access server for user network accessing, receiving security policy and monitoring message accessing user network, sending monitoring information to security policy server to judge user security, said invention can refuse non safety user to access network. Said invention also discloses network safety protection method.
Description
Technical field
The present invention relates to the safe practice in the computer or the communications field, refer to a kind of network security protection system and method especially.
Background technology
Along with computer network especially the Internet (INTERNET) the popularizing and deeply of the whole world, enterprise network being widelyd popularize and using security department, banking system, enterprises and institutions, makes people more and more contact network and uses network.By the network activity that can carry on trade, also can carry out mail and transmit, but simultaneously, viral load also is accompanied by network and is doubled rapidly, a lot of viruses that are close to disappearance also happen occasionally, and macrovirus is regardless of operating system because of it, propagates especially rapidly on network.When greatly developing network, virus also obtains great development.Virus in the network has plenty of optimum, does not do any destruction, only influences the normal operation of system, but more virus is pernicious, can show effect, and the phenomenon of outbreak is each has something to recommend him: the disk format that has, the deletion system file that has, destruction database that has or the like.Therefore, must cure as early as possible when virus is arranged, all the more so to network, much larger than the unit user, loss then more need not have been talked to the destructiveness of network for it.
Network attack on the network is more and more in addition, and also very big to the impact of BAS Broadband Access Server, often a user attacks, and can cause the normal accesses network other user in same zone, brings very big puzzlement to telecom operators.
The method of existing killing virus still is download patches and antivirus software, but a broadband metropolitan area network has thousands of up to ten thousand machines, as long as not virus killing and the patch installing in time of a machine arranged, will influence whole network, even can cause whole network to be poisoned repeatedly.
Therefore, all in all, existing method does not solve the isolation and the repeated infection problem of internet worm well, and renewal antivirus software and system mend that the user need be frequent, has increased user's complicated operation degree.
Summary of the invention
The problem that the present invention solves provides a kind of network security protection system and method, avoids internet worm to cause repeated infection.
For addressing the above problem, network security protection system of the present invention comprises: certificate server, be used for network access authentication, and whether can access network according to the authentication result decision user of containing safety information; Security Policy Server is used to dispose security strategy and issues security strategy, and judges that the user is also right and wrong secured user of secured user, and judged result is sent to described certificate server; BAS Broadband Access Server, being used for user network inserts, receive described security strategy and according to the user's of described security strategy monitoring access network message, monitor message is sent to described Security Policy Server with the judgement user security, and described BAS Broadband Access Server is according to refusing non-secured user's access network from the judged result or the safety information in the authentication result of described certificate server.
Described certificate server has the whether security attribute of safety of expression user; And described BAS Broadband Access Server has the whether user security attribute of safety of expression user.The security attribute value of described certificate server is provided with according to the fail safe judged result of described Security Policy Server, and the current safety property value is sent to BAS Broadband Access Server; The user security property value of BAS Broadband Access Server is provided with the user security property value and refuses non-secured user's Access Network according to the user security property value according to the security attribute value that receives.
Described security strategy comprises: check item, be used to the content of indicating BAS Broadband Access Server to check; Trigger condition is used to indicate trigger condition; Operation is used in reference to and is shown in BAS Broadband Access Server execution concrete operations when satisfying trigger condition.The message of described operation finger beam leased line service device supervisory user also duplicates corresponding message to Security Policy Server as monitor message when satisfying trigger condition, and then Security Policy Server is judged security of users according to this message.
This system also comprises portal server, is used to isolate non-secured user, and BAS Broadband Access Server is controlled non-secured user and visited this portal server.
Correspondingly, network safety protection method of the present invention may further comprise the steps: security strategy configuration step, Security Policy Server issue security strategy to BAS Broadband Access Server; Authenticating step is checked whether safety of user during authentication, and returns the authentication result of security of users information to BAS Broadband Access Server; Monitoring step, according to authentication result, the full strategy in Yian is monitored the user's of access network message, and monitor message is fed back to Security Policy Server; Determining step, Security Policy Server is judged user security according to monitor message, and with judged result via certificate server; Treatment step, certificate server issue judged result to BAS Broadband Access Server, and broadband server is refused non-secured user's access network according to judged result.
Described security strategy comprises: check item, be used to the content of indicating BAS Broadband Access Server to check; Trigger condition is used to indicate trigger condition; Operation is used in reference to and is shown in BAS Broadband Access Server execution concrete operations when satisfying trigger condition.When monitor message refers to satisfy trigger condition, the user's that BAS Broadband Access Server is monitored message, operation refers to this message is duplicated to Security Policy Server.
Certificate server has and is used for representing the whether security attribute of safety of user; And BAS Broadband Access Server has and is used for representing the whether user security attribute of safety of user.Authenticating step further comprises: BAS Broadband Access Server sends authentication request to certificate server; Certificate server authenticates and reads this user's security attribute value; The authentication result that will include the security attribute value feeds back to BAS Broadband Access Server.
Described access step comprises the steps: that further BAS Broadband Access Server judges whether by authentication according to authentication result; If, then the user security attribute is set according to the security attribute value in the authentication result by authentication; Judge whether safety of user according to the user security property value; If dangerous, then refuse access network, if safe access network is also carried out monitoring step simultaneously.
Described monitoring step further comprises: BAS Broadband Access Server is according to the message of security strategy supervisory user; When satisfying trigger condition, corresponding message is duplicated to Security Policy Server as monitor message.
Described treatment step further comprises: certificate server is provided with the security attribute value according to the fail safe judged result of Security Policy Server, and the current safety property value is sent to BAS Broadband Access Server; BAS Broadband Access Server is provided with the user security property value and refuses non-secured user's access network according to the security attribute value that receives; Non-secured user forces to visit portal server; Portal server provides the virus killing instrument with virus killing for the non-secured user who poisons, and warns it to forbid carrying out network attack to the non-secured user who carries out network attack; The user who kills poison was carried out security evaluation, if the security attribute that safe then notification authentication server is provided with this user is a safety; The security attribute that certificate server is revised the user is safety and is handed down to BAS Broadband Access Server; BAS Broadband Access Server is revised the user security attribute and is safety and forwards monitoring step to.
Compared with prior art, the present invention has the following advantages:
Issue security strategy by Security Policy Server, on BAS, carry out the resource inspection then with monitoring, be easy to judge whether the user poisons or carry out network attack, because it is convenient, flexible to upgrade security strategy by Security Policy Server, therefore for new virus and new network attack means strain in time;
The user area is divided into secured user and non-secured user, and the secured user surfs the Net without limits, but not the secured user can only visit portal server, thereby avoids non-secured user to infect the secured user;
Security strategy can coact with control hacker manufacturer of virus killing manufacturer and finish on the Security Policy Server, can guarantee that therefore the security strategy renewal rapidly in time;
For the user, needn't always pay close attention to up-to-date patch and Virus Info, reduced requirement, and reduced the risk that the user is infected by the virus user's virus knowledge;
For the operator, this invention can effectively solve system resource waste viral and that network attack causes, for virus problems, can quick identification poisoning user, and isolate, the user that prevents to poison is further infected other normal users, obtains new profit growth point by providing the download instrument of killing the virus to charge with compensation in addition; For problem of hackers, can in time find hacker's attack, thereby can carry out next step processing;
For virus killing manufacturer control hacker manufacturer, can charge by up-to-date Virus Info and virus killing instrument is provided, thereby reach the effect of doulbe-sides' victory.
Description of drawings
Fig. 1 is a network security protection system block diagram of the present invention.
Fig. 2 is that the security attribute of certificate server is provided with the embodiment schematic diagram.
Security strategy configuration step flow chart in Fig. 3 network safety protection method of the present invention.
Fig. 4 is authentication, a monitoring step flow chart in the network safety protection method of the present invention.
Fig. 5 is a determining step flow chart in the network safety protection method of the present invention.
Fig. 6 is a treatment step flow chart in the network safety protection method of the present invention.
Fig. 7 is non-secured user's process chart in the network safety protection method of the present invention.
Embodiment
Network security protection system of the present invention and method realize based on existing network system, and described existing network system has generally comprised:
BAS Broadband Access Server (BAS, Broadband Access Server): mainly finish user's access, xDSL//LAN/HFC access waies such as (x Digital Subscriber Line/local area network (LAN)s/optical fiber/coaxial hybrid network) is arranged usually.
Certificate server: AAA is the abbreviation of checking, mandate and charge (Authentication, Authorization andAccounting), provides one to be used for to verifying, authorize the consistent framework that is configured with these three kinds of safety functions of chargeing.And AAA usually uses and long-rangely recognizes (testing) card dialing user's service agreement (Radius, Remote Authentication Dial-In User Service) and finish.Certificate server is exactly a PC or a network equipment of realizing the Radius agreement, by cooperating with BAS Broadband Access Server, finishes user's checking, mandate and charging.
Door (Portal) server: Portal service is a kind of novel business that ISP offers the user, make the user can select to be fit to user's oneself business flexibly by the visit portal server, network of relation resource (connecting FTP download etc. as HTTP) perhaps is provided.
The relation of BAS Broadband Access Server and other servers, details are as follows.
BAS Broadband Access Server and certificate server: thus want when connecting the right (or obtaining the right of using some Internet resources) that obtains other networks of visit as the user with BAS Broadband Access Server, and BAS Broadband Access Server has played the effect of inspection user (or this connects).BAS Broadband Access Server is responsible for the checking the user, authorizes, and accounting information passes to certificate server.And after certificate server reception user's the authentication request, finish checking, and return to BAS Broadband Access Server passing to the required configuration information of user.Whether the result that BAS Broadband Access Server returns according to certificate server determines the user can visit and can visit what resource.
BAS Broadband Access Server and portal server: portal server is mainly finished two kinds of functions at present, first kind is after authentification of user passes through, portal server provides a webpage, the user can visit ISP (Internet Service Provider on webpage, Internet Service Provider) business that provides is as VOD (VideoOn Demand, video request program), recreation, software download etc.; Another is that the user visited door server page face before authentication is passed through, pointing out the user to import username and password on the page authenticates, portal server sends to BAS Broadband Access Server with username and password then, BAS Broadband Access Server comes to determine user's authority then alternately with certificate server, last BAS Broadband Access Server is notified to portal server with authentication result.
Therefore, the authentication and accounting of existing general leading subscriber of BAS Broadband Access Server, and no matter the user surfs the Net and carried out which activity.All-network virus is sightless for BAS Broadband Access Server, and it is that user data is handled that BAS Broadband Access Server only is used as.And dispose between BAS Broadband Access Server and the various server, user's authentication, billing function can be finished, but antivirus protection and control hacker function can not be finished.
Please refer to shown in Figure 1ly, network security protection system of the present invention comprises:
Whether certificate server 1 is used for network access authentication, can access network 3 according to the authentication result decision user of containing safety information;
Security Policy Server 4 is used to dispose security strategy (referring to increase, deletion, the modification of security strategy) and issues security strategy, and judges security of users, and judged result is sent to certificate server 1;
BAS Broadband Access Server 5, being used for user network inserts, receive security strategy and according to the user's of security strategy monitoring access network 3 message, monitor message is sent to Security Policy Server 4 with the judgement user security, and BAS Broadband Access Server 5 is according to refusing non-secured user's access network 3 from the judged result or the safety information in the authentication result of certificate server 1.
Like this, by utilizing 5 couples of users' of BAS Broadband Access Server monitoring function, can solve the isolation and the killing problem of network worm virus well.On the one hand, BAS Broadband Access Server 5 judges via Security Policy Server 4 whether the user poisons or malicious attack by the real-time inspection user's message.On the other hand, the user who finds is above carried out the network segment isolate, and guide the user to kill virus, prevent to influence other user, intersect repeated infection and destroy network thereby reduce.
Please refer to shown in Figure 2, certificate server 1 has the whether security attribute of safety of expression user, on existing certificate server, increase an attribute: security attribute, value is " safety " or " dangerous ", all users' default security attribute is " safety ", for example, and in shiva (a kind of Radius server software), add a Custom Attributes: security attribute " Safety-State ", its value are " Safe " or " Unsafe ".The security attribute value of certificate server 1 is provided with according to the fail safe judged result of Security Policy Server 4, and the current safety property value is sent to BAS Broadband Access Server 5.
BAS Broadband Access Server 5 has the whether user security attribute of safety of expression user, and value is " safety " or " dangerous ".The user security property value of BAS Broadband Access Server 5 is provided with the user security property value and refuses non-secured user's Access Network according to the user security property value according to the security attribute value that receives.
On type, described security strategy is divided into antivirus policy and attack protection strategy; On structure, security strategy comprises: check item, be used to the content of indicating BAS Broadband Access Server 5 to check; Trigger condition is used to indicate trigger condition; Operation is used in reference to and is shown in BAS Broadband Access Server 5 execution concrete operations when satisfying trigger condition.The message of described operation finger beam leased line service device 5 supervisory user also duplicates corresponding message to Security Policy Server 4 as monitor message when satisfying trigger condition, and then Security Policy Server 4 is judged security of users according to this message.The configuration of security strategy item can be used accomplished in many ways, for example: can extended acl (Access Control List, Access Control List (ACL)), increase action type.To check that shock wave virus is that example describes, the inspection item of shock wave virus safe strategy is defined as below: " check that agreement is TCP in the user's message, the destination slogan is the message of 135 ports "; Trigger condition is defined as: " triggering when the speed of checking message surpasses 3 of per seconds ", operation is defined as: " the TCP head that sends message is to Security Policy Server ".
In addition, network security protection system of the present invention also comprises portal server 6, is used to isolate non-secured user, and the non-secured user of BAS Broadband Access Server 5 controls visits this portal server 6.The prompting user has poisoned or has carried out network attack on this Portal homepage, and for the situation of poisoning, the prompting user need kill virus or security patch, and provides patch or killer for user's download on homepage; After user operation (patch, virus killing etc. are installed) finished, 6 couples of users of portal server carried out security evaluation, and as security evaluation result when be dangerous, the prompting user continues to kill virus; When the security evaluation result security attribute that portal server 6 notification authentication servers 1 are revised this user when safe is a safety.For the situation of network attack, the prompting user stops network attack, and can carry out next step processing according to certain rule, and for example: the user is continuous to carry out that network attack just forbids that the user surfs the Net three times etc.Really, also can not visit portal server 6 to non-secured user's processing and isolate, non-secured user be rolled off the production line get final product, also can reach and avoid internet worm intersection, repeated infection.
Please refer to shown in Fig. 3 to 7, network safety protection method of the present invention may further comprise the steps:
Security strategy configuration step (seeing Fig. 3,4), Security Policy Server issues security strategy to BAS Broadband Access Server, issuing of security strategy can be used several different methods, for example: Security Policy Server is connected to BAS Broadband Access Server by Telnet (a kind of standard agreement that is used for long-range connection service), carries out configuration order then;
The authenticating step (see figure 4) is checked whether safety of user during authentication, and returns the authentication result of security of users information to BAS Broadband Access Server;
The monitoring step (see figure 4), according to authentication result, the full strategy in Yian is monitored the user's of access network message, and monitor message is fed back to Security Policy Server;
The determining step (see figure 5), Security Policy Server is judged user security according to monitor message, and with judged result via certificate server;
Treatment step, certificate server issue judged result to BAS Broadband Access Server, and broadband server is refused non-secured user's access network according to judged result.
Described security strategy comprises: check item, be used to the content of indicating BAS Broadband Access Server to check; Trigger condition is used to indicate trigger condition; Operation is used in reference to and is shown in BAS Broadband Access Server execution concrete operations when satisfying trigger condition.
When described monitor message refers to satisfy trigger condition, the user's that BAS Broadband Access Server is monitored message, operation refers to this message is duplicated to Security Policy Server.
Described certificate server has and is used for representing the whether security attribute of safety of user; And BAS Broadband Access Server has and is used for representing the whether user security attribute of safety of user.
Please continue with reference to shown in Figure 4, authenticating step further comprises:
Step 40, BAS Broadband Access Server sends authentication request to certificate server;
Step 41, certificate server authenticate and read this user's security attribute value;
Step 42, the authentication result that will include the security attribute value feeds back to BAS Broadband Access Server.
Described monitoring step further comprises:
Step 43, BAS Broadband Access Server judges whether by authentication according to authentication result;
Step 44 is if by authentication, then be provided with the user security attribute according to the security attribute value in the authentication result; If not by the authentication refuse this user access network;
Step 45 is judged whether safety of user according to the user security property value;
If step 46 dangerous, is then refused access network, if safe access network is also carried out monitoring step simultaneously.
Step 47, BAS Broadband Access Server is according to the message of security strategy supervisory user, for example: according to the requirement of " shock wave virus safe policy entry ", when the user sets up new TCP connection, BAS checks for the first packet of user's TCP message, the accounting message protocol type is TCP, and the destination slogan is the message of 135 ports;
Step 48 judges whether to satisfy trigger condition
Step 49, when satisfying trigger condition, corresponding message is duplicated to Security Policy Server as monitor message, for example, when one of the message number of per second operation 3 seconds, BAS sends the TCP head of message to Security Policy Server, if do not satisfy then judge whether the user rolls off the production line, if do not roll off the production line then return step 45 and continue monitoring.
Please refer to Fig. 5, described determining step further comprises:
Step 51 is received monitor message;
Step 52 is judged whether safety of user, for example, after Security Policy Server is received " the destination slogan is the message of 135 ports " that BAS sends, finds that message rate greater than 10pps, just thinks that the user has suffered shock wave virus;
Step 53 if safety is not then operated, is " dangerous " if dangerous then notification authentication server is provided with user's security attribute.
Please refer to shown in Fig. 6,7, described treatment step further comprises:
Step 60, the request that is provided with of receiving Security Policy Server;
Step 62, certificate server is provided with the security attribute value according to the fail safe judged result of Security Policy Server,
Step 63, the current safety property value sends to BAS Broadband Access Server;
Forward step 61 to, certificate server is received the request that is provided with of portal server, and the security attribute of revising the user is safety and is handed down to BAS Broadband Access Server; BAS Broadband Access Server is revised the user security attribute and is safety and forwards monitoring step to.
In sum, issue security strategy, on BAS, carry out the resource inspection then, be easy to judge whether the user poisons or carry out network attack, therefore strain rapidly with monitoring by Security Policy Server;
The user area is divided into secured user and non-secured user, and the secured user surfs the Net without limits, but not the secured user can only visit portal server, thereby avoids non-secured user to infect the secured user;
Security strategy can coact with control hacker manufacturer of virus killing manufacturer and finish on the Security Policy Server, therefore can guarantee rapidly in time;
For the user, needn't always pay close attention to up-to-date patch and Virus Info, reduced requirement to user's virus knowledge;
For the operator, can solve the not enough problem of bandwidth that virus and network attack cause fast, for virus problems, can kill the virus to charge by download obtains new profit growth point; For problem of hackers, can access hacker's relevant information, thereby can carry out next step processing;
For virus killing manufacturer control hacker manufacturer, can charge by up-to-date information is provided, thereby reach the effect of doulbe-sides' victory.
Claims (14)
1. a network security protection system is characterized in that, this guard system comprises:
Whether certificate server is used for network access authentication, can access network according to the authentication result decision user of containing safety information;
Security Policy Server is used to dispose security strategy and issues security strategy, and judges that the user is also right and wrong secured user of secured user, and judged result is sent to described certificate server;
BAS Broadband Access Server, being used for user network inserts, receive described security strategy and according to the user's of described security strategy monitoring access network message, monitor message is sent to described Security Policy Server with the judgement user security, and described BAS Broadband Access Server is according to refusing non-secured user's access network from the judged result or the safety information in the authentication result of described certificate server.
2. network security protection system as claimed in claim 1 is characterized in that, described certificate server has the whether security attribute of safety of expression user; And described BAS Broadband Access Server has the whether user security attribute of safety of expression user.
3. network security protection system as claimed in claim 2, it is characterized in that, the security attribute value of described certificate server is provided with according to the fail safe judged result of described Security Policy Server, and the current safety property value is sent to BAS Broadband Access Server; The user security property value of BAS Broadband Access Server is provided with the user security property value and refuses non-secured user's Access Network according to the user security property value according to the security attribute value that receives.
4. network security protection system as claimed in claim 1 is characterized in that, described security strategy comprises: check item, be used to the content of indicating BAS Broadband Access Server to check; Trigger condition is used to indicate trigger condition; Operation is used in reference to and is shown in BAS Broadband Access Server execution concrete operations when satisfying trigger condition.
5. network security protection system as claimed in claim 2, it is characterized in that, the message of described operation finger beam leased line service device supervisory user also duplicates corresponding message to Security Policy Server as monitor message when satisfying trigger condition, and then Security Policy Server is judged security of users according to this message.
6. as any described network security protection system of claim 1 to 5, it is characterized in that this system also comprises portal server, be used to isolate non-secured user, and BAS Broadband Access Server is controlled non-secured user and visited this portal server.
7. a network safety protection method is characterized in that, this method may further comprise the steps:
Security strategy configuration step, Security Policy Server issue security strategy to BAS Broadband Access Server;
Authenticating step is checked whether safety of user during authentication, and returns the authentication result of security of users information to BAS Broadband Access Server;
Monitoring step, according to authentication result, the full strategy in Yian is monitored the user's of access network message, and monitor message is fed back to Security Policy Server;
Determining step, Security Policy Server is judged user security according to monitor message, and with judged result via certificate server;
Treatment step, certificate server issue judged result to BAS Broadband Access Server, and broadband server is refused non-secured user's access network according to judged result.
8. network safety protection method as claimed in claim 7 is characterized in that, described security strategy comprises: check item, be used to the content of indicating BAS Broadband Access Server to check; Trigger condition is used to indicate trigger condition; Operation is used in reference to and is shown in BAS Broadband Access Server execution concrete operations when satisfying trigger condition.
9. network safety protection method as claimed in claim 8 is characterized in that, when monitor message refers to satisfy trigger condition, and the user's that BAS Broadband Access Server is monitored message, operation refers to this message is duplicated to Security Policy Server.
10. as any one network safety protection method as described in the claim 9, it is characterized in that certificate server has and is used for representing the whether security attribute of safety of user; And BAS Broadband Access Server has and is used for representing the whether user security attribute of safety of user.
11. network safety protection method as claimed in claim 10 is characterized in that, authenticating step further comprises: BAS Broadband Access Server sends authentication request to certificate server;
Certificate server authenticates and reads this user's security attribute value;
The authentication result that will include the security attribute value feeds back to BAS Broadband Access Server.
12. network safety protection method as claimed in claim 11 is characterized in that, described access step further comprises the steps:
BAS Broadband Access Server judges whether by authentication according to authentication result;
If by authentication, then the user security attribute is set and judges whether safety of user according to the user security property value according to the security attribute value in the authentication result;
If dangerous, then refuse access network, if safe access network is also carried out monitoring step simultaneously.
13. network safety protection method as claimed in claim 12 is characterized in that, described monitoring step further comprises:
BAS Broadband Access Server is according to the message of security strategy supervisory user;
When satisfying trigger condition, corresponding message is duplicated to Security Policy Server as monitor message.
14. network safety protection method as claimed in claim 13 is characterized in that, described treatment step further comprises:
Certificate server is provided with the security attribute value according to the fail safe judged result of Security Policy Server, and the current safety property value is sent to BAS Broadband Access Server;
BAS Broadband Access Server is provided with the user security property value and refuses non-secured user's access network according to the security attribute value that receives;
Non-secured user forces to visit portal server;
Portal server provides the virus killing instrument with virus killing for the non-secured user who poisons, and warns it to forbid carrying out network attack to the non-secured user who carries out network attack;
The user who kills poison was carried out security evaluation, if the security attribute that safe then notification authentication server is provided with this user is a safety;
The security attribute that certificate server is revised the user is safety and is handed down to BAS Broadband Access Server;
BAS Broadband Access Server is revised the user security attribute and is safety and forwards monitoring step to.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100429102A CN100525184C (en) | 2004-05-27 | 2004-05-27 | Network security protecting system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100429102A CN100525184C (en) | 2004-05-27 | 2004-05-27 | Network security protecting system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1705262A true CN1705262A (en) | 2005-12-07 |
| CN100525184C CN100525184C (en) | 2009-08-05 |
Family
ID=35577712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100429102A Expired - Fee Related CN100525184C (en) | 2004-05-27 | 2004-05-27 | Network security protecting system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100525184C (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100364280C (en) * | 2005-12-15 | 2008-01-23 | 杭州华三通信技术有限公司 | Method for sending safety strategy |
| CN101483522B (en) * | 2008-01-09 | 2012-04-04 | 华为技术有限公司 | Method, system and device for controlling trustable network access |
| CN101277308B (en) * | 2008-05-23 | 2012-04-18 | 杭州华三通信技术有限公司 | Method for insulating inside and outside networks, authentication server and access switch |
| CN101764788B (en) * | 2008-12-23 | 2013-01-30 | 迈普通信技术股份有限公司 | Safe access method based on extended 802.1x authentication system |
| CN101621380B (en) * | 2008-02-29 | 2015-04-08 | 华为技术有限公司 | Method for evaluating security state of terminal, network equipment and system |
| CN105100053A (en) * | 2015-05-29 | 2015-11-25 | 北京奇虎科技有限公司 | Website security detection method, website security detection device and cloud monitoring system |
| CN105791264A (en) * | 2016-01-08 | 2016-07-20 | 国家电网公司 | Network security pre-warning method |
| CN107579948A (en) * | 2016-07-05 | 2018-01-12 | 华为技术有限公司 | A kind of management system of network security, method and device |
| CN109302382A (en) * | 2018-08-29 | 2019-02-01 | 山东超越数控电子股份有限公司 | A kind of construction method and system of polynary isomery storage service management platform |
| CN114244589A (en) * | 2021-12-07 | 2022-03-25 | 国网福建省电力有限公司 | Intelligent firewall and method based on AAA authentication and authorization information |
| CN116668557A (en) * | 2023-08-02 | 2023-08-29 | 苏州浪潮智能科技有限公司 | Data transmission method, system, electronic equipment and readable storage medium |
| CN117879974A (en) * | 2024-03-11 | 2024-04-12 | 西昌学院 | Network security protection method based on edge calculation |
-
2004
- 2004-05-27 CN CNB2004100429102A patent/CN100525184C/en not_active Expired - Fee Related
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100364280C (en) * | 2005-12-15 | 2008-01-23 | 杭州华三通信技术有限公司 | Method for sending safety strategy |
| CN101483522B (en) * | 2008-01-09 | 2012-04-04 | 华为技术有限公司 | Method, system and device for controlling trustable network access |
| CN101621380B (en) * | 2008-02-29 | 2015-04-08 | 华为技术有限公司 | Method for evaluating security state of terminal, network equipment and system |
| CN101277308B (en) * | 2008-05-23 | 2012-04-18 | 杭州华三通信技术有限公司 | Method for insulating inside and outside networks, authentication server and access switch |
| CN101764788B (en) * | 2008-12-23 | 2013-01-30 | 迈普通信技术股份有限公司 | Safe access method based on extended 802.1x authentication system |
| CN105100053A (en) * | 2015-05-29 | 2015-11-25 | 北京奇虎科技有限公司 | Website security detection method, website security detection device and cloud monitoring system |
| CN105791264A (en) * | 2016-01-08 | 2016-07-20 | 国家电网公司 | Network security pre-warning method |
| CN107579948A (en) * | 2016-07-05 | 2018-01-12 | 华为技术有限公司 | A kind of management system of network security, method and device |
| CN107579948B (en) * | 2016-07-05 | 2022-05-10 | 华为技术有限公司 | Network security management system, method and device |
| CN109302382A (en) * | 2018-08-29 | 2019-02-01 | 山东超越数控电子股份有限公司 | A kind of construction method and system of polynary isomery storage service management platform |
| CN114244589A (en) * | 2021-12-07 | 2022-03-25 | 国网福建省电力有限公司 | Intelligent firewall and method based on AAA authentication and authorization information |
| CN116668557A (en) * | 2023-08-02 | 2023-08-29 | 苏州浪潮智能科技有限公司 | Data transmission method, system, electronic equipment and readable storage medium |
| CN116668557B (en) * | 2023-08-02 | 2023-11-14 | 苏州浪潮智能科技有限公司 | Data transmission method, system, electronic equipment and readable storage medium |
| CN117879974A (en) * | 2024-03-11 | 2024-04-12 | 西昌学院 | Network security protection method based on edge calculation |
| CN117879974B (en) * | 2024-03-11 | 2024-05-14 | 西昌学院 | Network security protection method based on edge calculation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100525184C (en) | 2009-08-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9503477B2 (en) | Network policy assignment based on user reputation score | |
| CN100338930C (en) | Method and transaction interface for secure data exchange between distinguishable networks | |
| CN1152333C (en) | Method for realizing portal authentication based on protocols of authentication, charging and authorization | |
| KR101669694B1 (en) | Health-based access to network resources | |
| CN103905416B (en) | System and method for providing from network security to mobile equipment | |
| US9436820B1 (en) | Controlling access to resources in a network | |
| JP5058088B2 (en) | Service component disturbance prevention method and service component disturbance control apparatus | |
| JP4546998B2 (en) | Communication control system | |
| US8359464B2 (en) | Quarantine method and system | |
| JP4911018B2 (en) | Filtering apparatus, filtering method, and program causing computer to execute the method | |
| US20060129810A1 (en) | Method and apparatus for evaluating security of subscriber network | |
| JP2006252256A (en) | Network management system, method and program | |
| JP2015039214A (en) | Method and system for protecting against id theft or replication abuse | |
| CN113536258A (en) | Terminal access control method and device, storage medium and electronic equipment | |
| CN107342980B (en) | Credibility verification method and system for public link node workload certification | |
| CN1705262A (en) | Network security protecting system and method | |
| CN1753364A (en) | Method of controlling network access and its system | |
| CN1885788A (en) | Network safety protection method and system | |
| CN1859736A (en) | Method and system for providing safety service to mobile terminal | |
| CN110493195A (en) | A kind of network access control method and system | |
| US8726384B2 (en) | Apparatus, and system for determining and cautioning users of internet connected clients of potentially malicious software and method for operating such | |
| KR100760534B1 (en) | System and Method for Verification of Contents | |
| CN102740296A (en) | Trusted network access method and system for mobile terminal | |
| CN116938590A (en) | Cloud security management method and system based on virtualization technology | |
| KR101768942B1 (en) | System and method for secure authentication to user access |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090805 Termination date: 20150527 |
|
| EXPY | Termination of patent right or utility model |